Remove the ESXi web welcome screen (Method #3)
Created on: Jan 28, 2010 11:06 PM by lamw - Last Modified: Jan 28, 2010 11:44 PM by lamw
There is however, another method if you would like to walk down the fine line of unsupported ... which is fine since both methods described from above are through the means of editing files within the ESXi installer or in the unsupported Buysbox console.
I wanted to share a 3rd method that doesn't require editing files from the installer or using the Busybox console and restarting any services.
Here are the steps:
1. Here is a screen shot of ESXi 4.0 welcome screen
2. Point your browser over to the host's MOB (Managed Object Broswer)
3. Now insert this into the URL with your hostname:
https://esxi4-1.primp-industries.com/mob/?moid=ServiceInstance&method=retrieveInternalContent
This basically invokes the undocumented and hidden InternalContent and to execute the method, click on Invoke Method
4. Now you'll want to click on ha-proxy-service and you'll be brought to a screen which lists the various proxy end points. If you click into endpointList list, you'll see the first entry is for "/" which is for the index.html redirect for the welcome screen. We're basically going to remove this endpoint
5. Go back out to the main page of ha-proxy-service and click on RemoveEndpoint method and you'll get a pop up
6. No insert the following into the text box:
<endpoint xsi:type="ProxyServiceEndpointSpec">
<serverNamespace>/</serverNamespace>
<accessMode>httpsWithRedirect</accessMode>
</endpoint>
and then click Invoke Method which will then remove this endpoint and you'll see Method Invocation Result: void on the screen as the method does not return a value
7. Now if you point your browser back to ESXi host, you'll see that now you get a 404 error and the welcome screen is no longer available. This is also true for /ui and datastore browsing and host which is now also inaccessible but you still have access to the MOB URL and SDK which allows you to remotely manage your host using the APIs
Note: You should make a backup of your ESXi configuration ( esxcfg-cfgbackup ) before attempting this in case you run into any oddities.
says:
in response to: dconvery
I don't believe you can change the classic ESX splash screen (please refer to this thread: ). You could try messing around with "chvt" and virtual terminal 11 which is the one displaying the hostname/IP Address for ESX.
For ESXi, there is an advanced option that can be set to customize the DCUI message with any text you would like. Take a look at this script: updateDCUIBanner.pl
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/
Twitter: @lamw
vGhetto Script Repository
Getting Started with the vMA (tips/tricks)
Getting Started with the vSphere SDK for Perl
VMware Code Central - Scripts/Sample code for Developers and Administrators
VMware Developer Comuunity
If you find this information useful, please award points for "correct" or "helpful".
says:
in response to: lamw
The chvt method is what I usually recommend for ESX. The ESXi script is perfect. Thanks!
VMware vExpert 2009
http://www.dailyhypervisor.com
http://twitter.com/dconvery
Careful. We don't want to learn from this.
Bill Watterson, "Calvin and Hobbes"
I used this as a workaround for our Security Office's 'hardening standards' in reference to disabling HTTP/HTTPS access to the host.
I'm trying to upload an internally signed certificate, and using vifs fails, so I wrote a powershell script to use https put. However, since I removed the / as stated above, I get the 404 when trying to put the key into /host/sslkey.
I tried to reverse engineer this to add the endpoint back in, but I get:
Method Invocation Result: InvalidRequest
Name Type Value
dynamicProperty DynamicProperty[] Unset
dynamicType string Unset
faultCause MethodFault Unset
faultMessage LocalizableMessage[] Unset
I tried using, and several variations there of:
<endpoint xsi:type="ProxyServiceEndpointSpec">
<accessMode>httpsWithRedirect</accessMode>
<port>8309</port>
<serverNamespace>/</serverNamespace>
</endpoint>
I could do a reconfigure, but I've configured quite a bit already and don't want to start from scratch.
TIA!
Great work...AGAIN! Now on to bigger things. How about disabling the ESXi and ESX "home" screens or at least the Ip/hostname display for security?
Dave Convery, VCDXVMware vExpert 2009
http://www.dailyhypervisor.com
http://twitter.com/dconvery
Careful. We don't want to learn from this.
Bill Watterson, "Calvin and Hobbes"