The root account is the only login account to vSphere ESXi. There is no extra account to create a backdoor to logon to vSphere ESXi when the root password is lost. When a vSphere ESXi host is added to a vCenter instance, management of the host is primary done via vCenter. Troubleshooting ESXi is done primarily on the command line via an SSH connection. By default the SSH service is stopped. To start the SSH service you have to access the server via vCenter Host>Configure>System>Services. When you don’t have the root password for the vSphere ESXi host you have to follow the following procedure.

This procedure uses the Host profile functionality that is only available when you have an Enterprise license. If you have lost the root password but you don’t have an Enterprise license you have no other option but reinstall the host.

Go to Menu>Policies and Profiles, and select Host Profiles.

In the right window click on Extract Host Profile.

Give the profile a name and description so you can identify it later. Right click on the new host profile and click on “Edit Host Profile”.

Unselect all the unnecessary options, except: Security and Services > Security Settings > Security > User Configuration > root.

Enter the new password you want to apply to this server.

Now right click again on the new Host Profile and click on “Attach/Detach Host and Cluster”

Place the host in Maintenance Mode, right click again on the Host Profile, and click this time on “Remediate”.

Confirm that the remediation is executed on the correct server, and click on remediate. The password for the Root account is now changed.