Taking a look at the "hidden" VMware ESXi Server console. There are certain troubleshooting and special configuration commands that can only be accessed from this console.
Introduction
With the full version of VMware ESXi Server, that has been available for years, there is a special “virtual machine” that runs a modified version of Red Hat Linux Enterprise. That special VM is called the service console and is used to administer the ESX host system.
With the free VMware ESXi Server, that service console has been removed. There are many benefits to this – less overhead, fewer patches, and greater security. With ESXi, the “console” is a simple yellow and black menu driven text interface with only the most basic options. However, ESXi actually has an extremely thin linux-based console that can be accessed.
Officially, VMware says that you should administer your ESXi server using either the GUI VI Client or the CLI VMware RCLI. Thus, if you want to perform commands and scripting on your ESXi server, you need to install the remote command line interface on your Windows PC.
However, there is another CLI interface for ESXi that can be used to run commands directly on the server. This is in contrast to RCLI where the command is run on your local management PC and connects to the ESXi host over the network. The difference is that with RCLI, you cannot, say, edit a remote file as you could do if you were using the traditional ESX Server service console.
Thus, the only way to edit a file like /etc/hosts or /etc/inetd.conf is to access this hidden & unsupported thin linux interface and edit these files with vi. Also, with the ESXi hidden console, you can run commands like esxtop, esxcfg-route, and vmkfstools.
How do I access the VMware ESXi hidden Console?
Accessing the hidden & unsupported ESXi console is not difficult if you know how to do it. However, if you do not know how to do it, there is no menu option or easily accessed help file that tells you how to access it.
To access the hidden & unsupported ESXi console, you must go to the console of the server. You cannot access this console via RCLI, RDP, the VI client, or other method. The only way to access the ESXi console is to go to the console of the server.
Figure 1: ESXi Console
Once you are on the server’s console, press Alt-F1.
Figure 2: After pressing Alt-F1
At that point you will see a console log of what has happened on the server but there is no prompt and no help file available. If you type something, it will not appear on the screen.
What you need to do is to type the command unsupported and press enter. Again, this will not appear on the screen. When you do this, here is what you will see:
Figure 3: After typing “unsupported” in ESXi
This activated what VMware called “Tech Support Mode”. As the warning says, this is unsupported unless you are using it with help from VMware Tech Support. Because of this, neither VMware nor I can make any warranties if, by using this interface, something unexpected happens to your ESXi Server. Because of that, you should only do this on a TEST system.
Now, type your ESXi Server root password.
Figure 4: Successfully logged into the hidden ESXi Server console
At this point, you are successfully logged into the hidden ESXi console. So what can do you once you are in here? Let’s find out…
What can I do inside the VMware ESXi hidden console?
The ESXi hidden / unsupported console is a “Linux-like” interface but extremely light when compared to a real Linux installation. For example, some of the most basic Linux commands work like ls (to list files), cd (to change directories), rm (to remove files), cp (to copy files), vi (to edit files), and reboot.
However, other common Linux commands do not work, such as more, pg, nano, or man.
The most interesting configuration files are located in /etc, just like in Linux. The most useful commands that you can execute are located in /sbin.
In this article, I am offering a quick overview of the ESXi command line but for a more complete reference you should read chapter 2 of the VMware Remote Command-Line Interface Installation and Reference Guide because that covers the vicfg-xxxxcommands in detail. However, inside the ESXi console, you run most of those same vicfg-xxxxcommands but they start with esxcfg-xxxx instead (the deprecated version). In fact, the RCLI Reference Guide (link above) has a chart that shows the esxcfg-xxxx to vicfg-xxxx equivalent command syntax.
In my opinion, the most important thing that I have used the hidden/unsupported ESXi console for is to edit text configuration files on the ESXi Server. This is important because, as I said, this cannot be done using the RCLI. For example, here are a few of the text files I have edited:
-
/etc/hosts – due to issues related to ESXi servers coming and going randomly from my VMHA resource pool, a VMware Tech had me edit the /etc/hosts file to statically make host entries for the other ESXi hosts in the RP. This was done to rule out any DNS issues.
-
/etc/inetd.conf – this file can be used to enable services that, otherwise could not be enabled. For example, by removing the hash (#) mark before the ssh or the ftp, I can enable these services on my ESXi server.
Here is an example of editing the inetd.conf file to enable SSH:
Figure 5: Editing the inetd.conf file to enable SSH
Of course, there are other files that can be edited or viewed, like the passwd file or inittab.
Again, I offer the warning that all of this is unsupported by VMware unless you are performing these steps under their direction.
Conclusion
In this article, I covered the "hidden" & unsupported VMware ESXi Server console. Almost everyone knows that ESXi doesn't have a service console but it does have a hidden console. In this article, I also demonstrated the benefit of using this hidden console. Primarily, that benefit is that you can edit text files directly on the server to allow you to enable services like SSH. However, as you have access to the server’s console, and can do much more than you could in the simple console menu interface, the possibilities of tweaking and configuration are only limited by the limited command set on the server.