Things XenServer

Dedicated to sharing what I know, promoting virtualization, and sharing in on the excitement!

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Resetting Lost Root Password in XenServer 6.2

Posted by on in Guides
  • Font size: Larger Smaller
  • Hits: 3249
  • 5 Comments
  • Subscribe to this entry
  • Print

The Situation

Bad things can happen... badly.  In this case the root password to manage a XenServer (version 6.2) was... lost.

Physical or remote login to the XenServer 6.2 host failed authentication, naturally, and XenCenter had been disconnected from the host: requiring an administrator to provide these precious credentials, but in vein.

An Alternate Situation

Had XenCenter been left open ( offering command line access to the XenServer host in question) the following command could have been used from the XenServer's command line as to initiate a root password reset:

passwd

Once the root user's password has been changed the connection to the host from XenCenter to the XenServer host will need to be reestablished: using the root username and "new" password.

Once connected the remainder of this article becomes irrelevant otherwise you may very well need to...

Boot into Linux Single User Mode

Be it forgetfulness, change of guard, another administrator changing the password, or simply a typo in company documentation, the core problem being address via this post is that one cannot connect to XenServer 6.2 as the root password is... lost or forgotten.

As a secondary problem, one has lost patience and has obtained physical or iLO/iDRAC access to the XenServer in question, but still the root password is not accepted:

 

The Shortest Solution: Breaking The Law of Physical Security

I am not encouraging hacking, but that physical interaction with the XenServer in question and altering the boot to "linux single user mode" is the last solution to this problem.  To do this, one will need have/understand:

  • Physical Access, iLO, iDRAC, etc
  • A rebooted of the XenServer in question will be required

With disclaimers aside I now highly recommend reading and reviewing the steps outlined below before going through the motions. 

Some steps are time sensitive, so being prepared is merely a part of the overall pla.

  1. After gaining physical or iLO/iDRAC access to the XenServer in question, reboot it!  With iLO and iDRAC, there are options to hard or soft reset a system and either option is fine.
  2. Burn the following image into your mind for after the server reboots and runs through hardware BIOS/POST tests, you will see the following for 5 seconds (or so):
  3. Immediately grab the keyboard and enter the following:
    menu.c32 (press enter)
  4. The menu.c32 boot prompt will appear and again, you will only have 5 or so seconds to select the "XE" entry and pressing tab to edit boot options:
  5. Now, at the bottom of the screen one will see the boot entry information.  Don't worry, you have time so make sure it is similar to the following:
  6. Near the end of the, one should see "console=tty0 quiet vga=785 splash quiet": replace "quiet vga=785 splash" with "linux single".  More specifically - without the quotes - such as:
    linux single
  7. With that completed, simply press enter as to boot into Linux's single user mode.  You should eventually be dropped into a command line prompt (as illustrated below):
  8. Finally, we can reset the root password to something one can remember by executing the Linux command:
    passwd

  9. When prompted, enter the new root user password: you will be asked to verify it and upon success you should see the following:
  10. Now, enter the following command to reboot the XenServer in question:
    reboot
  11. Obviously, this will reboot the XenServer as illustrated below:
  12. Let the system fully reboot and present the xsconsole.  To verify that the new password has taken affect, select "Local Command Shell" from xsconsole.  This will require you to authenticate as the root user:
  13. If successful you will be dropped to the local command shell and this also means you can reconnect and manage this XenServer via XenCenter with the new root password!
Tagged in: how-to info
@xenfomation Born an artist, I subsequently made that my hobby for my passions in programming, troubleshooting, emulation, and virtualization were in much higher demand. A former IBM developer - among many other things - life at Citrix always stokes the fires to help clients, collaborate with my colleagues, and overall... achieve only success!

Comments

  • Davide Poletto
    Davide Poletto Saturday, 12 July 2014

    Basically it's a matter of entering in Linux Single User mode to (re)initialize root's password before XenServer starts its boot procedure.

    Just noted that you wrote "menu.32 (press enter)" on Step 3 but the command that should be entered at boot console is menu.c32 instead (as per successive screenshots provided) so, maybe, please correct that tiny initial typo.

    Then in Step 6, IMHO, should be bettera wording like "replace quiet vga=785 splash with linux single option" keeping the remaining other options unchanged or, at least, something more articulated like "delete everything between console=tty0 and --- /boot/initrd-2.6-xen.img in order to add the linux single option".

    I personally prefer the first version. It's concise enough and don't let user to misunderstood what they should replace without saying anything like "before this/after that/between this and that".

  • Davide Poletto
    Davide Poletto Saturday, 12 July 2014

    Basically it's a matter of entering in Linux Single User mode to (re)initialize root's password before XenServer starts its boot procedure.

    Just noted that you wrote "menu.32 (press enter)" on Step 3 but the command that should be entered in the boot console is menu.c32 instead (as per successive provided screenshots) so, maybe, please correct that tiny typo.

    In Step 6, IMHO, should be better a wording like "replace quiet vga=785 splash with linux single option" keeping the remaining boot options unchanged or, at least, write something more articulated like "delete every option that is between console=tty0 and --- /boot/initrd-2.6-xen.img in order to add the linux single option".

    I prefer the first version. It's more concise and it doesn't let the user to misunderstood (whit instructions containing words like "before/after/between") what they should do.

    Nice post!

    Reply Cancel
  • JK Benedict
    JK Benedict Wednesday, 16 July 2014

    Davide,

    Thanks for the feedback: it is greatly appreciated.

    Sincerely,
    --jkbs
    @xenfomation

    Reply Cancel
  • Tobias Kreidl
    Tobias Kreidl Saturday, 12 July 2014

    Great article, Jesse, and thank you for sharing something that many of us have run into at one time or another!

    Another option -- once you have entered "menu.c32" after the "linux boot:" prompt (for which you are only given a couple of seconds) -- is that in editing the "xe" entry, you can just add "single" after the "vga=785" token and the server will come up in single user mode. This will not give you much functionality, but enough to be able to issue the "password" command and reset your root password.

    Sometimes you will run into a strange situation where you have errors that prevent a successful boot, such as one case we encountered with multiple error messages like "Asking for cache data failed" and numerous lines similar to "Buffer I/O error on device sdc, logical block 0" and the same error for many other devices (sdd, sde, etc.). In this case, when the XenServer console gets to the point where it says "welcome to XenServer, press 'I' to enter interactive startup," you hit "I" and when prompted for which services to run, you carefully say "Y" to all questions until you reach "attach-static-vdis" to which you reply "N", and then you can hit "C" to continue without further prompts. This will at least allow you to get to a shell prompt and further investigate what the issue may be. Other situations may require judgement as to what service to run or not, but the concept is the same.

    Again, many thanks for documenting scenarios like these that are particularly useful to those who do not deal with Linux at this sort of level on any regular basis and which are lifesavers when you encounter a bad situation like this. For example, many of us have heard of XenServer sys admins having to take over XenServers in situations where their predecessors left no information on the server passwords, so this would be the way to salvage that situation.

    -=Tobias

    Reply Cancel
  • JK Benedict
    JK Benedict Wednesday, 16 July 2014

    Tobias!

    Thank you, sir as well as your continued support, annotation, and alternative routes to benefit us all!

    --jkbs
    @xenfomation

Leave your comment

Guest Thursday, 02 October 2014

About XenServer

XenServer is the leading open source virtualization platform, powered by the Xen hypervisor. It is used in the world's largest clouds and enterprises.
 
Commercial support for XenServer is available from Citrix.

Connect