vCenter Single Sign On (SSO) password reset

During the installation of the Windows vCenter Single Sing On (SSO) service you must provide a password for the SSO admin user named “admin@System-Domain”.

image

The password you enter is called the master password. If you change the master password, the password entered during the installation of the SSO service is needed as master password for resetting the “admin@System-Domain”. You can reset it by using the following syntax:

  • navigate to the following directory “\Program Files\VMware\Infrastructure\SSOServer\utils”
  • Use the “rsautil reset-admin-password” command.  The VMware KB article can be found here.

If you forgot the master password and have no other admin account, there is no supported way to reset the SSO password. You need to reinstall your vCenter environment!

There is an unsupported way to recover the SSO password by reading the sha256 hashed password. The complete procedure can be found on Schubis Blog.

Make sure that you document master SSO password entered during the installation. After the installation add some other users to Administrators group in SSO.  I hope VMware will make it possible to reset the “admin@System-Domain” password. in a future patch of release.

1 thought on “vCenter Single Sign On (SSO) password reset”

  1. Hi Ivo – co-incidentally I just blogged about the same issues yesterday!

    However I think some of your advice might be incomplete. It turns out that the master password is also needed even to upgrade or remove SSO. VMware do have a supported way to change the master password but that’s also dangerous as there’s a wrong way to use that tool which breaks SSO without warning – http://vcdxorbust.com/2013/05/30/vcentre-5-1-sso-changing-the-master-password-the-right-way-and-the-wrong-way/

    Charles

Leave a Comment