• These steps should not be performed in a production environment unless under the supervision of VMware Support.

The admin@local password is used to issue API calls to your SDDC Manager in case the management vCenter is down. It is extremely important to know the password of this account in case disaster hits.

In order to restore the SDDC Manager or management vCenter from a file based backup, you must use the admin@local account.

So what if you lost the password for the account?
There is currently no way of querying the current password for admin@local, as the documentation gently puts it: You must remember the password that you created because it cannot be retrieved.

Luckily, there is a procedure for how we can reset this password!

Start by logging into the SDDC Manager with the user vcf over SSH.
Then su to root.

Issue the following commands to reset the current password:

# Reset the current password
mkdir -p /etc/security/local
chown root:vcf_services /etc/security/local
chmod 650 /etc/security/local
echo -n "" > /etc/security/local/.localuserpasswd
chown root:vcf_services /etc/security/local/.localuserpasswd
chmod 660 /etc/security/local/.localuserpasswd

# Set a new password - in this case NewP@ssw0rd123!
echo -n "NewP@ssw0rd123!" | openssl dgst -sha512 -binary | openssl enc -base64 | tr -d '\n' > /etc/security/local/.localuserpasswd

Restart the services afterwards


With the password now being set to NewP@ssw0rd123! we can use lookup_passwords to verify that it works.

Now that we know the password, we can change it using the Developer Center/API.

Supply the new password as well as the old password and hit Execute.
Status 204 means it was successful.