jvm2016
Hot Shot
Hot Shot

stopping cim agent on esxi

Jump to solution

Hi Luc,

we need to disable cim agent on all esxi in vcenter .if yu can check attached script and suggest if any modification needed.

do we need to block the ports also in security profile of esxi .if yes what additional code to be added.

 

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

You could do something like this

Get-VMHost -PipelineVariable esx |
    ForEach-Object -Process {
        $esxcli = Get-EsxCli -VMHost $esx -V2
        $esxcli.network.firewall.ruleset.list.Invoke() |
            where { $_.Name -match "^CIM" -and $_.Enabled -eq 'true' }
            ForEach-Object -Process {
                $esxcli.network.firewall.ruleset.set.Invoke(@{
                        enabled   = $true
                        rulesetid = $_.Name
                    })
            }
        }


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
4 Replies
LucD
Leadership
Leadership

I would also use a Set-VMHostService cmdlet to set the policy for that service to 'Off".

You should also have a look at KB1025757.
Unless you run the chkconfig command on the ESXi node, the change will not be persistent across reboots of the ESXi node.

You can eventually block FW ports, but the CIM service would still be running.
To block the ports, you can use the Get-EsxCli cmdlet.
The command is under $esxcli.network.firewall.ruleset

For the required ports have a look at Incoming and Outgoing Firewall Ports for ESXi Hosts


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Tags (1)
0 Kudos
jvm2016
Hot Shot
Hot Shot

i am turning off the policy also .however what method should i use to disable firewall ruleset for "cimhttpserver","cimhttpsserver","cimslp"

powercli version is 11.5

jvm2016_0-1614742553638.png

 

0 Kudos
LucD
Leadership
Leadership

You could do something like this

Get-VMHost -PipelineVariable esx |
    ForEach-Object -Process {
        $esxcli = Get-EsxCli -VMHost $esx -V2
        $esxcli.network.firewall.ruleset.list.Invoke() |
            where { $_.Name -match "^CIM" -and $_.Enabled -eq 'true' }
            ForEach-Object -Process {
                $esxcli.network.firewall.ruleset.set.Invoke(@{
                        enabled   = $true
                        rulesetid = $_.Name
                    })
            }
        }


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
jvm2016
Hot Shot
Hot Shot

ok thnaks.

0 Kudos