Recover master password VMware vSphere 5.1 Single SignOn

Update: VMware provides a procedure in unlocking and resetting the account. This procedure can be found here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034608.

I recently was at a customer for a Symantec Backup Exec installation. The customer Active Directory domain was configured as 2 child domains and one parent domain. The parent domain is used in their main site(s), the child domains are used for the remote branches (EMEA / US). On each location a VMware environment is installed with a dedicated Virtual Center server. As authentications are required for users within each domain, several LDAP strings are defined in SSO (https://vcenter:9443).

These LDAP queries are pointed to a set of servers (the Domain Controllers). When a domain controller is demoted or deleted, the LDAP queries are non-functional… And that’s what happened here! So the LDAP configuration needed to be altered. Quickly I discovered this is only possible by using a local SSO account! The default SSO account (admin@System-Domain) has some kind of master password that needs to be entered when reconfiguring the software component. It’s extremely important this password is written down and stored in a safe location as alternation of the password is impossible (cfr. VMware support).

Continue reading