VMware: How to revert root user role from "Read-only" to "Administrator"
Today on the Dutch VMug forum somebody got some trouble to connect a ESX host after changing the “root” permissions from Administrator to Read-only. Nice problem to find a solution, I created the same situation in my test environment.
Situation:
User: Root – Role: Read-Only
You can’t connect the host anymore with your VI Client..
Solution:
… but you can still login at the console or putty session.. so what to do:
Edit the authorization.xml file: nano /etc/vmware/hostd/authorization.xml
Change the "<ACEDataRoleId>-2</ACEDataRoleId>" number 2 in number 1.. so it must look like in "<ACEDataRoleId>-1</ACEDataRoleId>"
Administrator = 1
Read-only = 2
Restart some services:
- service vmware-vmkauthd restart
- service mgmt-vmware restart
I can login again 🙂
Tip: Create always a second account to manage or troubleshoot your environment.
About Author
I figured out how to revet root from read-only back to administrator by just plugging in directly to it via my KVM, pressing F2 (customize system), go down to “Configure Lockdown Mode” & disabling. I was then able to KVM back over to my main PC & login using VMware Infrastructure Client w/ Administrator privileges & then created a 2ndary admin login & changed its permissions to be administrator as well.
Thx Craig. It’s good idea! It’s work for me!!!
Hi,
I have similar problem, but I can not reach /etc/vmware/hostd/authorization.xml
I tried Craig’s solution, but “Configure Lockdown Mode” option is gray (I can not select it).
I can enable console and SSH on physical server, but I can not log in. I tried “root” and password, which I used for ESXi configuration.
I am using ESXi 5.1 and vSphere client.
Can you help me?
Good afternoon sanderdaems,
I’m having this problem and can not solve it because I can not login as root by putty or winscp gives the access denied message. Through the VMware vSphere Client can get normal but i can not make any changes because the user is root with read-only permission.
Regards,
Ivo Silva.
I’m having the same problem.
Can anyone help me.
Regards,
Ivo Silva.
I have similar problem, but I can not reach /etc/vmware/hostd/authorization.xml,
can anyone help you?
Dear All,
I have exatly the same problem, but I also cannot enable “Configure Lockdown Mode” and I am not able to login via putty with the root user. I guess that the root user is not allowed by default to connect via ssh.
Did anyone solve the problem? It seems to be the same issue at Ivo Silva’s post.
Thank you,
Christoph
Can you still manage the host by vCenter server? You can apply a host profile to change the administrator password
@sanderdaems
Hello,
thank you for the hint. I don’t have vCenter Server.
I dared to reset to default settings. I documented the settings before and resetting solved my problem. I will take more care in the future.
Thank you
And if you add a group called “root” and you give read-only?
Hi, I have the same problem as others which they have stated in their comments (I cant log into terminal with user of root, maybe because of its low permission), is anybody here who may help me?
Best regards
@sanderdaems
Hi, I have the same problem as others which they have stated in their comments (I cant log into terminal with user of root, maybe because of its low permission), would you please help me? I haven;t setup a VCenter Server before this trouble occurred.
Best regards
You can re-assign the administrative role through the VMA.
If you have VMA, target the host where you downgrade the root role, create a user with administrator role . Here you go.
See the link below:
http://buildvirtual.net/creating-users-and-groups-on-a-esxi-5-host/
I have a same problem , but I have not access to the ssh because ssh is disable in my server and I can not enable ssh access via read only user.
Thx!!!!!!!!!!!! It worked fine!
Regards
Does VMA need to have been already installed?
@Teddy-Jack MBULA please help