Rusty vSphere skills: VCSA root password expired...Part 1
Updated: Jan 23, 2021
...stay with me here...I know I have many years of managing VMware infrastructure as part of my technical career. Guess what changed in 2016? I started using vSphere less and less, which shows sometimes. I figured this series of posts might prove helpful for folks that may find themselves in a similar situation.
First off, I run vSphere 7 at home in my lab. My home lab consists of 4 Intel NUC's (NUC10i7FNH) acting as ESXi hosts, a Dell Precision T5600 as a 5th ESXi host, a bunch of Ubiquiti networking gear that I can detail out inside another blog post, a Dell OptiPlex 980 as my WSUS server (hold back your cringes, I can hear them), and 2 OptiPlex 780's acting as domain controllers. I also have 4 or 5 Raspberry Pis doing various Raspberry Pi tasks, but I'll save those for another post.
Before I decided to make my "on-premises" lab a bit lighter (and easier on the pocket book with a smaller utility bill), I used to run actual 1U rack servers at home (I had 2 PowerEdge C1100's and 2 PowerEdge R610's for a number of years, only to swap those out for 4 Dell Precision T5500's). The T5600 came about at a time when I needed a bit more capacity and since it's newer, I've just kept it in the mix.
I often say I need a life, but honestly having a playground available at home helps me out significantly in my role. ESPECIALLY as I talk to enterprise customers about what a full blown digital transformation looks like when Azure becomes the cloud choice.
Ok back to vSphere 7.0...
I logged in and received notice I had an update to apply to my VCSA. Sweet - I always love being alerted about an update, which means I'm way ok leaving someone or something else else with the troublesome task of tracking updates. Most likely, it's some sort of automation vs. an actual human.
In order to update the VCSA, you have to log into the web interface. The web interface can be accessed either by going to https://<vCenter Server Appliance IP address>:5480 or https://<vCenter Server Appliance FQDN>:5480. I tried to access my VCSA from the web and received an error about password expiration. I had forgotten that when you deploy the vCenter Server Appliance, you set the initial password of the root user, which then expires after 90 days by default. DOH! Thankfully you CAN change the root password and the password expiration settings from the vCenter Server Appliance Management Interface, but you first have to change the root password from the command line...and that requires turning on SSH.
What a predicament! I first went to my VCSA within vSphere and launched the web console:
Then I selected <F2> Customize System:
I entered the old password (it will work in this instance) and pressed Enter:
Then I moved the cursor down to "Troubleshooting Mode Options" and pressed Enter:
I hit Enter for both "Enable BASH Shell" and "Enable SSH."
In order to make sure both are enabled, the right hand side indicates the current status of both settings. Once both are "Enabled", press Esc:
You will then find yourself back at the System Customization page. Hit Esc again.
You will then be brought back to the console start screen. SSH is now enabled. Tune into the next blog post where I detail out how to change your password from the command line!