Reset vCenter Single Sign On password

A customer of mine lost their password for the vCenter Single Sign On (SSO), version 5.1, admin@system-domain account. It is possible to reset the admin@system-domain account if you know the password configured during the installation. However, my customer had not changed the password since the installation meaning there is no supported way of changing the admin@system-domain password.

Craig Kilborn, @vmfcraig, directed me to Bill Gurlings, @vDingus blog where he shows a video of how you change the SSO admin@system-domain user password.

SInce i had to hand over a work report after changing my customers admin@system-domain password i decided to publish the step by step instruction on my blog. The instructions describes the actions required when you use a MSSQL database, in our case a MSSQL 2008 R2 database.

!! Remember, this is not a VMware supported solution !!

1, Create a test installation of SSO and configure a password you remember. This is not required if you already got a test environment or another SSO installation to use.

2, Stop all the related vCenter Server services on the server/servers running the vCenter Server and its additional components.

3, Go to the server managing your newly created SSO database or the SSO database where your known admin@system-domain password is stored.

4, Open the Microsoft SQL Server Management Studio -> expand your SSO database -> expand the Tables -> right click the table “dbo.IMS_PRINCIPAL” -> select “Select Top 1000 Rows”

5, Locate the PASSWORD column for the LOGINUID Admin and copy the hash.

6, Go to the server managing your SSO database where the admin@system-domain user account password is unknown.

7, Open the Microsoft SQL Server Management Studio -> expand your SSO database -> expand the Tables -> right click the table “dbo.IMS_PRINCIPAL” -> select “Edit Top 200 Rows”

8, Paste the hash copied in task 4 in the PASSWORD column for the LOGINUID admin.

9, Right click the table “dbo.IMS_AUTHN_PWD_HISTORY” -> select “Edit Top 200 Rows”

10, This table just contained one row in my case since my only SSO user is admin@system-domain so i updated the PASSWORD column with the hash copied in task 5.

If you have more users, use the letters and numbers in the ID column where the LOGINUID is admin in the dbo.IMS_PRINCIPAL table. The PRINCIPAL_ID in the table dbo.IMS_AUTHN_PWD_HISTORY is most likely one number higher compared to the one in the ID column in the dbo.IMS_PRINCIPAL table.

11, Start the vCenter Server services on the server/servers running the vCenter Server and its additional components.

Now you are able to log on to the SSO with the admin@system-domain user using your known password from your test environment.