Every now and then things you don't touch need correcting, including the vSphere vpxuser account. Rick Vanover shows how to reset this critical account's credentials.
One of the design elements of VMware vSphere is that between the host and the ESXi server, there is a special form of root-level communication without using the root account. The account is vpxuser, and is created when a host is inventoried into a vCenter Server for the first time.
Every now and then, an issue may happen where you lose connectivity of your ESXi host to your vCenter Server. Further, if you have to do additional tasks such as restore the vCenter database from an earlier point in time, the vpxuser may not operate as expected. This is because part of the design is to have the vpxuser automatically change the password used to communicated between vCenter and the ESXi host.When this happens, the rather scary sounding message of logins not being able to be completed may come up, such as what is shown in Figure A below:
An ESXi host is disconnected due to an invalid vpxuser account. Click to enlarge.
Have no fear! The fix is easy; we can reset communication to an ESXi host yet still maintain all of the important configuration. This includes things like resource pools on the host, any object configuration that is set for the host on vCenter, and of course, VM reference ID configuration (for permissions and other configuration).
The key to getting out of this jam is the Disconnect option. This will tell vCenter to stop trying to communicate with this host, and then we will turn around and actively try to reconnect to it. To reset the vpxuser account, simply disconnect the host from the vCenter Server within the vSphere Client and then reconnect it.
You will then be prompted to provide the root credentials, which in turn re-creates the vpxuser password and account for the host. Other steps happen in this process, but it is the most easy escape route from this seemingly problematic situation. Before you go through this route of remedy, make sure you have the root account for the ESXi host. You can test this by logging into the vSphere Client directly to the host with the root account. You can also check VMware KB 1003870 for more information on troubleshooting the invalid password situation.
How do you manage vpxuser account issues? Share your tricks below.