Rotate ESX host password via Host Profile

In this blog, we will focus on rotating the ESXi root password via Host profiles. One of the most common ways to reset the root password is via the DCUI but I prefer using an automated approach to rotating passwords everywhere possible as multi-region keyboard layout keys play a role in getting password combinations incorrectly.

Host profiles on an ESXi server are aimed at ensuring we maintain consistent system configuration across all our hosts in the environment. Provided that the ESXi host is attached to the vCenter, password reset via the host profile is the recommended way to reset the root password.

There can be only one host profile per host/cluster so ensure that you don’t detach the current one if it has a valid config on to add a new one.

1- Login to the vCenter and locate the Host profiles section under the Profiles and Policies tab.

2- Choose the option Extract Host Profile. All this does is it extract all the live configuration from the server into a file.

3- We will now need to pick a host as our Master host who has the correct password on it.

4- Give the name for the profile settings and click Finish to close the assistant.

5-. Now we have our host profile created as shown

6 – We will now edit the host profile by clicking Actions > Edit settings

7- Deselect all parts of the host profile except the Security configuration.

We will select a fixed administrator password option choose a new password for our root account and finish the wizard.

8- We will now just need to attach the host profile to the cluster as shown

9- Pick the host or the entire cluster or the host you wish to change the password

10- Run a precheck to check for any errors.

11- The summary will show us what we are about to alter

12- Check for compliance

12- As expected, our passwords aren’t compliant now.

13 – Remediate the first host. I usually put the host in maintenance mode prior to doing password rotation however this is not required as per VMware.