标签归档:vcenter

VCENTER LICENSE许可服务问题处理办法

有一套VMWARE VSAN系统停机多日,现将服务器开机,通过登录vcenter所在的esxi主机将vcenter开机,vcenter虚拟机位于vsan存储中,通过https://vcenter的IP打开vcenter管理界面,进入vcenter后发现所有主机都处于断开的状态,怀疑为之前未安装vcenter许可,试用的60天许可过期导致。

打开系统管理——许可证,添加许可证,提示Unable to connect to the License Service. Verify that the service is running,远程桌面登录到vcenter虚拟机上,在命令行下使用“c:\program files\vmware\vcenter server\bin\service-control” –status vmware-license,报错,使用 “c:\program files\vmware\vcenter server\bin\service-control” –stop vmware-license可以停止vmware-license服务,但是使用 “c:\program files\vmware\vcenter server\bin\service-control” –start vmware-license报错,不能正常启动该服务,将系统中vmware相关的服务都重启,问题依旧,重新安装vcenter后,添加vcenter许可证,再新建数据中心,新建群集,重新添加三台esxi主机后,整个vcenter恢复以前的正常状态。

补充1、 可以通过“c:\program files\vmware\vcenter server\bin\service-control” — list查看相关的服务。

补充2、vcenter虚拟机放在vsan存储中,并不是在某台esxi主机存储上,重装vcenter程序并且重新新建数据中心、新建群集、添加esxi主机都不影响vsan存储中的数据。

补充3、vcenter虚拟机的操作系统管理员administrator密码和vcenter的administrator@vsphere.local的密码并不相关,修改操作系统administrator密码不影响vcenter的administrator@vsphere.local账号正常登录使用。

vSphere 6.5密码重置(vCenter, SSO and ESXi)

Everyone knows the situation where you can’t log into a system because you have forgotten the password. The following article explains how to reset the password and regain access to VMware vSphere 6.5 core components including vCenter, SSO and ESXi Hosts.

  • Reset vCenter Server Appliance 6.5 root password
  • Reset SSO Administrator Password (vCenter Server Appliance 6.5)
  • Reset ESXi root password with Host Profiles
  • Gain Administrative ESXi access with an Active Directory
  • Reset ESXi root password (Linux Live CD)

Reset vCenter Server Appliance 6.5 root password

The following method provides steps to recover the vCenter Server Appliance (vCSA) root password. The process is slightly different compared to previous versions as the OS has been changed to PhotonOS. The method is officially supported by VMware and documented in KB2147144.

  1. Take a snapshot of the vCSA to be able to rollback in case of any problems during password recovery.
  2. Connect to the ESXi Host that runs the vCSA and open a remote console.
  3. Reboot the vCSA
  4. Press e immediately after the system starts (When the PhotonOS screen shows up)
  5. Append rw init=/bin/bash to the line starting with linux

  6. Press F10 to boot
  7. In the command prompt, enter passwd and enter a new root password twice
  8. Enter umount / to unmount the root filesystem
  9. Reboot the vCSA by running the command reboot -f
  10. Verify that you can log in with the new root password and delete the snapshot created in step 1.

 

Reset SSO Administrator Password (vCenter Server Appliance 6.5)

The following method provides steps to recover the SSO administrator password on a vCenter Server Appliance (vCSA). The method is officially supported by VMware and documented in KB2146224.

  1. Log in to the vCSA using SSH as root
  2. Enter shell to start the bash shell
  3. Identify the SSO Domain Name (Default is vsphere.local)
    # /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost

  4. Start the vdcadmintool

    # /usr/lib/vmware-vmdir/bin/vdcadmintool
  5. Press 3 (Reset account password)
  6. The tool asks for the Account UPN to reset. Enter Administrator@<DOMAIN> (identified in Step 3)
  7. The tool generates and displays a new password.
  8. Use the password to log in with the vSphere Web Client and change the password.

 

Reset ESXi root password with Host Profiles

According to VMware KB1317898, “reinstalling the ESXi host is the only supported way to reset a password on ESXi”. However, there is a loophole as you can set the root password with Host Profiles under certain conditions. This method has two requirements:

  • The ESXi hosts needs to be managed by a vCenter
  • vSphere Enterprise Plus License is required to use Host Profiles

The vCenter uses a vpxuser to communicate with ESXi hosts, so it does not depend on the root account. As long as the ESXi host is managed by the vCenter, you can change the configuration without knowing the ESXi root password. This method works with all ESXi 5.x and 6.x versions.

  1. Create a Host Profile with the ESXi you want to reset the root password as reference Host
    Web Client > Right-Click the ESXi Host > Host Profiles > Extract Host Profile…
  2. Navigate to the Host Profile and select Actions > Edit Settings…
  3. Navigate to the root User Configuration
    Security and Services > Security Settings > Security > User Configuration > root
  4. Set the Password configuration to Fixed password configuration and enter a new password.
  5. Click Finish to close the profile configuration
  6. Right-Click the Host Profile and select Attach/Detach Hosts and Clusters…
  7. Highlight the ESXi host, Click Attach > and finish the configuration screen

  8. Put the ESXi host into maintenance mode
  9. Right-Click the ESXi host and select Host Profiles > Remediate…
  10. Finish the remediation wizard. The remediation should take less than a minute, no reboot is required.
  11. Use the new root password to login

 

Gain Administrative ESXi access with an Active Directory

When you don’t have the Enterprise Plus license, you can join an Active Directory to regain administrative access to the ESXi host. This method circumvents the limitation that root PW recovery is not supported.

  1. Login to the vCenter with the vSphere Web Client
  2. Navigate to ESXi > Configure > System > Authentication Services
  3. Click Join Domain…
  4. Enter the domain name and user credentials
  5. Click OK
  6. In the ESXi configuration, open System > Advanced System Settings
  7. Enter Config.HostAgent.plugins.hostsvc.esxAdminsGroup in the search field
  8. Change the settings to match the Administrator group that you want to use in the Active Directory. You can either create a new group in your direcotry or enter an existing group

 

Reset ESXi root password (Linux Live CD)

When you need to recover root access and the methods above are not applicable, the last method explains how to reset the root password with a Linux Live CD. Please be aware that this method is not supported by VMware as KB1317898 states: “reinstalling the ESXi host is the only supported way to reset a password on ESXi”. You can use any current Linux Live CD or installer CD that has a recovery mode. In this example I’m using Knoppix.

  1. Shutdown the ESXi host
  2. Boot the system with the Linux Live CD
  3. Make sure that you can read the gpt partition table, for example with parted /dev/sda print
  4. We are looking for the first fat16 partition with a size of 262MB. IT should be number 5.
  5. Mount the partition
    # mount /dev/sda5 /media/sda5
  6. Verify that there is a current state.tgz in the directory.
  7. # ls -l /media/sda5/state.tgz

  8. The state.tgz file contains the local.tgz file which contains the configuration. Extract both to a temporary directory.
    # cd /tmp/
    # cp /media/sda5/state.tgz /tmp/state.tgz
    # tar -xf state.tgz
    # tar -xf local.tgz
  9. Edit the shadow file and remove the root password
    # vi etc/shadow

    Remove the hashed password until the second colon:

    You want a file that looks like this:

  10. Save the file and exit the editor (<ESC> :wq <ENTER>)
  11. Recreate state.tgz with the changed shadow file
    # tar -czf local.tgz etc
    # tar -czf state.tgz local.tgz
  12. Move state.tgz back to ESXi partition and make sure to overwrite the old file
    # mv state.tgz /media/sda5/
  13. Reboot to ESXi. You should be able to access the DCUI or log in as root without a password.

重置windows版本vcenter6.5管理员密码的方法

现有一个windows版本的vcenter6.5管理员密码丢失,我们可以使用vmware的工具vdcadmintool,在命令行进入到vdcadmintool所在的目录,然后执行下vdcadmintool,出现下列菜单:

输入3,重置账号密码,然后输入之前配置的管理员账号,此处为Administrator@vsphere.local,会自动生成新密码,打开https://vcenter-ip/vsphere-client/,即可使用新密码登录。