I was helping out a small church. And for some unknown reason, someone decided to install VMware ESXi Version 5.5. With only two virtual machines built inside. A domain controller, file server, and 5 users. The file server is also their accounting server. They've had the ESXi server for 3 years or so. Of course, they had a falling out with the person who built the ESXi server a year ago. And... no one knew what they had, as for DC and File server. I saw the HP ProLiant D360, thinking it was the domain controller. No problem, just log in and do what I had to do. It took a week before anyone knew the domain admin password, no problem. However, nobody knew the root password, let alone what was "root".
In the end, I was trying to blank out the root password and some how the state.tgz got corrupted.
I followed the below instructions:
https://www.youtube.com/watch?v=CoL43UBpVyI
Reset ESXi 5 Root Password - EASY!
https://www.youtube.com/watch?v=KqcjBGNZtq8
How to Reset Forgotten VMware Esxi 5 Esxi 6 and mor Root Password
==
The file size of the state.tgz was 15k. Now it's at 1.2mb! However, I can still tar the file and read the shadow file.
I did this using ubuntu v16:
sudo -s
root@ubuntu:~#
mount /dev/sda5 /mnt
ls -l /mnt
- the file we’re looking for “state.tgz"
cp /mnt/state.tgz /tmp
cd /tmp
tar xzf state.tgz
tar xzf local.tgz
ls -l
- Go to the /etc directory and you can gain access the shadow file which conatins the password hash of ESXi root account.
cd /etc
- Run the nano shadow command to open the shadow file in the vi editor.
nano shadow
- delete everything in between the first two colons.
- such as, root:6$345678htGFd7:16630:0:99999:7:::
- delete “6$345678htGFd7” everything to make it look like this root::16630:0:99999:7:::
- Once you have removed the password hash, press ctrl-x and save.
cd .. (to go back up one directory)
- you should be in the tmp directory
cd
tar czf local.tgz etc
tar czf state.tgz local.tgz
cp state.tgz /mnt/
umount /dev/sda5
reboot
==
The first couple times, the instructions did not work. So I did it again. 4 times later, nothing. I could not login.
==
Then I tried:
https://www.thomas-krenn.com/en/wiki/Reset_VMware_ESXi_root_password
Reset VMware ESXi root password
I followed the instructions, but I used:
tar -xvf state.tgz
tar -xf local.tgz
cd /etc
nano shadow
==
Then I noticed the state.tgz the 15k file bloated to 1.2mb. However, I did not pay any attention to it. I copied the state.tgz to /mnt.
So now I have this 1.2MB state.tgz file.
The funny thing is, I can still repeat the instructions and see the root password within shadow file, but the VVMware ESXi server will not boot up. The ESXi server boots all the way, loading all the files and services, it looks like the server is ready for the root password entry... then it black screens. I can't even ping the ESXi server.
I will confess... I did not backup the state.tgz file. I should have did "cp /mnt/state.tgz /mnt/state.tgz.bak". Stupid me!
Is there anyway, to restore this state.tgz file?
Or, is there away to reduce the size of the state.tgz from 1.2mb back to 15k?
Any help would be appreciated.