How to reset the ESXi root password?

When I check my blog, I can see the last post from February 2022. That’s a long time ago already! Time to write something, isn’t it?

Back in the days when I was working as a Systems Engineer for an IT service provider, it was much easier to write blog posts. Now as a “customer” I don’t find the time or the ideas, or maybe I’m forgetting blog post ideas, not sure why. At least that’s my thought. I’m always struggling if I should blog about this or that, is it worth writing about it, or are there gazillions of blog posts writing about the exact same thing?

Today’s blog post is exactly such a topic, I assume, that has been written about already some times, at least. But it was a problem we had during an ongoing vSphere upgrade project just recently. And I was able to help our operations team to move on with their work. So why not write a blog post about it?

What happened?

As mentioned, we’re currently working on a global vSphere upgrade project. We’ve got many ESXi hosts and clusters all around the world. So far nothing special. And even when there are easy-to-understand guides available internally (I wrote these myself and triple verified), maybe one or the other point on a checklist is forgotten, or you just didn’t think of it in the heat of the moment. One point is “Check the current credentials if they are working”. Thanks to the following troubleshooting guidance, there was no show stopper and only a few minutes of delay for the upgrade of one ESXi host.

The root password for one of the ESXi hosts didn’t work. No chance to log in through the Web UI nor SSH. So what to do then?

There are only two officially supported ways to reset the root password of an ESXi host. You can reinstall the host from scratch or use host profiles. Well, reinstallation would be an option as we’re upgrading vSphere anyways. But this would require some additional time because of the ESXi configuration. Using a host profile can be done, but needs an Enterprise Plus license.

Because we have some spare licenses left for Enterprise Plus (not yet needed for hosts, but already planned to use), we decided to go the way with the host profile. And it wasn’t rocket science!

How can you do it?

The actual troubleshooting chapter is divided into two parts. The first part is changing the current license of an ESXi host, the second part is all about the host profile.

If you don’t have an Enterprise Plus license, then you have to plan reinstalling the ESXi server from scratch.

Change the host license

  1. Log in to the vCenter WebClient (https://yourvcenter.domain.com/ui)
  2. In vCenter, go to Home and then choose Administration and then Licenses
  3. Click the Assets tab and then the HOSTS button
  4. In the Asset column, you can click the filter icon and search for the ESXi host where you want to assign a different license
  5. Select the host, then click Assign License just above the list
  6. Choose the Enterprise Plus license, and click OK
  7. The host will now have an Enterprise Plus license, and you can continue with the steps below.

Remember to switch back the license to the one that was assigned to the ESXi host before.

Extract, change, and apply the host profile

  1. Log in to the vCenter WebClient (https://yourvcenter.domain.com/ui)
  2. In vCenter, go to Home and then choose Policies and Profiles, and click Host Profiles
  3. Click → Extract Host Profile
  4. In the Extract Host Profile menu wizard → Select the host you want to update the password for, then click Next
  5. Name the Host Profile and click Next and then Finish to complete the capture of the host profile template
    • The new host profile should appear on the Host Profile Objects Field
  6. Right Click the new Host Profile and choose → Edit Host Profile
  7. In the Edit Host Profile wizard, uncheck all boxes
  8. Then using the search filter search for → root
  9. Highlight and then select the check box for → User Configuration / root
    • Make sure to only select this item when searching for root
  10. A configurable window will display the root user configuration
  11. At the Password subsection, choose → Fixed password configuration
  12. Here you have to fill in the new password and confirm it before proceeding
  13. Double-check that all other non-applicable boxes have no check marks and proceed to Finish
  14. Once the task completes, right-click the new host profile and choose → Attach/Detach Hosts and Clusters → then select the host in the wizard
  15. Right-click the host profile again, and select Remediate
  16. Remove/detach the host profile from the host
    • At this time the host password should be successfully upgraded

Please be careful. It is recommended that you do this when the host is in maintenance mode. If it is part of a cluster, great. You can move all VMs away from that host with DRS (automatically or manually). If it is a standalone host, make sure to shut down the VMs first, just in case the host reboots. During the writeup, the affected host did not reboot, but there was a checkbox in the remediation settings that could cause the host to reboot.

How to connect your 3rd party router to a Swisscom Fiber connection?

Recently, we moved our household. Yes, we did. We built a house and we just moved in recently. At the time of writing, it looks like a bomb went off. Cardboard boxes and bags everywhere, furniture not yet at the perfect place, office room not yet ready. But the new cat tree arrived and was installed quickly. Our felines already love it!

Get the internet working!

On the day of moving into the new house, one of my primary tasks was to set up the internet connection and make sure the basic networking and also the TV is working fine. It looked all good when I connected the router. It seemed to have a signal. But when I tried to browse the internet, only a Swisscom landing page was showing up, notifying me that the internet connection has to be activated. What? So that was phone call number one.

I called Swisscom, explained to them what the problem is and if they could help me. They just told me, well, it is not a Swisscom router you have there. And they were right. I’m paying for 10 Gigabit fiber internet. But until the time of moving, Swisscom did not have a router that was capable of bringing that 10 Gig speed also into the home network. So I had to buy another router. It was the Zyxel XGS-PON Fiber-Router AX7501. It is certified by Swisscom, which means that you can use this device for Swisscom fiber internet as well as for Swisscom TV.

Need to pay for support? Not with me!

The guy on the hotline really tried to help, and I appreciate it. But when we reached the root of the cause of “no internet but a Swisscom landing page”, he mentioned that he should connect me with the next level tech support, but that would cost some money. Wait, what? That would be the first time ever since I’m a Swisscom customer, that tech support will cost me money! Well, thanks to the internet, I was able to find a solution. And it was easier than expected.

The solution

Depending on the specific network expansion situation, the Swisscom network supports the following fiber-optic technologies:

  • 10 Gbit/s technology XGS-PON to ITU standard G.9807.1
  • 1 Gbit/s technology point-to-point to IEEE standard 802.3-2008, clause 58, 59

Swisscom explicitly mentions that only routers and modules certified by Swisscom can be connected to the new 10 Gbit/s technology (XGS-PON). And the Zyxel AX7501 is one of the supported routers, probably the only one available currently. But that doesn’t mean that it is just plug-and-play. You can connect everything and the router also gets a signal, but there is no internet except the Swisscom landing page.

So what should I do?

There are two settings that have to be set in the WAN connection settings of the router. Probably settings that the original Swisscom router already has set.

First, you have to set the DHCP option 60 to the value “100008,0001”. Next, you have to set the VLAN ID to VLAN ID 10. That’s it. Save the configuration, and that should already do the trick. Try to browse a website now, it should show up.

A bit of googling saves you the money for paid support, since the information is obviously publicly available. But you first have to realize that such settings are necessary.

Source of information: Connecting external routers to the network – Help | Swisscom

Happy New Year 2022

The last two years were special, but I’m not going in too deep. It gave us all some new challenges, like Zoom/WebEx/Teams meeting marathons, no face-to-face contact with customers, and some challenging home office experiences. For me personally, some things changed. My better 51% (aka my girlfriend) and I are building a house! It should be finished by the beginning of 2022. And I already declared to be the CIO of this house 🙂 We will move all of our stuff, rearrange everything, and then there’s always the address change notification that you have to do with the postal service, all your online shops, car insurance, personal insurance, etc. Sending out letters soon because still not all can be done online. I did also some learning this year, like AWS courses and some VCP preparations. Certification exams are still pending… Dang it.

I hope that your wishes come true and that you find the courage to take new steps. For 2022, I wish you and your loved ones all the best. And I hope to see you soon!

Happy New Year!

My Top 10 Posts in 2021

Another year is over, it’s 2021 and the beginning of another year. With this blog article, I’d like to present to you my Top 10 posts of 2021. Surprisingly, the Top 10 blog posts are not all from 2020. Obviously, people are still searching for solutions for problems they have with some “old” stuff like Windows Server 2012 R2, or they are looking for solutions to problems they have in their current infrastructure. I hope that my blog posts will help the people out there in the tech community solve their problems. I’ll do my best to keep on doing my work and sharing my knowledge.

10. SHARP printers – Remote administration with VNC viewer

Back in 2016 when I was working as an IT administrator in customer support, I found out that you can control a printer with the VNC viewer. I was astonished!

https://www.driftar.ch/2016/09/06/remote-administration-sharp-printers-vnc-viewer/

9. VMware vSAN cache disk failed and how to recover from it

When you break things in your homelab, then it’s most likely your fault. I will never, and I repeat, I will never blame any vendor if my lab blows up because of my fault.

https://www.driftar.ch/2018/08/18/vmware-vsan-cache-disk-failed-and-how-to-recover-from-it/

8. Veeam – Backup Copy “Block is not initialized. Failed to download disk.”

When I was working at a Veeam Platinum Partner in Switzerland, I had many customers running Veeam Backup & Replication. This is another troubleshooting blog post. I had to use some tools the first time and I was able to fix some backup copy issues.

https://www.driftar.ch/index.php/2017/06/05/veeam-backup-copy-block-not-initialized-failed-download-disk/

7. Expand your logical drive to extend a VMFS datastore

It was like open-heart surgery. There was no possibility of a backup, no safety rope. But I had to do this task because a quick solution was needed.

https://www.driftar.ch/2019/07/24/expand-your-logical-drive-to-extend-a-vmfs-datastore/

6. VMware – Clone a VM with snapshots (and consolidate it)

Who doesn’t know snapshots and their sometimes weird behavior? This was a pretty strange candidate!

https://www.driftar.ch/2018/09/03/vmware-clone-a-vm-with-snapshots-and-consolidate-it/

5. “Starting drivers, please wait” – An HPE adventure story

This was one strange issue! Back in the day when I was working at a solution provider, a customer reported an issue. His ESXi hosts have lost connectivity to a storage system. It took some time to solve, and it was a good experience.

https://www.driftar.ch/2017/07/18/starting-drivers-please-wait-an-hpe-adventure-story/

4. Setting up Visual Studio Code for WSL 2

I’ve started learning some automation stuff, like doing things with Ansible. And I had to set up a suitable solution for me to write things, play around and test stuff.

https://www.driftar.ch/2021/01/27/setting-up-visual-studio-code-for-wsl-2/

3. An easy way to quickly migrate a VMware VM to Synology VMM

In the third place of 2021, there is this post about migrating a VMware VM to Synology Virtual Machine Manager.

https://www.driftar.ch/2020/09/01/an-easy-way-to-quickly-migrate-a-vmware-vm-to-synology-vmm/

2. Backup and Restore vCenter Server Appliance

In the second place of 2021, there is this post about how to backup and restore your vCenter Server Appliance.

https://www.driftar.ch/2020/04/21/backup-and-restore-vcenter-server-appliance/

1. Microsoft Active Directory – Desktop Shortcuts with Group Policy

And the first place winner for my Top 10 blog posts in 2021 is an old one back from 2016. But obviously, people still search for solutions like this. With Active Directory Group Policies you can do so many things. One of them is also creating desktop shortcuts.

https://www.driftar.ch/index.php/2016/11/12/microsoft-active-directory-desktop-shortcuts-with-group-policy/

vExpert Applications are open – Why should you apply?

The vExpert applications for 2022 are open now. Nice! But what is this?

Many vendors have special programs for the IT folks around the world. These programs are designed for ambassadors and evangelists. You may get early access to beta versions, marketing information, they help you promote your blog posts and many other great benefits. The VMware vExpert program is VMware’s global evangelism and advocacy program.

There is no certification exam for becoming a vExpert, no course requirement. It is kind of an award or an accreditation. You have to apply for the vExpert program, and a committee will review your application.

Do I have what it takes?

Yes! The vExpert program is about “giving back”. You work in your job, you do great things, and help your users and customers. You’ve got experience in IT technology and working for some years already in that area. You may work at VMware, at a partner, or you may be a VMware customer. Giving back means sharing your knowledge. Did you fix a problem? Blog about it! Did you set up a new solution for a customer? You may speak about it at VMworld! If you’re not a writer, then there are various groups on social media, or you can find forums like the VMTN (and many other non VMware related forums). There are a lot of users, both partners, and customers, asking for help. Help them with your experience and knowledge! You may have written a book about VMware solutions, or you’re focusing on a specific VMware product. Maybe you are a public speaker or a VMUG leader. You have the knowledge, you have experience, share it!

How can I apply?

It is very easy to apply. There are two applications per year. One is starting during the summertime, and one is starting in early December. Both application windows are open for 30 days. After this period, the committee will close the applications and start their voting. This may take up to 45 days. The results for the December applications will be announced in February, the summer application will be announced somewhen in August.

If you’re already a vExpert or even a VCDX, and for sure new applicants have to apply once per year. There are also vExpert sub-programs, like Application Modernization, HCX, Cloud Management, and many others, that you can apply for if you’ve been awarded a vExpert.

The December vExpert applications are open now, and the results will be announced in February 2022. And it might be one of the most eagerly awaited emails, at least if you read about it on some blogs, or see it popping up on Twitter.

Click here to apply for vExpert 2022!

Can I get help?

Yes! VMware announced the vExpert PRO program. There are more than 100 vExpert PROs around the world that are helping you. They can help you with mentoring, tell you what you have to do, and outline the process of the applications. Just reach out to the vExpert PRO close to your area!

What benefits can I get from the vExpert program?

If you check the list on the vExpert website, you can see that there are a lot of benefits. I’m not listing every point here, but I’d like to mention at least some of them.

You will be part of a global network of more than 2000 other vExperts. They are on social media, Twitter, active on blogs and forums. There is also a Slack channel for vExperts. You’ll get a certificate signed by the VMware CEO. One of my personal favorites is the access to 365 day eval licenses for most of the VMware products, like vSphere, vSAN, etc. Throughout the year, you got the opportunity to join private webinars with VMware partners. You will be featured on the vExpert Directory. Also before VMworld, there are pre-launch briefings for bloggers, which means that you may get a sneak peek at some products or announcements. Also, as soon as VMworld will be an in-person event again, there will be vExpert parties both at VMworld US and Europe. And I tell you, they are awesome!

My personal view

I’m working for about 20 years in IT now, including my apprenticeship. I learned many things, and I’m still learning. I had the chance to gain insights into different industries during my work. When I was awarded a vExpert for the first time, I felt honored. It meant a lot to me to be one of only a few hundred to receive such an award. It showed also that my efforts are worth it, and that they have been noticed. I was working on a partner level for many years, helped my customers to build their infrastructure, helped them with troubleshooting. Now, I’m working at a customer, fighting with daily business problems, architecting data centers, migrating workloads, and designing cloud concepts.

Some people kept smiling at my vExpert status because they didn’t believe in certifications, accreditations, etc. But that didn’t bother me. I did my thing. I wrote blog posts, and I still write (even if not as often or regularly as I want). I’m active in forums and help people with troubleshooting. And I’ve always stood up for one thing. I’m grateful for becoming a vExpert, it meant a lot to me, and it still does.

Personally, I have the feeling that, especially in contact with technical support, it enables a different level of communication if the other person recognizes my status as vExpert. A problem may escalate upwards faster, and you may have faster access to 3rd level support. Things like this. But also during projects, when I’m in contact with internal customers and external consultants, they recognize my status and see that I’m not just any IT technician. I know some stuff, I’m experienced, and someone voted for me so I could become a vExpert. As mentioned, it’s not a certification exam you can learn for. It is the personal commitment that shines through here.