Change VMware vCenter Appliance’s Default Password, or Else…

For those running VMware’s vCenter appliance (if not, it should be something to consider in vSphere 6), you may run into an issue where you cannot authenticate using the default appliance credentials.
Username: root
Password: vmware

You have 90 days to change this password or else you will see this error when trying to login to the appliance:

As a note: Once you have changed the default password, you can choose to have your new password NOT expire. This is done in the appliance web portal- https://applianceIP:5480

For those that are facing this issue, there is a solution! (Besides blowing the VM away and starting from scratch). This can be done using some commands, but needs to be done from a “LIVE CD”. A Live CD is a bootable ISO (or actual CD) you can download and boot into. This allows you to run a temporary environment that has access to the actual installed OS.  Any Linux Live CD will do, but I prefer Kali Linux or Ubuntu. You will need “console” access to your vCenter appliance, which you can access from the vSphere Web Client. Just connect to the actual host where your Appliance VM resides.

– Mount the Live CD to the VCenter Appliance VM and boot into the ISO/CD.

– Next, bring up a Terminal or Shell and enable root user:

su -

– Then we need to mount the vCenter Virtual Appliance’s root parition

mount /dev/sda3 /mnt

– We need to /mnt/etc/shadow file to disable the account lock. Use the Vi editor to make the edit.

vi /mnt/etc/shadow

*When the root password is expired there should be an x in front of the password string.

– Delete the “x” character in front of the password string. (The password string is the text after “root:“. Then save the changes in Vi editor (ZZ is the Vi Editor SAVE command, then quit with :q command).

– Unmount the LiveCD and reboot the vCenter Appliance VM. Now you should be able to login with the default/last root password you had set.

– If you don’t want the password to expire, you can login to the appliance (now that the password has been enabled), click on the “Admin” tab, and check the box to NOT expire the password