Last week I had shared the following tweet ...
Just deployed the latest F@H @VMware Appliance using the new #vSphere7 Client 😊 pic.twitter.com/Rv0nFUZkb2
— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) April 1, 2020
Those with a keen eye quickly realized there was more to my tweet than meets the eye 😉 but the majority of folks quickly admitted they were fooled by the nice "April Fools" joke ... but was it really a joke?
Well, it yes and no. There is no "new" vSphere 7 C# Client (that was the actual April Fools joke) but there is a way to leverage the last version of the vSphere C# Client (6.0) to access previous releases including ESXi 6.7 but also latest ESXi 7.0 🙂 Before I go into more details, hopefully folks got a nice smile or even a laugh out of this. I thought this was something fun and "light" given the situation that we are all in right now and maybe a quick trip down memory lane for those that hate getting "white screen of death", I certainly do NOT miss the vSphere C# Client. To be honest, I just tried it on ESXi 7.0 only a few days prior and I had only shared with a couple of folks, so this was literally something I got working and was not something that I was actually planning for.
With that out of the way, let me clear up a few more things as I am sure folks will be asking and the answer is NO, we are NOT brining back the vSphere C# Client. The vSphere HTML5 UI is the only supported vSphere UI and has dramatically been improved in vSphere 6.7 and even more so with latest vSphere 7.0 release. If you are still having issues with specific scenarios, please work with your VMware account team and/or file a bug. I have also disabled comments as I suspect some folks will NOT carefully read the details and still ask about vSphere C# Client (sorry, you need to get over it).
Disclaimer: This is NOT supported by VMware, please do not ask about what works or what does not work. This is not meant for any real use other than for a nice joke or showing off to a colleague.
What I thought was really cool about this hack was less about being able to connect using the vSphere C# Client all these years later but rather the level of backwards comparability our vSphere APIs has had all these years. Many of the operations the vSphere C# Client uses such as powering on a VM or reconfiguring its disk and cpu has not changed much to affect older clients, that in itself was pretty awesome.
OK, so how did I get this black magic to work? Well, it involves two specific changes on an ESXi hosts:
- For those that can remember, when the vSphere C# Client first attempts to connect to to an ESXi host, it download a clients.xml file to help it determine if it needs to be updated. Since the last version of the vSphere C# Client is 6.0, we have to trick it into thinking our ESXi 7.0 or 6.7 host is actually 6.0 by update the clients.xml file. This idea came from a blog post I wrote about back in 2012 on blocking vSphere C# Client logins
- For this to work we must enable TLS 1.0 on the ESXi host, which has been disabled by default for quite some time and in vSphere 7.0, TLS 1.2 is on by default which the vSphere C# Client does not support. As you can see, we are purposely reducing the out of the box security that has been enabled for ESXi, this is another reason this is not recommended.
Disclaimer: This is NOT supported by VMware, please do not ask about what works or what does not work. This is not meant for any real use other than for a nice joke or showing off to a colleague. You have been warned again, but if you wish to try this out, at least do this in a test/dev environment and NOT production!
ESXi 7.0
Step 1 - SSH to ESXi host and edit /etc/vmware/rhttpproxy/config.xml and append <protocols>tls1.0,tls1.2</protocols> between the second set of ssl tags (between vmacore) which should look like the following:
<ssl> <doVersionCheck> false </doVersionCheck> <!-- allowed SSL/TLS protocol versions --> <protocols>tls1.0,tls1.2</protocols> <libraryPath>/lib/</libraryPath> <fips>true</fips> </ssl>
Step 2 - Restart the ESXi Reverse Proxy for the changes to go into effect by running the following command:
/etc/init.d/rhttpproxy restart
Step 3 - Download and upload the vghetto-not-april-fools-2020.vib to the intended ESXi host. In ESXi 7.0, additional security measures have been put in place to prevent users from modifying default system files like the clients.xml which we need to update as mentioned earlier. This custom VIB will simply replace the clients.xml and just modifies the exactVersion value (details can be see in the ESXi 6.7 instructions below). To install the VIB, just run the following command and a reboot is not required.
esxcli software vib install -v /vghetto-not-april-fools-2020.vib -f
If you want to remove this VIB, simply run the following command:
esxcli software vib remove -n vghetto-no-april-fools-2020
At this point you are now ready to dust off that old vSphere C# Client and connect to your ESXi 7.0 host
ESXi 6.7
Step 1 - SSH to ESXi host and edit /etc/vmware/rhttpproxy/config.xml and append <protocols>tls1.0,tls1.2</protocols> between the second set of ssl tags (between vmacore) which should look like the following:
<ssl> <doVersionCheck> false </doVersionCheck> <!-- allowed SSL/TLS protocol versions --> <protocols>tls1.0,tls1.2</protocols> <libraryPath>/lib/</libraryPath> <fips>true</fips> </ssl>
Step 2 - Restart the ESXi Reverse Proxy for the changes to go into effect by running the following command:
/etc/init.d/rhttpproxy restart
Step 3 - SSH to ESXi host and perform the following operations to update clients.xml file. If you do not wish to do this, you can leverage the Custom VIB in the ESXi 7.0 instructions which will accomplish the same behavior for ESXi 6.7.
cp /usr/lib/vmware/hostd/docroot/client/clients.xml /usr/lib/vmware/hostd/docroot/client/clients.xml.bak
Edit /usr/lib/vmware/hostd/docroot/client/clients.xml.bak and update the exactVersion tag with the value of 6.0.0 and save the file.
<exactVersion>6.0.0</exactVersion>
Run the following command to update the original clients.xml
mv /usr/lib/vmware/hostd/docroot/client/clients.xml.bak /usr/lib/vmware/hostd/docroot/client/clients.xml
At this point you are now ready to dust off that old vSphere C# Client and connect to your ESXi 6.7 host