Followers of this blog will know I’ve been trying to port all of post-configuration work from the older kickstart/%post method using esxcfg- commands to using PowerShell. The really agenda being behind this is that one day they will take my COS away (that’s the Service Console to you folks!) – because one day there will be only an ESXi version of ESX and nothing else. Rather than reacting to the loss of the COS in a toys in a pram way, I thought I better get working with this PowersHell thing. Why PowersHell, will I’m totally convinced that is infinitely more powerful than the RCLI or vMA appliance. You can just do soooooo much more with it them.

Anyway, last week I switched over to configuring the IP settings of my ESXi hosts with DHCP for the Management Network only (by only mean, that the vmkernel ports for VMotion/IP Storage and the HA Heartbeat are still be configured statically). So now I never have to interact with the console of the ESXi host at all. EXCEPT to set the password on the thing. You see a clean install of ESXi to a memory stick or factory reset – still leaves you with a passwordless ESX host. So I decided to look into how to do set the password of the root account.

First thing I learned was that connecting to vCenter, to then try do a bulk password reset is not allowed by PowersHell. You have connect directly to the ESX host, otherwise you get this error message

Set-VMHostAccount : 8/26/2009 3:52:13 PM    Set-VMHostAccount    8E894753-1749-413B-9B4B-E9BC5DF57FF3    The requested operation can only be perfonnected directly to an ESX server.

So the correct method is to use the set-VMhostAccount cmd-let to set the initial password like so:

Connect-VIServer esx4.vi4book.com -username root
Set-VMHostAccount -UserAccount root -password P@ssw0rd!

Notice how in the Connect-ViServer command, I’m not using the -password parameter because a newly installed ESXi doesn’t have a password.

Update:

Also notice how my password is complex one.

I learnt something new today. During the installation of ESX “Classic” a password of 6 characters or more is valid. Therefore if you set “vmware” as the root password (obiviously not a very good choice) it would work. BUT, if you later change the password after the installation, and try something like vmware it would fail due to lack of complexity. It seems like higher level of complexity is enforced after the install, than is imposed during. If you set a password that is not complex enough, and you are doing the password reset via powersHell you will get this message:

Set-VMHostAccount : 8/26/2009 7:41:42 PM    Set-VMHostAccount    52b28080-8b4f-2b1b-bbd3-400a5348a06b    A general system error occurred: passwd: Authentication token manipulation error

Anyway, all this came to light by comment left on this post by RTFM Reader, Rob Shaw-Fuller. Rob’s added a powersHell script that will go through and reset the password on all your ESX hosts (providing they have the identifical root passwords to begin with…) I want to reproduce here – because I’m interested in single host configuration with powersHell (as if you were deploying a new ESX host) and also so called “bulk administration” tasks that can be automated with powersHell. Here’s Rob’s script below:

# Connect to the VI Server
Write-Host "Connecting to vCenter"
Connect-VIServer "virtualcenter4.vi4book.com" -user administrator -password vmware
$VMHosts = Get-VMHost | Sort-Object Name
Disconnect-VIServer -Confirm:$False

ForEach ($VMHost in $VMHosts)
{
	$HostName = $VMHost.Name
	Connect-VIServer $HostName -User root -password P@ssw0rd
	Set-VMHostAccount -UserAccount root -password Password1
	Disconnect-VIServer -Confirm:$False
}

Thanks Rob… I would got there myself – if I hadn’t have been so stupid to test my bulk script with vmware as the darn password!!!

This entry was posted on Wednesday, August 26th, 2009 at 2:54 pm and is filed under PowersHell. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.