Practical Method for Resetting vCenter Password – Safe Recovery Without Reinstall

 Introduction

Recently, while upgrading a customer's vCenter, I encountered a situation where the root password was unknown. The customer also asked around but couldn't find it. To recover this root password, I did some research, and today I'm sharing it here. The practical environment for this operation: VMware vSphere vCenter 8.0.

Steps:

1. Use the Administrator@vsphere.local account to log in to https://vCenterIP:5480.

2. Navigate to the "Access" tab and check whether vCenter SSH login is enabled. If SSH remote access is not activated, click "Edit" and enable "Activate SSH Login."

3. Use the Administrator@vsphere.local account to SSH remotely into the vCenter server.

4. Type "shell.set --enabled true" to enable the shell function.

 
shell.set--enabled true

5. Type "shell" to enter the shell bash interface.

6. Use "sudo passwd root" to update the root password. Enter the new password twice.

7. Sometimes the account might be locked, so we need to unlock it first.

version before 8.0 u2 

 
sudo pam_tally2 --user=root --reset

version after 8.0 u2 (include 8.0 u2)

 
sudo /usr/sbin/faillock --user root --reset

Your Can Refer to this VMware official document:

• VMware Official vCenter Password Recovery Documentation
  https://docs.vmware.com/en/VMware-vSphere/index.html

• VMware vCSA Security & Access Management
  https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security

🔍 Why vCenter Password Reset Is a Common Admin Challenge

Password-related lockouts are one of the most frequent vCenter operational issues, especially in environments with:

• Password expiration policies

• Staff turnover

• MFA misconfiguration

• Limited documentation

Using a practical and supported vCenter password reset method helps administrators restore access without risking data loss or reinstallation.

---

🛠 Common Scenarios That Require Resetting vCenter Passwords

You may need to reset a vCenter password when:

• The root or administrator password is forgotten

• vCenter services are running, but the login fails

• Password expired, and SSH access is blocked

• Appliance shell is disabled

• Access is needed urgently during outages

This practical reset approach minimizes downtime and avoids unnecessary rebuilds.

---

✅ Best Practices Before Resetting vCenter Passwords

Before performing a password reset, always:

• Take a snapshot of the vCenter appliance

• Ensure console access via ESXi or vSphere

• Confirm the exact vCenter version

• Schedule a maintenance window if possible

These steps reduce the risk of recovery and help ensure a smooth reset process.

🔹 Password & Recovery Related

• vCenter 8.0 Password Recovery from GRUB
  https://anfuitblog.blogspot.com/2025/12/vcenter-80-password-recovery-from-grub.html

• How to Reset VMware vCenter 6.7 Root Password
  https://anfuitblog.blogspot.com/2025/09/how-to-reset-vmware-vcenter-67-root.html

🔹 Service & Access Troubleshooting

• VMware vCenter 503 Service Unavailable – Troubleshooting Guide
  https://anfuitblog.blogspot.com/2025/08/vmware-vcenter-503-service-unavailable.html

• Practical Method for Resetting vCenter Password

Veeam 12 Upgrade Failed – Root Cause Analysis and How the Issue Was Finally Resolved

Recently, due to security vulnerabilities, I was performing an upgrade to Veeam Backup & Replication version 12.3. Today, upgrading one Veeam instance failed. This article documents the analysis process and the solution.

Problem Analysis

According to the prompt, checking the log (SetupBackupCheckerBR_26_10_2025_20_50_44.log) shows the error content:

ERROR [PGSQL] 28000: SSPI authentication failed for user "postgres" (Npgsql.PostgresException)

From the error message, it can be seen that error code 28000 indicates authentication failure, and SSPI (Security Support Provider Interface) is an authentication mechanism used by Windows. This error is a PostgreSQL database authentication failure. Some possible causes for the error are:

• Windows user mismatch
• pg_hba.conf configuration issue
• Service account permission issues

I suspected it was due to a Windows user mismatch because I was logged in with my own domain account, while the account that installed this VBR was a different one. Since there was no authorization, it couldn't connect to the PostgreSQL instance.

So I checked the Veeam official explanation:

This error occurs when the account used to interact with the PostgreSQL instance is not authorized.

Sure enough, since my account wasn't authorized, it naturally couldn't perform the upgrade operation. The solution is quite simple: use the account that deployed the VBR installation to perform the upgrade operation.

Checking the C:\Program Files\PostgreSQL\15\data\pg_ident.conf configuration file:

This configuration file records the domain account used during the VBR installation. I didn't have the password for this account, and the colleague who owned it had already left the company, so it couldn't be used. In this case, the only option was to add a new domain account. You can refer to the following steps.

Solution

Check the Veeam PostgreSQL log (C:\Program Files\PostgreSQL\15\data\log), scroll to the end where the error occurred:

Add the above domain account to the C:\Program Files\PostgreSQL\15\data\pg_ident.conf configuration file:

Save the file, then re-run the upgrade operation:

Problem solved, upgrade completed.

If the hostname of the VBR host has been changed, you might also encounter this issue and need to update the pg_ident.conf file.

Note: Starting from Veeam 12, the underlying data storage can use a PostgreSQL database.

Why Veeam 12 Upgrade Failures Are Often Misleading

Many administrators assume a Veeam 12 upgrade failure is caused by installer bugs or corrupted packages. In reality, upgrade errors are frequently triggered by environmental issues such as:

• Insufficient disk space on system or configuration volumes

• Leftover services or locked processes

• Repository metadata inconsistencies

• Unsupported OS or missing prerequisites

These hidden problems often surface only during the upgrade process, making root cause analysis critical.

Key Lessons Learned from This Veeam 12 Upgrade Case

This case highlights several important upgrade best practices:

• Always validate disk space and file system health before upgrading

• Stop all Veeam-related services cleanly

• Check Windows Event Viewer and Veeam logs, not just installer messages

• Do not ignore “non-critical” warnings shown during pre-checks

Veeam upgrades are reliable—but only when the environment is clean.

✅ Recommended Pre-Upgrade Checklist for Veeam 12

Before upgrading Veeam Backup & Replication, ensure:

• Backup repositories are online and healthy

• No active backup or replication jobs are running

• Windows updates are completed

• Antivirus exclusions are configured for Veeam directories

• A configuration backup has been taken

📌 External reference (Veeam official upgrade guide):
https://helpcenter.veeam.com/docs/backup/vsphere/upgrade_vbr.html

 

vCenter 8.0 Password Recovery from GRUB – Step-by-Step Root Access Guide

A few days ago, I installed vCenter 8.0 to use as a lab environment, but after installation, I found that no matter what password I entered, it was incorrect. After several attempts, I realized I had remembered the wrong password, so I'm documenting this article to help myself and others figure out what to do when you forget your vCenter password.

This article outlines the steps to reset the root password on the ESXi host where vCenter is installed, including reboot procedures, modifying command-line options, and using vDCA to generate a new administrator password.

Introduction

Losing administrative access to VMware vCenter 8.0 can quickly turn into a critical outage. Fortunately, VMware provides a supported way to recover the vCenter root password using GRUB mode, allowing administrators to regain control without reinstalling the vCenter Server Appliance (vCSA).

This guide explains how vCenter 8.0 password recovery from GRUB works, when to use it, and best practices to avoid future lockouts.

Resetting the root account password

1. First, to reset the root password, log in to the ESXi host where vCenter is installed and reboot vCenter.

2. Open the virtual console. When the Photon interface appears, press the "e" key to enter the "Options" settings.

3. After pressing "e", the GNU GRUB interface appears.

4. Add "rw init=/bin/bash" after "fips=1", then press "F10" or "Ctrl+X" to boot into the system.

   This mounts the root filesystem in read-write mode (rw) and specifies the system initialization process as the bash shell (init=/bin/bash), bypassing the normal login process and directly entering a command-line environment with root privileges, used for system troubleshooting (such as resetting passwords, modifying configuration files, etc.).

5. Enter the following commands in sequence:

   mount -o remount,rw / (Remount the already mounted filesystem with read-write permissions to the root directory)

   passwd root (Change the root password)

   Enter the new password

   Enter the new password again

   umount / (Unmount the root filesystem)

   reboot -f (Force reboot the system)

 
mount -o remount,rw / 
passwd root
New password
Retype new password
umount /
reboot -f

Modifying the vCenter password

1. Open the virtual console and press "Alt+F1" to enter the vc command-line interface.

2. Log in with the root account using the newly reset root password.

3. Enter "shell" to enable BASH.

4. Use the "vdcadmintool" command tool to reset the password. Enter the command "/usr/lib/vmware-vmdir/bin/vdcadmintool".

5. Select option 3, "Reset account password", to reset the account password. Enter "3" and press "Enter".

6. Enter "administrator@vsphere.local" and press "Enter". A random password will be generated.

7. Copy the generated random password, open the vc page in a browser, and log in.

8. After entering vc, click the account icon in the upper right corner and select "Change Password".

9. After changing the password, click confirm.

Conclusion

The vCenter 8.0 account password reset process is now complete. For newcomers to the IT field, especially those getting familiar with data center infrastructure, small issues like forgetting a password are actually great opportunities to understand the underlying system logic. It helps you better understand vCenter's boot process, the role of command-line tools (like passwd and vdcadmintool), and more.

However, prevention is always better than recovery—secure your vCenter access, monitor password policies, and document emergency procedures to stay in control of your virtual infrastructure.

Related troubleshooting guide:
https://anfuitblog.blogspot.com/2025/09/how-to-reset-vmware-vcenter-67-root.html

Fixing Veeam Agent Push Error – Emergency Manual Installation Guide for Windows & Linux

Introduction

When deploying workloads through Veeam Backup & Replication, administrators often rely on Veeam Agent push installation to simplify backup rollout across Windows or Linux hosts.
But when the push installation fails, backups cannot run, and organizations may be exposed to data loss.

This article explains how to troubleshoot the Veeam Agent Push Error and provides an emergency manual installation method to quickly restore protection on any system.

First, the Windows backup agent installation package can be downloaded from the Veeam official website.

Stage 1: Backup Agent Installation

1. After downloading the Windows backup agent installation package, right-click and run it as administrator.

2. Select "Next" by default.

3. Click "I Accept."

4. Wait for the backup agent installation to complete.

Stage 2: Creating a Recovery Image

1. After the backup agent installation is complete, by default, "Perform recovery media boot" is checked. Click "Finish."

2. You can customize the contents included in the recovery image; generally, select the middle two options.

3. Choose the storage path for the recovery image ISO (this path is on the local physical server).

4. Enter the username and password for shared access to retrieve this ISO file.

5. Click "Create" to create the recovery image.

6. The recovery image has been created. Check the recovery image at the specified path.

Stage 3: Creating a Backup Job

1. In the recently added items, select "Configure Backup."

2. Enter the backup job name.

3. Select full machine backup. (If the physical machine has an external dongle or other USB devices connected, check the "Include external USB drives" option.)

4. Generally, place the backup data into the Veeam backup repository.

5. Enter the backup console IP address, username, and password.

6. Select the backup repository.

7. Set the backup retention period to 7 days and configure the full backup retention duration.

8. Set the backup execution time.

9. Click "Finish" to complete the backup job creation.

10. When entering the backup console, the physical machine backup job will already exist.

Stage 4: Backup Test Verification

1. Open Veeam Agent for Microsoft Windows.

2. Select the backup job and manually perform a full backup.

3. The task will be triggered in the backup console.

4. Backup successful.

Conclusion

The Veeam Agent Push Error is common in enterprise environments, especially those with strict network or security policies.
By following the troubleshooting steps and applying the emergency manual installation method, you can restore backup functionality quickly and prevent future deployment failures.

Reliable agent installation ensures reliable backups—your last line of defense against data loss and ransomware.

See related troubleshooting:
https://anfuitblog.blogspot.com/2025/12/reviewing-case-where-veeam-backup.html

“Secure VBR Login & Console Best Practices”
https://anfuitblog.blogspot.com/2025/09/making-vbr-login-more-secure-complete.html

Fix the Veeam VBR v12.3 upgrade error

Reviewing a Case Where Veeam Backup Failed – Root Cause, Fixes & Prevention Tips

Introduction

Last Friday, a reporting database deployed on a virtualization platform experienced a service interruption because the underlying storage volume ran out of space, making the disk unwritable and unreadable. Since storage space couldn’t be freed up quickly, we decided to use Veeam Backup to rapidly restore a new database to resume business access as soon as possible.

However, during the database restoration using Veeam, I encountered an unexpected issue. This article will review the entire process and share relevant insights.

Case Overview – What Happened?

First, I confirmed that the daily backup tasks for the reporting database all showed as successful. Based on the backup status, the restore operation should have proceeded smoothly.

Next, I followed Veeam’s standard restoration procedure: creating a virtual machine, installing Oracle software, and deploying the Veeam Agent. Once everything was ready, I launched Veeam Explorer for Oracle to perform the database restore. But then an error appeared:

Cannot find autobackup files for the selected database on the backup repository. Make sure database backup is created with the latest available plug-in version and enable controlfile autobackup on the source server to prevent this error in future.

This error was surprising—if the backup tasks showed success every day, why couldn’t the restore proceed?

According to the error prompt, the backup set did not contain a backup of the control file. Veeam indicated that we should check whether the source database had the control file autobackup feature enabled in RMAN with the following configuration:

 
RMAN> show controlfile autobackup;

RMAN configuration parameters for database with db_unique_name RTP are:
CONFIGURE CONTROLFILE AUTOBACKUP OFF;

If this option wasn’t enabled, Veeam would not back up the control file by default. We later confirmed this in the backup directory:

 
root@veeamrepo01:/backupdata/backups/VeeamPluginUser_LinRman_42101602-3240-f20c-a1c7-1e9946f37a8e# ll c-*
ls: cannot access 'c-*': No such file or directory

The control file is critical for Oracle database recovery. Without it, restoration is impossible. To make matters worse, the original host where the reporting database resided couldn’t start due to storage issues—we were stuck!

Fortunately, the virtualization team promptly freed up some storage space, allowing the original host to reboot and the database to return to normal. I immediately enabled RMAN’s CONTROLFILE AUTOBACKUP configuration, restarted a database backup task in Veeam, and after the backup completed, checked whether the control file existed in the backup directory:

 
root@veeamrepo01:/backupdata/backups/VeeamPluginUser_LinRman_42101602-3240-f20c-a1c7-1e9946f37a8e/sqrptbak_rtpdb# ll c-*
-rw-r--r-- 1 veeamrepo veeamrepo 2248704 Nov 21 11:23 c-1857153753-20251121-00.vab
-rw-r--r-- 1 veeamrepo veeamrepo   17912 Nov 21 11:23 c-1857153753-20251121-00.vasm

Although the issue was resolved, this incident highlighted an important problem: when Veeam backs up an Oracle database, its ability to back up the control file depends on RMAN’s CONTROLFILE AUTOBACKUP configuration. This dependency wasn’t clearly highlighted during the Veeam backup task deployment, which can be misleading.

Afterward, I reviewed Veeam’s official documentation and found that it does include relevant information:

Therefore, I strongly recommend that teams using Veeam to back up Oracle databases promptly check whether the RMAN controlfile autobackup option is enabled on the source database. This ensures the backup set includes the control file and avoids complications during restoration.

Conclusions

This incident served as a wake-up call and offers the following takeaways and recommendations:

1. Backup validation is essential: A backup task showing "success" doesn’t guarantee the backup set is complete or usable. Regularly performing recovery drills is key to verifying backup validity.

2. Understand backup mechanism dependencies: When Veeam backs up Oracle databases, control file backup relies on RMAN’s CONTROLFILE AUTOBACKUP configuration. Be sure to enable this option on the source database to ensure the control file is included in the backup set.

3. Improve deployment and verification processes: When deploying Veeam backup tasks, clearly identify such dependency configurations and include them in initial checklists to avoid unusable backups due to configuration oversights.

4. Establish emergency communication protocols: During issues with underlying infrastructure like storage, timely communication and collaboration with relevant teams can buy more time and options for recovery.

Hope this experience sharing helps everyone better avoid similar risks in daily operations and ensures the reliability of database backup and recovery processes.

Related reading: Veeam Security Deep Dive – Malware & Ransomware Defense

fix Veeam VBR v12.3 upgrade fails