Categories
Virtualization Vmware

How to unlock and reset SSO password in vSphere 6.x (2146224)

So I have a bit of a embarrassing confession to make. I forgot to record the Administrator password for my VCSA Appliance. Total disclosure, I was freaking out and I really thought I was going to have to start from scratch. I did some research I was surprised to find out that you can actually reset the Administrator account on a VCSA appliance as long as you have the root password for the appliance and you have access to the VCSA Console. Below are a list of the links to the KB Articles from VMware.

Resetting SSO Administrator Password
https://kb.vmware.com/s/article/2034608
Resetting SSO Administrator – VCSA 6.x

Below is the PUTTY session as an example.

[email protected]:~$ ssh [email protected]
ssh: Could not resolve hostname devvcsa01.xxx.xxxxx: Name or service not known
[email protected]:~$ ssh [email protected]
The authenticity of host ‘172.26.44.18 (172.26.44.18)’ can’t be established.
ECDSA key fingerprint is SHA256:7E4K1HVpg2ExWz+vEkkRdJ0M5jUYftb3HZw6OSDKFEICSOEPWWKYERe4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.26.44.18’ (ECDSA) to the list of known hosts.

VMware vCenter Server Appliance 6.5.0.21000

Type: vCenter Server with an embedded Platform Services Controller

Password:
Connected to service

    * List APIs: “help api list”
    * List Plugins: “help pi list”
    * Launch BASH: “shell”

Command> shell.set –enabled true
Command> shell
Shell access is granted to root
[email protected] [ ~ ]# /usr/lib/vmware-vmdir/bin/vdcadmintool

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

3
  Please enter account UPN : [email protected]
New password is –
/a+p|8M?vRl`%”p4*+oZ

==================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
6. Get vmdir state
7. Get vmdir log level and mask
==================

Once you go through all these steps you are now able to log into VCSA with that temporary password that you are given and you are also able to reset it as well.

I hope you find this post helpful, and if you do please share it out to your friends.

Leave a Reply