WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple
You are here: Home / Automation / Quick Tip - vSphere MOB is disabled by default in ESXi 6.0

Quick Tip - vSphere MOB is disabled by default in ESXi 6.0

02.24.2015 by William Lam // 9 Comments

Yesterday, I noticed an interesting error when trying to connect directly to the vSphere MOB on an ESXi 6.0 host. The following error message was displayed on the browser:

503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x4bf02038] _serverNamespace = /mob _isRedirect = false _pipeName =/var/run/vmware/proxy-mob)

vsphere-6.0-mob-disable-0
This was the first time I had noticed this as I normally use the vSphere MOB for debugging purposes or exploring the vSphere API. The vSphere MOB is also a quick an handy way to unregister vSphere Plugins when connecting to vCenter Server.

I did some further investigation and it turns out that in vSphere 6.0, the vSphere MOB will be disabled by default on an ESXi 6.0 host. The reason for this is to provide security hardening out of the box for ESXi versus having an administrator harden after the fact. If you are familiar with the vSphere Security Hardening Guides, you will recall one of the guidelines is to disable the vSphere MOB on an ESXi host and with vSphere 6.0, this is now done automatically for you. This information will also be documented as part of the vSphere 6.0 documentation when it GAs.

If you still need to access the vSphere MOB on an ESXi how, this of course can be re-enabled from the default. There is also a new ESXi Advanced Setting called Config.HostAgent.plugins.solo.enableMob which easily controls whether the vSphere MOB is enabled or disabled as seen in the screenshot below.

vsphere-6.0-mob-disable-1
You have the option of using either the vSphere C# Client as shown in the screenshot above or the vSphere Web Client to configure the ESXi Advanced Setting:

vsphere-6.0-mob-disable-3
You can also configure this property using the vim-cmd in the ESXi Shell.

Listing the ESXi Advanced Setting using vim-cmd:

vim-cmd hostsvc/advopt/view Config.HostAgent.plugins.solo.enableMob

vsphere-6.0-mob-disable-2
Configuring the ESXi Advanced Setting to true:

vim-cmd hostsvc/advopt/update Config.HostAgent.plugins.solo.enableMob bool true

If you prefer to automate this using PowerCLI or vSphere API, this can also be done. Below are two examples using the Get-VmHostAdvancedConfiguration and Set-VMHostAdvancedConfiguration PowerCLI cmdlets.

Listing the ESXi Advanced Setting using PowerCLI:

Get-VMHost 192.168.1.200 | Get-VmHostAdvancedConfiguration -Name Config.HostAgent.plugins.solo.enableMob | Format-List

vsphere-6.0-mob-disable-4.png
Configuring the ESXi Advanced Setting to true:

Get-VMHost 192.168.1.200 | Set-VMHostAdvancedConfiguration -Name Config.HostAgent.plugins.solo.enableMob  -Value True

If you rely on using the vSphere MOB on ESXi and would like this to be your default, I would recommend you update either your ESXi Kickstart or Host Profile to include this additional configuration so that you do not get like I did 🙂 If you only need to use the vSphere MOB on occasion or do not have a use for it at all, then leaving the default is sufficient.

More from my site

  • How do you "log a reason" using PowerCLI when rebooting or shutting down ESXi host?
  • Identifying ESXi boot method & boot device
  • When to use Move-VM cmdlet vs xMove.ps1 script for performing Cross vCenter vMotions?
  • PowerCLI script to help correlate vCenter, ESXi & vSAN build/versions w/o manual VMware KB lookup
  • Cross vCenter Server operations (clone / migrate) between versions of vSphere 6.x

Categories // Automation, ESXi, vSphere 6.0 Tags // esxi, mob, vim-cmd, vSphere 6.0, vSphere API

Comments

  1. David Chung says

    02/24/2015 at 7:29 pm

    Thanks. This is very helpful.

    Reply
  2. ysrathore says

    02/25/2015 at 2:52 am

    Great tip. Thanks!!

    Reply
  3. Chris Chua says

    03/03/2015 at 3:36 pm

    Was just going through the hardening guide and saw the MOB item. One thing thing to worry about in 6. The PowerCLI that you show, I'm assuming that only works in 6?

    Reply
    • William Lam says

      03/03/2015 at 3:45 pm

      That's correct.

      Reply
  4. rdronov says

    05/03/2015 at 12:54 pm

    Hi William,

    After updating PSC to the latest patch, I've got this error when I try to access this node using HTTPS protocol:

    503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x7f326a5f8920] serverNamespace = / isRedirect = false _pipeName =/var/run/vmware/vpxd-webserver-pipe)

    It somehow looks similar to what you have here. Could you suggest how to troubleshoot this issue please?

    Reply
  5. Rogerio Carvalho says

    08/19/2015 at 7:15 pm

    Thanks by your article, it's small and fully functional!

    Reply
  6. Vittal M says

    02/13/2016 at 10:37 pm

    We need to harden 100's of ESXi. I wish the power CLI had worked on 5.5 🙁

    Reply
  7. Luis says

    04/04/2016 at 9:00 am

    I got error

    "Failed to login: Invalid response code: 503 Service Unavailable"

    when I execute

    vim-cmd hostsvc/advopt/update Config.HostAgent.plugins.solo.enableMob bool true

    command from direct SSH connection.

    Please, any help will be appreciated

    Reply
  8. Merle says

    09/12/2016 at 11:29 am

    PowerCLI C:\> Get-VMHost 192.168.1.10 | Get-VmHostAdvancedConfiguration -Name config.HostAgent.plugins.solo.enableMob | Format-List

    WARNING: Use Get-AdvancedSetting cmdlet instead.

    Name : Config.HostAgent.plugins.solo.enableMob
    Value : False

    Do you know what the correct syntax would be using the newer cmdlet?

    Reply

Thanks for the comment! Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • How to disable the Efficiency Cores (E-cores) on an Intel NUC? 03/24/2023
  • Changing the default HTTP(s) Reverse Proxy Ports on ESXi 8.0 03/22/2023
  • NFS Multi-Connections in vSphere 8.0 Update 1 03/20/2023
  • Quick Tip - How to download ESXi ISO image for all releases including patch updates? 03/15/2023
  • SSD with multiple NVMe namespaces for VMware Homelab 03/14/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023

 

Loading Comments...