Xenfomation: Things Virtual and Technical

I am honored to have such a facility to discuss, share, and be involved - directly - with the XenServer community: from XenServer, Administration, tips, and even some tricks...

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Resetting Lost Root Password in XenServer 6.2

Posted by on in Guides
  • Font size: Larger Smaller
  • Hits: 6084
  • 10 Comments
  • Subscribe to this entry
  • Print

The Situation

Bad things can happen... badly.  In this case the root password to manage a XenServer (version 6.2) was... lost.

Physical or remote login to the XenServer 6.2 host failed authentication, naturally, and XenCenter had been disconnected from the host: requiring an administrator to provide these precious credentials, but in vein.

An Alternate Situation

Had XenCenter been left open ( offering command line access to the XenServer host in question) the following command could have been used from the XenServer's command line as to initiate a root password reset:

passwd

Once the root user's password has been changed the connection to the host from XenCenter to the XenServer host will need to be reestablished: using the root username and "new" password.

Once connected the remainder of this article becomes irrelevant otherwise you may very well need to...

Boot into Linux Single User Mode

Be it forgetfulness, change of guard, another administrator changing the password, or simply a typo in company documentation, the core problem being address via this post is that one cannot connect to XenServer 6.2 as the root password is... lost or forgotten.

As a secondary problem, one has lost patience and has obtained physical or iLO/iDRAC access to the XenServer in question, but still the root password is not accepted:

 

The Shortest Solution: Breaking The Law of Physical Security

I am not encouraging hacking, but that physical interaction with the XenServer in question and altering the boot to "linux single user mode" is the last solution to this problem.  To do this, one will need have/understand:

  • Physical Access, iLO, iDRAC, etc
  • A rebooted of the XenServer in question will be required

With disclaimers aside I now highly recommend reading and reviewing the steps outlined below before going through the motions. 

Some steps are time sensitive, so being prepared is merely a part of the overall pla.

  1. After gaining physical or iLO/iDRAC access to the XenServer in question, reboot it!  With iLO and iDRAC, there are options to hard or soft reset a system and either option is fine.
  2. Burn the following image into your mind for after the server reboots and runs through hardware BIOS/POST tests, you will see the following for 5 seconds (or so):
  3. Immediately grab the keyboard and enter the following:
    menu.c32 (press enter)
  4. The menu.c32 boot prompt will appear and again, you will only have 5 or so seconds to select the "XE" entry and pressing tab to edit boot options:
  5. Now, at the bottom of the screen one will see the boot entry information.  Don't worry, you have time so make sure it is similar to the following:
  6. Near the end of the, one should see "console=tty0 quiet vga=785 splash quiet": replace "quiet vga=785 splash" with "linux single".  More specifically - without the quotes - such as:
    linux single
  7. With that completed, simply press enter as to boot into Linux's single user mode.  You should eventually be dropped into a command line prompt (as illustrated below):
  8. Finally, we can reset the root password to something one can remember by executing the Linux command:
    passwd

  9. When prompted, enter the new root user password: you will be asked to verify it and upon success you should see the following:
  10. Now, enter the following command to reboot the XenServer in question:
    reboot
  11. Obviously, this will reboot the XenServer as illustrated below:
  12. Let the system fully reboot and present the xsconsole.  To verify that the new password has taken affect, select "Local Command Shell" from xsconsole.  This will require you to authenticate as the root user:
  13. If successful you will be dropped to the local command shell and this also means you can reconnect and manage this XenServer via XenCenter with the new root password!
Tagged in: how-to info
A former developer/architect with IBM, my personal passion centers around creativity: from the arts to the sciences. Prior to Citrix, I was already a fan. Once my father found me soldering Sonic the Hedgehog 2 onto an Apple ][+ and patiently explained to me emulation, virtualization, and code. That pretty much has dictated my career path: automation, virtualization, development, and the desire to share what I know with anyone who has an ear to listen!

Comments

  • Davide Poletto
    Davide Poletto Saturday, 12 July 2014

    Basically it's a matter of entering in Linux Single User mode to (re)initialize root's password before XenServer starts its boot procedure.

    Just noted that you wrote "menu.32 (press enter)" on Step 3 but the command that should be entered at boot console is menu.c32 instead (as per successive screenshots provided) so, maybe, please correct that tiny initial typo.

    Then in Step 6, IMHO, should be bettera wording like "replace quiet vga=785 splash with linux single option" keeping the remaining other options unchanged or, at least, something more articulated like "delete everything between console=tty0 and --- /boot/initrd-2.6-xen.img in order to add the linux single option".

    I personally prefer the first version. It's concise enough and don't let user to misunderstood what they should replace without saying anything like "before this/after that/between this and that".

  • Davide Poletto
    Davide Poletto Saturday, 12 July 2014

    Basically it's a matter of entering in Linux Single User mode to (re)initialize root's password before XenServer starts its boot procedure.

    Just noted that you wrote "menu.32 (press enter)" on Step 3 but the command that should be entered in the boot console is menu.c32 instead (as per successive provided screenshots) so, maybe, please correct that tiny typo.

    In Step 6, IMHO, should be better a wording like "replace quiet vga=785 splash with linux single option" keeping the remaining boot options unchanged or, at least, write something more articulated like "delete every option that is between console=tty0 and --- /boot/initrd-2.6-xen.img in order to add the linux single option".

    I prefer the first version. It's more concise and it doesn't let the user to misunderstood (whit instructions containing words like "before/after/between") what they should do.

    Nice post!

    Reply Cancel
  • JK Benedict
    JK Benedict Wednesday, 16 July 2014

    Davide,

    Thanks for the feedback: it is greatly appreciated.

    Sincerely,
    --jkbs
    @xenfomation

    Reply Cancel
  • Tobias Kreidl
    Tobias Kreidl Saturday, 12 July 2014

    Great article, Jesse, and thank you for sharing something that many of us have run into at one time or another!

    Another option -- once you have entered "menu.c32" after the "linux boot:" prompt (for which you are only given a couple of seconds) -- is that in editing the "xe" entry, you can just add "single" after the "vga=785" token and the server will come up in single user mode. This will not give you much functionality, but enough to be able to issue the "password" command and reset your root password.

    Sometimes you will run into a strange situation where you have errors that prevent a successful boot, such as one case we encountered with multiple error messages like "Asking for cache data failed" and numerous lines similar to "Buffer I/O error on device sdc, logical block 0" and the same error for many other devices (sdd, sde, etc.). In this case, when the XenServer console gets to the point where it says "welcome to XenServer, press 'I' to enter interactive startup," you hit "I" and when prompted for which services to run, you carefully say "Y" to all questions until you reach "attach-static-vdis" to which you reply "N", and then you can hit "C" to continue without further prompts. This will at least allow you to get to a shell prompt and further investigate what the issue may be. Other situations may require judgement as to what service to run or not, but the concept is the same.

    Again, many thanks for documenting scenarios like these that are particularly useful to those who do not deal with Linux at this sort of level on any regular basis and which are lifesavers when you encounter a bad situation like this. For example, many of us have heard of XenServer sys admins having to take over XenServers in situations where their predecessors left no information on the server passwords, so this would be the way to salvage that situation.

    -=Tobias

    Reply Cancel
  • JK Benedict
    JK Benedict Wednesday, 16 July 2014

    Tobias!

    Thank you, sir as well as your continued support, annotation, and alternative routes to benefit us all!

    --jkbs
    @xenfomation

  • Arthur B - VM Systems
    Arthur B - VM Systems Wednesday, 17 December 2014

    We have an EX Intel Hybrid Cloud server that this does not work on. Is anyone out there available for consulting to get this sorted out? The issue is with XenServer 6.0.2 and there is no boot prompt.

    We've been trying with Citrix for almost 4 hours now and they can't even tell us if we can buy 6.2 license if we can get support on the existing 6.0.2 or what the case may be.

    Just when I thought I was starting to like XenServer

    Arthur

    Reply Cancel
  • JK Benedict
    JK Benedict Thursday, 18 December 2014

    Arthur,

    Finished retesting. The steps are the same as outlined in this article. If you are not getting a "boot: " prompt, then something is wrong.

    However, here are the steps for 6.0.2: you will need either physical access to the console OR iLO/iDRAC access to reboot the machine.

    1. During the reboot, after POST and before the Citrix Splash image, the following boot prompt should appear:
    http://i1381.photobucket.com/albums/ah234/jkbenedict/602pw1_zps9e6ff45b.png

    2. Type in the following entry and press enter:
    menu.c32

    3. A list of kernels will appear in a blue menu. By default, "xe" should be select and you should only need to press the TAB key. This will reveal the boot options as well as stopping the "count down" to boot:
    http://i1381.photobucket.com/albums/ah234/jkbenedict/602pw2_zpsf5867b29.png

    4. With the full kernel params revealed, make certain linux single is entered in (replacing the VGA, quiet, and splash options):
    http://i1381.photobucket.com/albums/ah234/jkbenedict/602pw3_zps67a514b9.png

    5. Press enter and this will boot into linux single user mode where the command line will be wide open. From there, type in:
    passwd

    6. That will allow you to change the root password. Once done, type in reboot:
    http://i1381.photobucket.com/albums/ah234/jkbenedict/602pw4_zpsc0892398.png

    After rebooting, as I did, you will find your new password will work quite fine.

    Again -- if you post this in the discussions.citrix.com site, please reply back with the URL as so I can respond.

    --jkbs | @xenfomation

  • JK Benedict
    JK Benedict Thursday, 18 December 2014

    Installing XenServer 6.0.2 - build 53456 - right now.

  • Tim Mackey
    Tim Mackey Wednesday, 17 December 2014

    @Arthur,

    If you want to tweet your request and copy @XenServerArmy, I can retweet. In terms of 6.2 license granting support for 6.0.2, part of the challenge is likely that those two versions had different sales models and associated support contracts.

    In an effort to further broaden the request; did you try the try the Citrix support forums: http://discussions.citrix.com/forum/101-xenserver/ Others might have experienced your issue and have suggestions.

    -tim

    Reply Cancel
  • JK Benedict
    JK Benedict Thursday, 18 December 2014

    Tim & Arthur,

    First, thanks Tim for fielding this -- I just saw a response to this article.

    Secondly, Tim is correct: the licensing model change to "per-socket" (physical CPU) with the release of 6.1. Furthermore, 6.0.2 (and 6.0.0 including Common Criteria) both hit End-Of-Sale on JUL 2013 and End-Of-Maintenance on JUN 2014. This information, as well as other version of XenServer, can be found at http://www.citrix.com/support/product-lifecycle/product-matrix.html

    Now, that being said, Arthur, I promise you I will most definitely take a look at this right now in my own personal test environment. I understand your situation: as a client, an employee, but more importantly - and no "smoke blowing" - as an ADVOCATE of our clients, like Tim and all who I work with.

    Lastly, Arthur, if you can log this topic @ discussions.citrix.com, as Tim mentioned, please reply to this thread with the URL to your post as I want to ensure that:

    - This problem is resolved!
    - We can exchange private messages to identify what you are looking for, what has failed, and who I need to pull in to ensure your questions are answered!
    - Lastly, ensuring you have the appropriate XenServer 6.1 (and beyond) licensing information! If not for clients (such as yourself), well, I wouldn't have such a wonderful job!

    Again, thank you for the fielding of this, Tim! and Arthur -- my response will be posted as soon as possible!!

    --jkbs | @xenfomation

Leave your comment

Guest Saturday, 20 December 2014

About XenServer

XenServer is the leading open source virtualization platform, powered by the Xen hypervisor. It is used in the world's largest clouds and enterprises.
 
Commercial support for XenServer is available from Citrix.

Connect