To resolve this issue, disable the Web Access login page for an ESXi 5.x, ESXi/ESX 4.x, or 3.5 host in a security hardened environments.
Note: These changes do not persist after a reboot on ESXi 5.5 prior to Update 2. For more information, see:
Note: VMware recommends that you take a text backup of the ESXi/ESX host web access configuration before modifying it. The backup may be useful if you want to re-enable these features in the future.
To back up the web access configuration, run these commands:
- ESX 3.x, 4.x:
vmware-vim-cmd proxysvc/service_list
- ESXi 3.x, 4.x, 5.x, and 6.0:
vim-cmd proxysvc/service_list
Note: These procedures require that you connect to the ESXi/ESX host directly, either through a remote KVM or an SSH session.
For more information on making these connections, see:
To disable the Web Access login page:
Caution: VMware recommends that you do not disable the Web Access login page on ESXi 5.0 prior to Update 2, as it breaks vSphere HA and log collections, and error messages collected by the MOB over port 443.
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 3.5, 4.0:
vmware-vim-cmd proxysvc/remove_service "/ui" "httpsWithRedirect"
- ESXi 3.x, 4.x, 5.x:
vim-cmd proxysvc/remove_service "/ui" "httpsWithRedirect"
To re-enable the Web Access login page:
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 3.5:
vmware-vim-cmd proxysvc/add_tcp_service "/ui" httpsWithRedirect localhost 8080
- ESX 4.x:
vmware-vim-cmd proxysvc/add_tcp_service "/ui" httpsWithRedirect localhost 8308
- ESXi 4.x and ESXi 5.x:
vim-cmd proxysvc/add_tcp_service "/ui" httpsWithRedirect localhost 8308
To disable an ESXi/ESX host's Managed Object Browser (MOB):
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 4.x:
vmware-vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"
- ESXi 4.x, 5.x, and 6.0:
vim-cmd proxysvc/remove_service "/mob" "httpsWithRedirect"
Notes:
- You may have cached information in your web browser.
-
In vSphere 6.0, the Advanced System Setting Config.HostAgent.plugins.solo.enableMob is used to enable or disable the MOB. This variable also exists in vSphere 5.5, but it is read only and cannot be used to enable or disable the MOB. If you disable the MOB on an ESXi 5.5 host using the steps above, the value of the Config.HostAgent.plugins.solo.enableMob variable remains true.
To re-enable an ESXi/ESX host's Managed Object Browser (MOB):
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 4.x:
vmware-vim-cmd proxysvc/add_np_service "/mob" httpsWithRedirect /var/run/vmware/proxy-mob
- ESXi 4.x, 5.x, and 6.0:
vim-cmd proxysvc/add_np_service "/mob" httpsWithRedirect /var/run/vmware/proxy-mob
To disable the Host Welcome login web page:
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 4.x:
vmware-vim-cmd proxysvc/remove_service "/" "httpsWithRedirect"
- ESXi 4.x, ESXi 5.x, ESXi 6.0:
vim-cmd proxysvc/remove_service "/" "httpsWithRedirect"
Note:
- Running this command in-turn disables the Datastore Browser as well.
- This does not disable vSphere Web Services SDK. See vmware-vim-cmd proxysvc/service_list .
To re-enable the Host Welcome login web page:
- Connect to the ESXi/ESX host directly.
- Run these commands:
- ESX 3.5:
vmware-vim-cmd proxysvc/add_np_service "/" httpsWithRedirect /var/run/vmware/proxy-webserver
- ESX 4.x:
vmware-vim-cmd proxysvc/add_tcp_service "/" httpsWithRedirect localhost 8309
- ESXi 4.x, ESXi 5.x and ESXi 6.0:
vim-cmd proxysvc/add_tcp_service "/" httpsWithRedirect localhost 8309
Note: Running this command in-turn enables the
Datastore Browser as well.