this week we have faced an issue with our vCenter Appliance , we got warring message at vCenter as showing below
when we try to login via ssh to check this issue login fail , and also Immediate session timeout when logging into vCenter Server Appliance Web Console (VAMI) because the root account password expired
In vCenter Server Appliance 5.5 and 6.0, the local account password expires after 90 days by default
now we have 2 issue :
- 1st root partition 100 %
- 2nd root account password expired
To resolve this issue, we need to reboot vCenter Server appliance and modify the kernel option in the GRUB bootloader to obtain a root shell
how to do that you can follow the VMware KB : 2069041 until the point number 9
- Reboot the vCenter Server appliance using the vSphere Client.
- When the GRUB bootloader appears, press the spacebar to disable autoboot.
- Type p to access the appliance boot options.
- Enter the GRUB password.
Note:- If the vCenter Server appliance is deployed without editing the root password in the Virtual Appliance Management Interface (VAMI), the default GRUB password is vmware.
- If the vCenter Server appliance root password is reset using the VAMI, the GRUB password is the password last set in the VAMI for the root account.
- Use the arrow keys to highlight VMware vCenter Server Appliance and type e to edit the boot commands.
- Scroll to the second line displaying the kernel boot parameters.
- Type e to edit the boot command.
- Append init=/bin/bash to the kernel boot options.
- Press Enter. The GRUB menu reappears.
- Type b to start the boot process. The system boots to a shell.
- Reset the root password by running the passwd root command.
now we can start to investigate the cause of 1st issue root partition 100 %
found that the cause of this issue was Size of audit.log file is very large and /var/log/audit folder consumes majority of the space
VMware KB : 2149278 have full details to clear the audit.log , by following this KB you will be able to solve
- 1st root partition 100 %
- 2nd root account password expired
after following both KB we are able to login via ssh to VCSA and also login to vCenter Server Appliance Web Console (VAMI)
vSaiyan 
How did you get the root privileges?
LikeLike
reboot vCenter Server appliance and modify the kernel option in the GRUB bootloader to obtain a root shell
if you follow the steps on this KB https://kb.vmware.com/s/article/2069041 and i mention them in the post you will be able to obtain root shell
LikeLike
Thanks for the answer. I did all steps as on article, but only got user ($) privileges.
LikeLike
run this command
shell.set –enabled true
then
Type shell and press Enter
LikeLiked by 1 person
shell.set –enabled true is unknown command
I booted again through the GRUB and got root privilege. Thanks for the help.
LikeLike
hi michael ,
good to know you got the root privilege , and you are welcome 🙂
LikeLike
I’ve been trying to do this for an hour now but the instructions seem impossible; “2.When the GRUB bootloader appears, press the spacebar to disable autoboot.” – the GRUB bootloader is a flash of a fraction of a nano nanosecond and even if you furiously pounded on the space bar at the speed of light you could still miss it.
Is there any way to slow this? I added a boot delay inside of ESXi but it doesn’t seem to slow it.
LikeLike
Disregard, I considered that perhaps the experience with 6.5 differs from 6.0 and of course 5.5 and in holding down the “e” key I was able to get into the grub menu. Inspired by your blog and aided by https://kb.vmware.com/s/article/2147144
LikeLike
hi hal ,
yes you are right experience with 6.5 and above are different , Starting with vSphere 6.5, the vCenter Server Appliance is now running VMware’s own Photon OS , before it was running on SLES
LikeLiked by 1 person