NOT ABLE TO RESET ROOT PASSWORD ON ESXI 5.1

when ever trying to reset root password ..showing error like :"passwd: Authentication token manipulation error"

please advise how it can be resolved ?

snap attached for reference..1 is for error and 2,3 are for passwd and system-auth file
1.jpg
2.jpg
3.jpg
LVL 1
patronTechnical consultant Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The VMware supported method, if you cannot change the password is to re-install VMware ESXi 5.1.

Changing a forgotten root password on an ESX/ESXi host

An unsupported method of resetting the password is here

http://www.vm-help.com/esx/esx3i/Reset_root_password.php
patronTechnical consultant Author Commented:
Thanks Andrew,I am able to login with my domain Cred. and root cred. as well,but here issue is when vere trying to reset password for root..it is not allwoing as given one error ..like given in snap attached earlier ie : Authetiucation  Token manipulation Error!!

so need to underatnd where the glicth is ?

tried to give complete permission to pam.d and passwd under /etc/pam.d..but still shoing same error ?

and not allowing to modify the password file ..while it has the same entry..as we have in other host -allowing us to reset root password using command and gui as well.

Please assist to get this clerified..or if its somthing to be configured @host level?
gheistCommented:
It uses some password complexity measures.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
So what ever password complexity you have set, make sure you password complies.
patronTechnical consultant Author Commented:
it is already there and as same as we have for other host in my cluster.  we are able to reset password for almost 8 host with same build and level of esxi 5.1 -2191751 , but it is not working on 6 host in same cluster ?

same passwd file, pamd.d  access as well
same build and version

is it something bug to be fixed  in other version/update..in Vi client error while trying to rest root password is..

Call "HostLocalAccountManager.UpdateUser" for object "ha-localacctmgr" on ESXi "...." failed. to set the password
patronTechnical consultant Author Commented:
its not related to password complexity..but giving this error
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
gheistCommented:
Not being picky - but those 6 more hosts have same version installed? And installed from same vendor customized ESXi?
patronTechnical consultant Author Commented:
Yes, all have same version /build and installed/updated with same media/patch.

Even i have rebooted host and updated with latest patch as well ie U3 for Esxi 5.1..but still showing same error?
patronTechnical consultant Author Commented:
Thanks Andrew.i have already checked for that article..but its none related to this, as same file we have on other host ..where it is allowing to reset passwd file.

Even i have disabled everything given in url...still same error?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Re-install the ESXi 5.1 host or escalate this issue to VMware Support.
patronTechnical consultant Author Commented:
have already escalated to VMware..but yet they ppl are looking into it.

what I found in /var/log/auth.log is..

"2015-03-23T11:56:06Z passwd: pam_unix(passwd:chauthtok): user "root" has corrupted passwd entry
2015-03-23T11:56:06Z passwd: 2015-03-23T12:00:47Z passwd: 2015-03-23T12:05:05Z passwd: pam_unix(passwd:chauthtok): user "root" has corrupted passwd entry
2015-03-23T12:05:05Z passwd: 2015-03-23T12:08:43Z passwd: pam_unix(passwd:chauthtok): user "root" has corrupted passwd entry
2015-03-23T12:08:43Z passwd: 2015-03-23T12:15:48Z passwd: pam_unix(passwd:chauthtok): user "root" has corrupted passwd entry
2015-03-23T12:15:48Z passwd: 2015-03-23T12:35:27Z passwd: pam_unix(passwd:chauthtok): user "root" has corrupted passwd entry"

Tried to look for and VM article to get this resolved..but no luck, any way we can get this rectified ?
patronTechnical consultant Author Commented:
VMware ESXi 5.1.0 build-2323231
VMware ESXi 5.1.0 Update 2


 and same  issue on ESXi 5.1 Update 3
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Re-install!
patronTechnical consultant Author Commented:
fine, but here i need to locate how it has happened ? else it may  occur after reinstall as well.
gheistCommented:
Somebody edited /etc/shadow, or password was never ever set.
In later case log in to machine console and set any 8-char+ password.

If you have vcenter connection working you can reset root passwords with host profile containing just one root password.
patronTechnical consultant Author Commented:
Tried all methods..except host profile !!

Please advise how we can proceed using host profile ?

 and  is there any way to check for data edited..as its almsot same as i have on other host or if some how we can update /restore this?
gheistCommented:
In vcenter - create host profile from healthy system
edit host profile with desired root password
save it (wait to save)
now edit profile application rules by removing every rule but password.
Assign it to a bad ESXi. Check compliance... Enter maintenance mode, apply profile (before changing anything it will ask what to change on host... if you missed some in previous step it will show more than single change - rewind and try again...)

Essentially this is a bit different mechanism to set password than typing it on the console - vcenter agent will try to change it.

It is good idea to keep host profiles matching your systems... It makes it easy to reinstall them if needed.
patronTechnical consultant Author Commented:
is it applicable for 5.1, as i tried in same way..but no option found to get this reset.

Thanks for all your support here..VMware advised me to rebuild the Host now.

and strange part is .I have resolved this issue issue now by doing update in passwd file.

 and It has saved my life else i may have to rebuild 8-19 ESXi host.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gheistCommented:
"set administrator password" under security.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You may have solved the issue, no way to tell, if it will come back and haunt you with your hack job!

That's because VMware does not support the updating of the passwd file!

It's the same issue, with using a Linux CDROM, to hack the password file, it's unsupported!

see first post!
gheistCommented:
With unsupported hack applied you now pay for no support full price of support..... (until all 20 systems are reinstalled)
patronTechnical consultant Author Commented:
yes,it could be the issue here..but this is somthing i was looking for support from vmware as well

and Thanks a lot for all your great support here on this issues.
gheistCommented:
And sorry we did not keep you away from your intent of big reinstall...
patronTechnical consultant Author Commented:
Appriciate  you support  on this!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.