Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge
Find out how HCI cuts down virtualization costs and complexity

What to do if your vCenter server password expires

  • May 21, 2025
  • 10 min read
Vladan Seget
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at vladan.fr. He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at vladan.fr. He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.

If your VMware vCenter Server Root Password has expired and you can’t log in, don’t panic. Our latest step-by-step guide shows how to reset the password – even if you don’t know the old one – and how to configure expiration settings to avoid it next time.

So, you’re running your VMware infrastructure within your organization and one day you come to the office and you cannot login. Your root password for VMware vCenter Server Appliance (VCSA) has expired. What do you do? Which steps you need to proceed to change this password and also, we’ll explain how to do a reset of this password in case you don’t know it, for example you managing a virtual environment where the password is unknown. We’ll also explain why it’s important to use complex passwords.

Note that resetting the root password of the vCenter Server Appliance is a relatively easy task, however, it requires restarting the vCenter Server virtual machine (VM). Let’s dive into it.

By default, the root password of the VCSA expires 90 days after the default deployment and installation of VCSA. So, if you don’t configure it right away when you do the deployment, 90 days later you’ll find that you have a problem. Usually when that happens, you’ll find an option to change the root password on the login page. You’ll have to provide the old root password, and then create a new one.

How to change password expiration settings

In the vCenter Server Management Interface, click Administration.

In the Password section, click Edit.

Configure the password expiration settings for the root user.

vCenter server root password expiration settings

vCenter server root password expiration settings

You have the possibility to enter a new value for the password validity days and email for expiration warning.

  • Root password validity (days) – The number of days after which the password expires. The maximum is 9999 days.
  • Email for expiration warning – The email address to which vCenter Server sends a warning message before the expiration date.

If you want to change the Password

Click the Change and then enter the current password, then create a new password.

wp-image-31357

 

Enter the current password and the new password, then click Save.

And that’s it. You don’t have the possibility to change the complexity for password requirements. At least not from the UI.

What if you can’t access Virtual Machine Management Interface (VAMI)?

If that’s the case, and you can’t login into the VAMI, then change the password, you can use vSphere client and use the Single Sign-ON administrator password.

Go to the Administration section and then go to Single Sign-ON and then Users and Groups.

Change the root password from within vSphere web client

Change the root password from within vSphere web client

Well, and that’s it.

How you should manage your vCenter passwords on regular basis?

You should review and update passwords to comply with security policies.

  • Good practice is to use password manager to keep track of your passwords in a secure environment (not in digital txt format stored somewhere in the admin’s desktop.
  • You could set up an outlook reminder which will prompt you to go and update your password avoiding you to be locked out.

I’m locked out, how do I reset the root password for vCSA?

Well, if that happens, you can reset the root password via “single user mode”. How do you do that?

You’ll need to reboot the vCenter Server Appliance and access the console. During the boot process, press the “e” key when you see the GRUB menu. Add rw init=/bin/bash to the end of the kernel line.

Reset root password of your VCSA

Reset root password of your VCSA

Press F10 to continue booting.

Type this:

mount -o remount,rw /

Press Enter.

In the Command prompt, enter the command passwd and provide a new root password (twice for confirmation):

passwd

Unmount the filesystem by running this command (yes, the unmount command is umount  –  it’s not a spelling error):

umount / 

Reboot the vCenter Server Appliance by running this command:

reboot -f

Confirm that you can access the vCenter Server Appliance using the new root password.

Note that this procedure is applicable for vCenter server 8.0U2 and higher. For lower vCenter server versions, such as 7.x, please head to the VMware/Broadcom KB here.

Why using complex passwords?

Have you ever wondered why the complexity of passwords matter? Use of a complex password helps to increase the time and resources required to compromise the password.

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determine how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised.

You should at least set this:

From the vSphere Client, go to Administration > Single Sign On > Configuration > Local Accounts > Password Policy.

View the value of the “Character requirements” setting.

Character requirements: At least 1 lowercase characters

If the password policy is not configured with “Character requirements” policy requiring “1” or more lowercase characters you should activate it.

While you are there: Administration > Single Sign On > Configuration > Local Accounts > Password Policy.

Click “Edit“.

 

Edit password policies for local accounts via vSphere Web Client

Edit password policies for local accounts via vSphere Web Client

Set “lowercase characters” to at least “1” and click “Save“.

Final Words

When it comes to managing several client’s virtual infrastructures, you’ll have to be organized. Remember that you should keep your passwords secure and up-to-date to avoid issues like this in the future.

By following the steps above, you can quickly get out of troubles and resolve your problems and get back to manage your vCenter environment.

While you can set your vCenter server password to Never Expire, you might follow your company security policy. If that password is a really strong password, you might consider disabling password expiration altogether.

Related articles
3 useful tricks with VMware vCenter Server Appliance
Advanced Cross vCenter Server vMotion with different SSO domains now enhanced starting vSphere 7.0 U3c
Tags
Found Vladan’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!