How to Reset the ESXi Root Password

Save to My DOJO

How to Reset the ESXi Root Password

Forgetting passwords is something that unfortunately happens to everyone, and resetting the ESXi root password requires a bit of attention from your side. And that’s why password managers exist. No, it’s not ok to write them down on yellow sticky notes stuck to your monitor unless you want to give your security guys a heart attack. I guess, given this post’s title, you know where I’m going with this if you forgot your ESXi root password.

It’s 10 in the evening. You get a call and start troubleshooting right away. You figure that a management services restart will fix the issue. Your host is connected to a remote KVM switch, so you press F2 and type in the password. No dice. Maybe, it’s a typo maybe not. You try again, and again and end up locking yourself out because of a forgotten root password. You did save the ESXi password but along the way, you changed it and forgot to update it in your password manager. According to VMware, the only supported fix is to re-install ESXi unless you’re still running ESX which is highly unlikely.

In pre-ESXi era, the hypervisor had a service console that enabled you to boot in single-user mode. This allowed you to change the password from bash. Incidentally, this method can still be used nowadays to change the root password of a vCenter Server appliance. No such thing for ESXi.

In today’s post, I’ll show you how you can use a Live Linux CD/DVD, to change the root password on your ESXi host. VMware does not support this method citing complexity, but I don’t buy this – there is nothing really complex about it. ESXi saves the root password encrypted in /etc/shadow as is standard with Linux.

An invalid password typed in at the console

An invalid password typed in at the console

How it all works

First off, SSH to your host and have a look at /etc/shadow. You should see something like this.

ESXi password

This is from a test ESXi host I use, so be my guest and try to reverse hash the password. Good luck with that. The string boxed in red is what we’re after. Deleting it will reset the password to null. Of course, if you can’t root to your host, there’s no way you can do this, hence why we use a live CD. Booting off a Linux Live CD/DVD allows us to access and change the file. The trick is knowing which file to change. Changing the one that’s accessible when SSH’ed to the host is of no use since the changes are overwritten once you boot up the host.

As you probably know, ESXi uses several disk partitions. One, in particular, is called bootbank. This partition contains the hypervisor core files and the host’s configuration which is what ends up being loaded into memory. The partition, by default, is called /dev/sda5.

The /etc/shadow file we’re after is found in a compressed archive called state.tgz which is found under /dev/sda5. So, here’s what we need to do.

    • Download a Live Linux CD/DVD. Take your pick from this list. I chose the Gparted LiveCD one.
    • Burn a USB or CD/DVD with the Live CD/DVD and boot your host off it.
    • Mount /dev/sda5 and copy state.tgz to a temp folder.
    • Uncompress state.tgz and edit the shadow file.
    • Recompress the archive and overwrite state.tgz with it
    • Unmount and reboot the host.

How to reset ESXi root password

The following procedure documents how one would go about resetting the password for root on ESXi 6.5 host. This should work on earlier versions of ESXi though I only tested it on 6.x. It also makes no difference whatsoever if the host is physical or nested.

It is of utmost importance to note that you will not be able to ‘deceive’ ESXi’s security and change the node’s root password without powering it off. Meaning you need to evacuate the VMs to other hosts in the cluster or shut them down to place the host in maintenance mode.

For this post, in order to reset the ESXi root password, I’m using a nested host for convenience’s sake alone. And, yes, I carried out this same procedure a number of times on physical ESXi hosts. Note also, that the host must be powered down for this to work so unless migrated, all hosted VMs will obviously stop working.

Step 1 – Insert the bootable Live CD, make sure your server can boot off CD/DVD or USB and power it up. If you’re using the Gparted LiveCD, just follow the on-screen instructions as it is loading.

Booting off the GParted LiveCD

Booting off the GParted LiveCD

ESXi on a USB deviceStep 2 – Locate the 2 partitions sized 250MB. As mentioned, /dev/sda5 is what we’re after assuming you installed ESXi on the first available disk. This may differ if, for instance, you installed ESXi on a USB device.


GParted listing the ESXi partitions found on the primary disk. Your mileage may vary according to the size of the boot drive and the medium (SD, USB, drive…).






System boot

Used to boot the OS.




Persistent storage of VMware support bundles. Created if media is larger than 8.5GB.




VMFS datastore

Any remaining unallocated space is used to create a local datastore. Created if media is larger than 8.5GB.

Remaining space.



Bootbank (bootbank 0)

Store the current ESXi image.



Altbootbank (bootbank 1)

Stores the previous ESXi image after an upgrade. Used for rollback operations.



vmkDiagnostic (small core-dump)

Capture the output of a purple diagnostic screen in case of ESXi crash.



Store (locker)

Storage of ISOs for VMware tools.



2nd diagnostic partition (large core-dump)

Additional space for coredumps to avoid logs truncation. Created if media is larger than 3.4GB.


vSphere 6.x partitions layout.”

Note that the partition layout changed dramatically in vSphere 7 compared to vSphere 6.x. It is now consolidated in fewer partitions leveraging dynamic sizing and VMFS-L.

vSphere 6.x vs vSphere 7 partitions layout

vSphere 6.x vs vSphere 7 partitions layout

Step 3 – Open a terminal window and run the following commands in the exact order as listed.

sudo su

mkdir /boot /temp

mount /dev/sda5 /boot

cd /boot

cp state.tgz /temp

cd /temp

tar -xf state.tgz

tar -xf local.tgz

rm *.tgz

cd etc

terminal window

The first batch of commands that need to be run to get to the shadow password file

We’re going to use vi to edit the shadow password file. Just move to the line starting with the root and delete the string between the first 2 colons. Use the [Delete] key. When done press [:] and type wq followed by [Enter].

use vi to edit the shadow password file

Delete the encrypted root password to reset it to null i.e. the root account will not have a set password

Continue by running the following batch of commands.

cd ..

tar -cf local.tgz etc/

tar -cf state.tgz local.tgz

mv state.tgz /boot

umount /boot


Step 4 – Once the ESXi host is back online, try logging in as root either from the DCUI (console) or via SSH using putty or similar. You should be able to log in without keying in a password although you will be reminded to set one which is what you should do.

How do I recover my root password?

Here’s a video demonstrating how to carry out the password recovery procedure from start to finish and reset the root password.



There isn’t really much more to add other than to urge you to get into a habit of saving your passwords using a reliable password manager. While unsupported by VMware, the procedure of resetting a default ESXi root password outlined today works every time, at least on ESXi 6.x but it should also work with older releases. I have not come across any side-effects when using this hack for ESXi root recovery, understandably so, considering we’re simply zeroing out a hash value from a password file. Ever lost your password and was frozen out of ESXi? What did you do? Let me know in the comments below. And if you need any help about how to reset ESXi root password, I’m happy to help out.

Altaro VM Backup
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Frequently Asked Questions

There is no default root password in ESXi, you set it during the installation sequence. Make sure the keyboard mapping is configured correctly, especially if you go through an out-of-band management card.
The ESXi root password can be changed in several different ways such as using the DCUI management console, the shell with passwd, using host profiles, AD integration.
From the console, the root password can be changed in the DCUI using the “Configure Password” choice or in the shell using the “passwd root” command.
Reinstallation and Host Profiles are the only 2 ways to recover a root password that are supported by VMware. You can also do it by booting on a live tool such as GParted and edit the shadow file.

63 thoughts on "How to Reset the ESXi Root Password"

  • Evan says:

    Really good walk-through. In the past i have been able to reset a password using Host Profiles. Security and Services> Security Settings> Security> User COnfiguration> root> set the password to “Fixed password” and type it in

    • Sławek says:

      Yes, but in order to do this, You need the highest possible Vmware licencje Enterprise plus.

      • MeyeAarD says:

        If you’re able to get into vCenter then you can quickly change the root password via the customer VIB and accompanying PowerCLI script I had to create for just such a purpose.

        In my case I didn’t even have vCenter access and had to do a the standard Linux password recovery procedure (boot loader init=/bin/sh override…), once I had root on the VCSA, I was able to use the console command to change PW on the [email protected] account and finally from there manage the hosts. (I was on a VCSA 5.5, they may have locked down the bootloader on the newer VCSA releases so this may not be an option)

        If you’re concerned with running my customer VIB which does include a script, I include all the detail needed to build your own in the GitLab repository as well.

        If you’re on vSphere 6.0 or greater I *think* there may be a PowerCLI command added that will change the root password through the vCenter management API vs directly connecting to the ESXi hosts. I’ve not used it and so far haven’t had the need to do so.

    • Charles says:

      Will this work without vcenter?

  • MeyeAarD says:

    If your host is managed by a vCenter, you can recovery root using this custom VIB method.

  • HH says:

    Awesome workaround and lifesaver! Helped me recover a sandbox ESXi which would have otherwise had to be reinstalled losing all our VMs..

  • Andre Magri says:

    Worked perfectly on 6.7, thanks!

  • Claudemir says:

    Great! Excelente artigo!

  • leon zak says:

    Worked great. Very clear.
    Thank you.

  • Slavek says:

    Nice works, you saved me a lot of time with reinstalling ESXi. Thanks!

  • Anthony says:

    Very excited when I saw that these steps worked. Thank you so much! You’ve brought hope to the hopeless.

  • jy says:

    worked great (saved my day and more)

  • Sławek says:

    Hi Jason. I have done this procedure nice and smooth from beginning to end, but after restart there is still prompt for root password. I’ve done it for ESXi 6.0.0. I thought that maybe password after restart was revert to original, but after another restart I see that in shadow file there is no password for root. So maybe there is another place where I must remove it?

  • Agritis says:

    Worked for me on esxi 6.5 🙂

    Just to note – I did this trick for both /dev/sda5 and /dev/sda6 because only with sda5 was not enough – password was still in place after reboot

  • poi says:

    do not forget about the partition /dev/sdd6 , it seems it is backup/mirror partition !

  • Jester says:

    Thanks! is this gonna work for esxi 6.7?

  • John H. says:

    I was able to do this from within a BART PE disc (maybe I should have used a Linux Live CD instead). Used Notepad to edit the file, then used 7zip to tar gzip it back. Placed the file back into it’s original location, but after starting up the host, saw it unregistered my VM and lost the custom network settings.

    Just wanted to see if anyone else had that issue, or to put that out there, as a caveat for doing this. It’s no biggie, I just had to register the VM and recreate my network settings.

    It could also be some glitch or something I did that could have caused that issue. But, I did not do anything else but attempted multiple failed logins, and forced shutdown with power button.

    Other than that. It worked great, regained access to my esxi host. Appreciate the information!

  • Salvador Otanez says:

    Just did it in ESXi 6.7.0 and works, really easy, thanks a lot!!

  • Colin Thorne says:

    Thank you for this walk through. I’ve taken over as IT Manager for a small company after they sacked the previous guy. No passwords for anything and a nightmare seeing how everything is built.

    ESXi 6.5 running 3 VM Servers, 1 of which crashed and no access to it or the VMware.

    This walk through was invaluable and very much appreciated. Reset password, login, powered all servers up – day saved.

    Thanks for sharing your experience.

  • Michael says:

    Hey Ryan, thank you so much for this post. You’ve helped me out a lot in getting access to a VMWare host that was taken hostage by a scorned IT guy.

    One thing I’d like to add is that it may not always be partition 5 on the device that is being used at boot by VMWare. In my case, the boot drive was a flash drive, and editing the state.tgz on sdd5 did not reset the root password for me. However, once I repeated the steps on sdd6, I was able to get in to the host. It seems like whichever partition among the two 250MB ones has the least amount of free space, is the one you want to edit.

  • Rafael says:

    Save my day. Thankyou!

  • Steve turnbull says:

    Great article Ryan helped me to reset the password on my own esx host that I built a couple months ago on 6.0 and couldn’t remember the password doh!!. Worked fine just changed it on sda5.

  • Simon says:

    Worked great, it was sdf5 for me. Thanks heaps!

  • Ariff Shariff says:

    I am able to remove the password but when I tried to change the password after reboot it is not accepting any passwords irrespective of how complex the password it is. giving me complexity requirements error

  • Yoram says:

    Saved my day!

  • Chris says:

    Worked like a charm on VMWare ESXi 6.5 U1, thank U very much!

  • Fabiano says:

    After resetting the password it is giving me a hard time to set a new one and is not keeping the network settings.
    Any suggestions?
    thank you

  • Scott says:

    Did the exact steps but note you need to run the Terminal with Root Privileges. Otherwise, no bueno.

  • Joe Schmuck says:

    This website allowed me to remove my ESXi 6.7 password that I had forgotten. The initial instructions should be updated to edit both sdx5 and sdx6 partitions as they appear to be mirrors so you do need to modify both. Watch the video as well before you do this procedure, it helps explain the editing of the shadow file.

Leave a comment

Your email address will not be published.