Remove the ESXi web welcome screen (Method #3)

Remove the ESXi web welcome screen (Method #3)

Mr. Duncan Epping had an interesting post about removing the ESXi welcome screen and while reading the comments, I noticed Maish's comment regarding another method of removing the ESXi welcome screen along with other services.

There is however, another method if you would like to walk down the fine line of unsupported ... which is fine since both methods described from above are through the means of editing files within the ESXi installer or in the unsupported Buysbox console.

I wanted to share a 3rd method that doesn't require editing files from the installer or using the Busybox console and restarting any services.

Here are the steps:

1. Here is a screen shot of ESXi 4.0 welcome screen

2. Point your browser over to the host's MOB (Managed Object Broswer)

3. Now insert this into the URL with your hostname: 

https://esxi4-1.primp-industries.com/mob/?moid=ServiceInstance&method=retrieveInternalContent

This basically invokes the undocumented and hidden InternalContent and to execute the method, click on Invoke Method

4. Now you'll want to click on ha-proxy-service and you'll be brought to a screen which lists the various proxy end points. If you click into endpointList list, you'll see the first entry is for "/" which is for the index.html redirect for the welcome screen. We're basically going to remove this endpoint

5. Go back out to the main page of ha-proxy-service and click on RemoveEndpoint method and you'll get a pop up

6. No insert the following into the text box:

<endpoint xsi:type="ProxyServiceEndpointSpec">
  <serverNamespace>/</serverNamespace>
  <accessMode>httpsWithRedirect</accessMode>
</endpoint>

and then click Invoke Method which will then remove this endpoint and you'll see Method Invocation Result: void on the screen as the method does not return a value

7. Now if you point your browser back to ESXi host, you'll see that now you get a 404 error and the welcome screen is no longer available. This is also true for /ui and datastore browsing and host which is now also inaccessible but you still have access to the MOB URL and SDK which allows you to remotely manage your host using the APIs

Note: You should make a backup of your ESXi configuration ( esxcfg-cfgbackup ) before attempting this in case you run into any oddities.

0 Kudos
Comments
dconvery
‎01-29-2010 04:51 AM
‎01-29-2010 04:51 AM

Great work...AGAIN! Now on to bigger things. How about disabling the ESXi and ESX "home" screens or at least the Ip/hostname display for security?

Dave Convery, VCDX

VMware vExpert 2009

http://www.dailyhypervisor.com

http://twitter.com/dconvery

Careful. We don't want to learn from this.

Bill Watterson, "Calvin and Hobbes"

lamw
‎01-30-2010 06:18 PM
‎01-30-2010 06:18 PM

I don't believe you can change the classic ESX splash screen (please refer to this thread: ). You could try messing around with "chvt" and virtual terminal 11 which is the one displaying the hostname/IP Address for ESX.

For ESXi, there is an advanced option that can be set to customize the DCUI message with any text you would like. Take a look at this script:

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

Twitter: @lamw

vGhetto Script Repository

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

If you find this information useful, please award points for "correct" or "helpful".

dconvery
‎01-31-2010 05:54 AM
‎01-31-2010 05:54 AM

The chvt method is what I usually recommend for ESX. The ESXi script is perfect. Thanks!

Dave Convery, VCDX

VMware vExpert 2009

http://www.dailyhypervisor.com

http://twitter.com/dconvery

Careful. We don't want to learn from this.

Bill Watterson, "Calvin and Hobbes"

cougar694u
‎04-30-2010 04:31 PM
‎04-30-2010 04:31 PM

I used this as a workaround for our Security Office's 'hardening standards' in reference to disabling HTTP/HTTPS access to the host.

I'm trying to upload an internally signed certificate, and using vifs fails, so I wrote a powershell script to use https put. However, since I removed the / as stated above, I get the 404 when trying to put the key into /host/sslkey.

I tried to reverse engineer this to add the endpoint back in, but I get:

Method Invocation Result: InvalidRequest

Name Type Value

dynamicProperty DynamicProperty[] Unset

dynamicType string Unset

faultCause MethodFault Unset

faultMessage LocalizableMessage[] Unset

I tried using, and several variations there of:

I could do a reconfigure, but I've configured quite a bit already and don't want to start from scratch.

TIA!

learner323
‎03-22-2011 09:36 AM
‎03-22-2011 09:36 AM

Yes. I had get the same problem(404 prompted when using CLI).

And I want to know if there are any methods to restore it?

Thanks.

PuavoPers
‎10-02-2011 09:35 AM
‎10-02-2011 09:35 AM

edit /etc/vmware/hostd/proxy.xml

change the line

<_length>9</_length>

to add one to the number (your value may be different)

then add to the end of the list before </EndpointList>

<e id="9">

  <_type>vim.ProxyService.LocalServiceSpec</_type>

  <accessMode>httpsWithRedirect</accessMode>

  <port>8039</port>

  <serverNameSpace>/</serverNameSpace>

</e>

and the id value should be the _length value minus one (or the same number that was in the _length originally)

have fun

Version history
Revision #:
1 of 1
Last update:
‎01-28-2010 11:06 PM
Updated by:
Community Manager
 
View Article History