Skip to content

vCenter Server 7.0 Tips and Tricks

In vSphere 7.0, the Windows-based vCenter Server is finally gone. Time to move forward and get in touch with the Linux based Photon OS. The following tips and tricks might come handy when working with the vCenter Server Appliance 7.0:

  • Enable SSH
  • File Transfer with SCP/SFTP
  • Public Key Authentication
  • Disable or Increase Shell Session Timeout
  • Password expiration
  • Reset vCenter Server Appliance 6.7 root password
  • Create a Backup Job
  • Remove Certificate Warnings (Root CA)
  • Install Additional Software
  • VMware Datacenter CLI (DCLI)
  • Run Docker Containers

Enable SSH

For troubleshooting vCenter and ESXi hosts, SSH is essential. SSH access to the vCenter Server Appliance is disabled by default but can be activated during the deployment wizard. When the vCenter is already deployed you can enable SSH in the "Appliance Management".

Appliance Management (https://[VCENTER]:5480/) > Access > Edit > Enable SSH Login

After connecting to the vCenter with SSH you see the proprietary Appliance Shell. To open the fully-featured Bash, just type "shell".

File Transfer with SCP/SFTP

To transfer files between your PC and the vCenter Appliance you typically use WinSCP or similar tools. This does not work out of the box because the default shell for the root user has been configured to Appliance Shell instead of Bash. When you use WinSCP to connect to the vCSA, the following error is displayed:

Received too large SFTP packet. Max supported packet site is 1024000 B.
Cannot initialize SFTP Protocol. Is this host running an SFTP Server?

To be able to connect with WinSCP, the default shell has to be configured to /bin/bash:

# chsh -s "/bin/bash" root

If you want to revert this change later and reactivate the Appliance Shell, change the default shell back to /bin/appliancesh:

# chsh -s /bin/appliancesh root

Public Key Authentication

When working with Linux you typically use SSH keys instead of passwords to log in. Public Key authentication is an authentication method that relies on a generated public/private key pair and enables the login without entering a password. If you are not familiar with SSH Public Key Authentication, read this post where I am explaining the basics.

The vCenter Appliance already has a preconfigured authorized_keys file. Just add your key to the file by editing it with vi, or with echo/pipe:

# echo "ssh-rsa AAAAB[....] fgrehl" >> /root/.ssh/authorized_keys

Now you should be able to connect to the vCenter Appliance with your key. Please note that you can't use the Appliance Shell when you log in using an ssh key, so make sure to change the shell to bash:

# chsh -s "/bin/bash" root

Disable or Increase Shell Session Timeout

As a security feature, you are automatically logged out after being inactive for 15 minutes. You can view the current configuration with echo $TMOUT. The value is in seconds (900 seconds = 15 minutes):

# echo $TMOUT

The variable has been configured to be readonly, so you can't change it while you are logged in:

# echo $TMOUT
# TMOUT=1000
bash: TMOUT: readonly variable

To change the timeout, modify the profile configuration in /etc/profile.d/

  1. Open /etc/profile.d/ with an editor
  2. change the line TMOUT=900 to the desired value
  3. Save and close the file
  4. Log out and log back in

If you want to completely disable session timeout, delete the script:

# rm /etc/profile.d/

Password expiration

There are two authentication sources where passwords are configured to expire by default. The root user configured in the Appliance Management and all SSO users expire after 90 days. This behavior can be configured:

Root password:
Appliance Management (https://[VCENTER]:5480/) > Administration > Password expiration settings

SSO Users (eg. administrator@vsphere.local):
vSphere Client > Administration > Single Sign-On > Configuration > Local Accounts
Change the Maximum lifetime value


Reset vCenter Server Appliance 7.0 root password

The following method provides steps to recover the vCenter Server Appliance (vCSA) root password. The process is identical in vCenter 6.5, 6.7, and 7.0. The method is officially supported by VMware and documented in KB2147144.

  1. Take a snapshot of the vCSA to be able to roll back in case of any problems during password recovery.
  2. Connect to the ESXi Host that runs the vCSA and open a remote console.
  3. Reboot the vCSA
  4. Press e immediately after the system starts (When the Photon screen shows up)
  5. Append rw init=/bin/bash to the line starting with linux

  6. Press F10 to boot
  7. In the command prompt, enter passwd and enter a new root password twice
  8. Enter umount / to unmount the root filesystem
  9. Reboot the vCSA by running the command reboot -f
  10. Verify that you can log in with the new root password and delete the snapshot created in step 1.

Create a Backup Job

Don't forget to backup your vCenter Server Appliance. The Appliance has an embedded backup scheduler that allows you to create backups without 3rd party tools:

Open Appliance Management (https://[VCENTER]:5480/) and navigate to Backup > Configure
Configure a backup target (FTP, FTPS, HTTP, HTTP or SCP), the backup schedule and a retention policy.

 Certificate Warning

To get rid of browser security certificate warnings you have to add the VMCA Root certificate to your local Trusted Root Certificate store. You can download the certificate from the vCenter Website:

  1. Right-Click "Download trusted root CA certificates" > Save link as...
  2. Unzip
  3. Open the included \certs\win\ directory
  4. Double-click the .crt file
  5. Select Install Certificate... > Current User > Place all certificates in the following store > Browse > Trusted Root Certification Authorities
  6. Finish the wizard

Install Additional Software (eg. PowerShell)

You can install additional software on the vCenter Appliance. Be careful as it might result in an unsupported stat when you install additional software without been advised by VMware GSS. Install additional software with the tdnf package manager. Use tdnf list to list available packages or tdnf search [package] to search for specific packages. You can install PowerShell for example:

# tdnf search powershell
powershell : PowerShell is an automation and configuration management platform.
# tdnf install powershell -y

userspace-rcu                        x86_64             0.10.1-1.ph3             photon             638.89k 654221
zlib-devel                           x86_64             1.2.11-1.ph3             photon             274.67k 281264
lttng-ust                            x86_64             2.10.2-2.ph3             photon               1.11M 1161968
icu                                  x86_64             61.1-1.ph3               photon              31.02M 32523835
powershell                           x86_64             7.0.0-1.ph3              photon-updates     118.37M 124118764

Total installed size: 151.39M 158740052

userspace-rcu                           181074    100%
zlib-devel                              107545    100%
lttng-ust                               377915    100%
icu                                   12956251    100%
powershell                            45304533    100%
Testing transaction
Running transaction
Installing/Updating: icu-61.1-1.ph3.x86_64
Installing/Updating: zlib-devel-1.2.11-1.ph3.x86_64
Installing/Updating: userspace-rcu-0.10.1-1.ph3.x86_64
Installing/Updating: lttng-ust-2.10.2-2.ph3.x86_64
Installing/Updating: powershell-7.0.0-1.ph3.x86_64

root@vcenter [ ~ ]# pwsh
PowerShell 7.0.0
Copyright (c) Microsoft Corporation. All rights reserved.
Type 'help' to get help.

PS /root> 

VMware Datacenter CLI (DCLI)

VMware's Datacenter Command-Line Interface (DCLI) is a powerful but widely unknown feature. DCLI uses the vSphere REST API to provide an interactive and scriptable mode to monitor and manage all features made available to the REST-API.

Start the interactive mode with dcli +i and start typing to see possible commands:


# dcli +i
Welcome to VMware Datacenter CLI (DCLI)


To auto-complete and browse DCLI namespaces:   [TAB]
If you need more help for a command:           vcenter vm get --help
If you need more help for a namespace:         vcenter vm --help
To execute dcli internal command: env
For detailed information on DCLI usage visit:

dcli> appliance system version get
summary: Patch for VMware vCenter Server 7.0.0
install_time: 2020-04-02T12:29:10.005Z
product: VMware vCenter Server Appliance
build: 16386292
releasedate: June 23, 2020
type: vCenter Server with an embedded Platform Services Controller
dcli> com vmware vcenter vm list
|memory_size_MiB|vm     |name              |power_state|cpu_count|
|512            |vm-1001|vy                |POWERED_ON |1        |
|12288          |vm-1003|vcenter.virten.lab|POWERED_ON |2        |
|16384          |vm-1016|nsx1.virten.lab   |POWERED_ON |4        |

If you already the resource to pull you can run dcli in scripted mode:

# dcli com vmware vcenter vm list
|memory_size_MiB|vm     |name              |power_state|cpu_count|
|512            |vm-1001|vy                |POWERED_ON |1        |
|12288          |vm-1003|vcenter.virten.lab|POWERED_ON |2        |
|16384          |vm-1016|nsx1.virten.lab   |POWERED_ON |4        |

Run Docker Containers

You can run Docker containers on the vCenter Appliance. See Docker Hub for available Container Images.

  1. Install Docker
    # tdnf -y install docker
  2. Start Docker and load Kernel Bridge Modules
    # systemctl enable docker
    # insmod /usr/lib/modules/$(uname -r)/kernel/net/bridge/bridge.ko.xz
    # systemctl start docker

    If you get an error, try replacing "bridge.ko.xz" with "bridge.ko".

  3. Pull a Docker Image
    # docker pull vmware/powerclicore
  4. Start a Docker Container
    # docker run --rm -it vmware/powerclicore

4 thoughts on “vCenter Server 7.0 Tips and Tricks”

  1. Trying to disable the root password expiration on vcs 7, following your instructions in the appliance, there's no "Administration" section to navigate to.

Leave a Reply

Your email address will not be published. Required fields are marked *