During the deployment of the VMware Cloud Foundation 9.0 installer, you configure the password for both the root user and the local user. Usually, the wizard asks for specific users like root, admin, or audit, but in this case, it only asks for the “local user” password. When you look closer at the description of the local user password, you would realize that the password will be set for admin@local and vcf users. After installing the VCF Installer, the admin@local account will be used for logging into the web interface, and the vcf account will be used for SSH access to the VCF Installer.

.

In this blog post, I explain how to reset the password of the admin@local user account on the VCF 9.0 Installer.

After helping customers with the VCF 9.0 bring-up, we came across a few occasions where our customer needed to reset the password for the admin@local account. There is documentation available regarding the password reset for the root and vcf accounts, but not for the admin@local user. You might be surprised why the official documentation I linked refers to SDDC Manager, but let me explain.

If you went through the VCF Installation, you also figured out the name of the OVF appliance starting with VCF-SDDC-Manager, which could be a bit misleading, but also shows that the VCF installer uses the same platform as SDDC Manager. To give you a little bit more background information, there are two deployment options available for the VMware Cloud Foundation (VCF) Installer:

1. Deploy the VCF Installer outside the four ESXi hosts intended for the management domain. This is the preferred option, as it allows you to preserve the installer VM for future use—including additional VCF or VVF deployments. In this scenario, the installer remains a reusable tool.
   
2. Deploy the VCF Installer directly on the first of the four ESXi hosts that will become part of the management domain. This option is suitable if you do not have additional infrastructure available. However, once deployment begins, the VCF Installer VM is converted into the SDDC Manager, making it unavailable for reuse in future implementations. This is also why the user interface and structure of the VCF Installer closely resemble that of the SDDC Manager.

Some community blog posts explain how to reset the admin@local user on the SDDC Manager, but since they didn’t directly refer to the VCF 9.0 Installer, our customers were hesitant to follow the instructions. This is why I decided to write this blog post about the procedure we tested, and it was successful!

First, take a snapshot of the VCF Installer in case something goes wrong, then you will have a restore point.

After taking a snapshot from VCF Installer, log in to the installer through SSH and log in with the vcf user account. Then run su to elevate privileges to root and run the following commands:

mkdir -p /etc/security/local
chown root:vcf_services /etc/security/local
chmod 650 /etc/security/local
echo -n "" > /etc/security/local/.localuserpasswd
chown root:vcf_services /etc/security/local/.localuserpasswd
chmod 660 /etc/security/local/.localuserpasswd

Then, set the new password for the admin@local account using the command below. I used VMware123@VCF as an example; please replace that section with your password.

echo -n 'VMware123@VCF' | openssl dgst -sha512 -binary | openssl enc -base64 | tr -d '\n' > /etc/security/local/.localuserpasswd

Finally, run the command below to restart the VCF Installer services so that the password change takes effect.

/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh

After the services start successfully, you can log in to VCF Installer with the new password.