Removing Tech Support & ESXi Shell Host Warnings on vSphere 4.1u2 or Later

Now that ESX 4.1 update 2 is out, I’d imagine a number of people are in for a fun surprise when they see the host bangs (yellow caution signs) stating that Remote Tech Support is enabled. Previously, the solution to this was to restart the host management agents (or just reboot the host) and the message would go away. However, 4.1 update 2 has borrowed the method used by vSphere 5 in setting a special variable on the host to disable the warning messages. This post contains two methods for changing the variable – using the vSphere Client (GUI) or a quick PowerCLI script.

Disabling Warnings in vSphere Client

First off, there is a KB article describing the change that can be found here. The steps needed to make the change are pretty straightforward and take place immediately – no need to reset or reboot anything.

First, choose a host from the Hosts and Clusters view of the vSphere Client. Then, click on the Configuration tab, choose Advanced Settings (under the Software section), find the UserVars entry in the list, then scroll all the way to the bottom and locate the UserVars.SuppressShellWarning setting and change it to 1.

There you have it. In a few seconds the host warning will go away, and you’re all set.

If you only have a few hosts this method is sufficient. However, this would be extremely painful for several hosts, which brings us to …

Disabling Warnings in PowerCLI

This is the easy and fun way to make changes! If you don’t use the PowerCLI (PowerShell) then now is a great time to learn – this change is easy to make.

Note: This is assuming you have installed PowerCLI and are at the prompt.

First, connect to your vCenter Server using the command:

Connect-VIServer your.vcenter.server

Next, you have the choice of either getting the advanced configuration information or setting it.

Get-VMHostAdvancedConfiguration -VMHost -Name UserVars.SuppressShellWarning
Set-VMHostAdvancedConfiguration -VMHost -Name UserVars.SuppressShellWarning -Value 1

You can also use a wildcard for the -VMHost entry (such as * for all hosts). For example, this will set the value to 1 for all hosts:

Set-VMHostAdvancedConfiguration -VMHost * -Name UserVars.SuppressShellWarning -Value 1

There you have it!

[symple_box color=”black” fade_in=”false” float=”center” text_align=”left” width=””]You can find all of my various PowerShell scripts in my GitHub repository[/symple_box]

Thoughts (Including Security!)

I don’t find a lot of value in the warning message, so I set the configuration value immediately on my lab hosts. Prior to 4.1 update 2 I would just run the management agent reset command right after turning on SSH. Gabe (from Gabe’s Virtual World) made an excellent point about the security considerations of leaving SSH access enabled, and stresses that disabling the warning is something recommended for non production hosts.

There are only a few, mostly troubleshooting, situations where you really need this kind of access, everything else is done through vCenter, PowerShell or vMA. So when someone enables SSH or Shell access I want every VMware admin in my group to see this and ask him what he is doing. When working at the shell, it is also easy to forget to disable it again after you’re done. In that case the warning is a nice reminder.

Additionally, if you are interested in the reset command:

/etc/init.d/hostd restart