If the vCSA root password is lost or forgotten, you no longer have access to the vCenter Server Appliance management console and you can't SSH the appliance.
This affects updates and patching operations through the GUI or the command line, and also the NTP and root password policy configuration settings. The troubleshooting process is also affected due to the limited access to the appliance.
To reset vCSA root password is a pretty simple procedure but it requires some correct steps to follow to avoid potential issues.
Reset vCSA root password
The password reset is anything complicated but it is suggested to take a snapshot before proceeding to easily recover the appliance in case of problems.
To proceed with the password reset, you need to reboot the vCSA first. Right click the VM from the vSphere Client and select Power > Restart Guest OS.
When the VM boots, press the letter e from the keyboard to access the GNU GRUB Edit Menu. Append the following entry at the end of the first line:
Press F10 to continue with the boot.
Now enter the following command to set a new password:
When the password has been set, run the following command to unmount the filesystem:
# umount /
Now reboot the appliance to activate the new password.
# reboot -f
With the new password you are now able to access the appliance's management console again.
As a best practice, the vCSA root password should be changed on regular basis to keep the highest security level.