If you’re managing VMware environments, you might occasionally run into persistent shell warning alerts in your ESXi hosts. Thankfully, you can quickly find and suppress these warnings with a bit of PowerCLI magic.
Check for ESXi Hosts with Shell Warnings
Show the actual advanced settings on all hosts. Log into vCenter using PowerCLI and run this command:
This command immediately disables the shell warnings on selected hosts. No more alerts in GUI!
Command output:
Entity Name Value
------ ---- -----
fs-vsan-05.int.dc5.cz UserVars.SuppressShellWarning 1
Why (Not) Suppress Shell Warnings?
It’s important to note that suppressing shell warnings is only advisable in lab or non-production environments. In production environments, shell warnings provide valuable security reminders. Always keep shell warnings enabled to maintain security awareness unless you’re working in a controlled test environment.
Managing encryption across multiple ESXi hosts can be a bit of a hassle. But don’t worry. I’ve got a simple PowerCLI script that’ll save you time and headaches by quickly retrieving encryption status and recovery keys from your VMware environment.
Why Do You Need This?
Ensuring your ESXi hosts are correctly encrypted is essential for security. Regular checks help prevent surprises later, especially during troubleshooting or audits.
Getting Started
First, make sure you’re connected to your vCenter:
Connect-VIServer -Server
Replace with your vCenter IP or FQDN.
The Script Breakdown
Here’s a quick rundown of the PowerCLI script to verify encryption settings across all ESXi hosts and who Recovery key for each ESXi host. (link to GitHub repository and file tpm_recovery_key_backup.ps1):
Configuring syslog on your ESXi host is essential for centralized logging and efficient monitoring. Having your logs centrally managed simplifies troubleshooting and helps with compliance and security audits. Below you’ll find an easy-to-follow guide for setting up syslog both via the WebUI and CLI. Don’t forget to verify connectivity and regularly check your centralized logs for effective monitoring.
Configure Syslog Service (vmsyslogd) on ESXi for Remote Logging
1. Configure Syslog Using the vSphere Client
Log in to the vSphere Client and select your ESXi host.
Navigate to the Configure tab.
Under System, click on Advanced System Settings.
Click Edit to modify settings.
Filter for Syslog.global.logHost.
Enter your syslog server details in the format tcp://hostname:514 or udp://hostname:514 in my case udp://10.20.55.44:514 or with DNS name udp://syslog:514
Click OK to apply the changes.
2. Open Firewall Ports for Syslog Traffic
Enable Syslog in Firewall Rules:
Still under the Configure tab, go to Networking > Firewall > Ougoing connections.
Click EDIT….
Filter for syslog
Click on Checkboxand Click OK.
Now you should see “syslog” in outgoing firewall rules.
3. Verify Connectivity to the Syslog Server
Test Network Connection:
Access the ESXi Shell or use SSH to connect to your ESXi host.
When troubleshooting ESXi network and Syslog server connectivity issues, knowing the right tools can save you hours of frustration. Whether it’s an unresponsive syslog server, blocked TCP/UDP ports, this guide will help you diagnose and fix common connectivity issues quickly.
Key Troubleshooting Tools for ESXi Network Connectivity
Step 1: Verify Basic Network Connectivity
Before checking anything else, confirm that the ESXi host can communicate with the syslog server at a basic network level.
Standard ICMP ping test:
ping <destination-IP>
VMkernel-specific ping (useful for vMotion, NFS, etc.):
vmkping <destination-IP>
or specify which vmkernel should be used as ongoing interface for ping
vmkping -I vmk0 <destination-IP>
If these fail, the issue is likely a network routing problem or an upstream firewall blocking traffic.
Step 2: Check TCP/UDP Port Connectivity (netcat)
Even if the server is reachable, the syslog port might be blocked or not listening. Netcat helps determine if a specific TCP or UDP port is reachable.
⚠️ Note: Be aware that netcat doesn’t display an error message when a connection fails—only a successful connection is reported.
Use Cases
Test TCP Port Connectivity:
nc -z <destination-ip> <destination-port>
Test UDP Port Connectivity:
nc -zu <destination-ip> <destination-port>
Step 3: Analyze ESXi Network Connections and Interface Statistics
ESXi provides tools to inspect active network connections and adapter performance.
Check active TCP/UDP connections:
esxcli network ip connection list|grep <port>
If the syslog connection isn’t listed, ESXi isn’t attempting to send logs—double-check your syslog configuration in vSphere.
Check NIC statistics for errors and dropped packets:
esxcli network nic stats get -n <vmnicX>
Persistent errors here could indicate network congestion or misconfigurations.
Final Thoughts: Diagnosing Syslog Connectivity Efficiently
Troubleshooting network issues between an ESXi host and a syslog server doesn’t have to be a headache. Using these tools, you can pinpoint the problem—whether it’s a blocked port, misconfiguration, or network adapter issue—and resolve it efficiently.
In VMware ESXi, managing physical network interfaces (vmnics) is essential for troubleshooting, maintenance, or reconfiguration. There are times when you need to disable or re-enable a network interface without relying on the network team to shut down a switch port or physically unplugging the cable in the server room. Fortunately, this can be done quickly using the esxcli command-line tool.
Checking Available Network Interfaces
First login via SSH or directly on server console.
Before shutting down a vmnic, it’s good practice to list all available interfaces and check their status:
esxcli network nic list
This command will display a list of vmnics along with their link state, driver, and speed.
Shutting Down a vmnic Interface
To disable a specific vmnic, use the following command:
esxcli network nic down -n vmnicX
Replace vmnicX with the actual interface name (e.g., vmnic5).
Bringing a vmnic Interface Back Up
If you need to enable the interface again, run:
esxcli network nic up -n vmnicX
This will bring the network interface back online.
Use Cases
Test network failover scenarios.
Identify and isolate network issues by disabling a suspected faulty NIC.
Temporarily disable a NIC to measure the impact on network performance and verify load balancing efficiency.
Test how virtual machines respond when a specific network path goes down.
Shut down a vmnic that is connected to an untrusted VLAN or an incorrectly configured network.
Test different network configurations without permanently altering physical connections.
By using esxcli, you can manage network interfaces efficiently.
Renaming or reordering vmnics on an ESXi host can be useful in various scenarios, such as standardizing network configurations or aligning network interface names across multiple hosts. This guide will show you how to achieve this using the ESXi command line.
Listing Current vmnic Aliases
Before making changes, it is essential to check the current vmnic assignments. You can do this with the following command:
localcli --plugin-dir /usr/lib/vmware/esxcli/int/ deviceInternal alias list
This command will return a list of all existing vmnic aliases and their corresponding bus addresses.
Bus type Bus address Alias
-------- ------------------- -----
pci m01000300 vmhba0
pci m01000b00 vmnic0
pci p0000:00:07.1 vmhba1
pci m02001300 vmnic1
logical pci#m01000300#0 vmhba0
logical pci#p0000:00:07.1#0 vmhba1
logical pci#p0000:00:07.1#1 vmhba64
logical pci#m02001300#0 vmnic1
logical pci#m01000b00#0 vmnic0
When a nic is controlled by a native driver, then there are actually two aliases associated with the device: a pci alias for the pci device and a logical alias for the uplink logical device.
[root@fs-vsan-05:~] localcli --plugin-dir /usr/lib/vmware/esxcli/int deviceInternal alias list | grep vmnic1
When the logical alias is present, then both the pci alias and logical alias need to be renamed !
Changing a vmnic Name
Make sure you have console access before starting the upcoming steps.
To change the name of a specific vmnic, use the following commands. Replace vmnic5 with the desired new alias and update the bus-address accordingly.
localcli --plugin-dir /usr/lib/vmware/esxcli/int deviceInternal alias store --bus-type pci --alias vmnic5 --bus-address m02001300
localcli --plugin-dir /usr/lib/vmware/esxcli/int deviceInternal alias store --bus-type logical --alias vmnic5 --bus-address pci#m02001300#0
Once the commands have been executed, you need to reboot the ESXi host for the changes to take effect.
reboot
Having Some Fun with vmnic Naming
If you want to experiment and see how ESXi handles long vmnic names, you can try something fun like this:
localcli --plugin-dir /usr/lib/vmware/esxcli/int deviceInternal alias store --bus-type pci --alias vmnic1234567890 --bus-address m02001300
localcli --plugin-dir /usr/lib/vmware/esxcli/int deviceInternal alias store --bus-type logical --alias vmnic1234567890 --bus-address pci#m02001300#0
reboot
While ESXi generally follows a strict naming convention, pushing its limits can be an interesting experiment!
Conclusion
Renaming vmnics in ESXi via the command line is a straightforward process that requires just a few commands and a reboot. Whether you’re restructuring network configurations or just having a bit of fun, these steps will help you modify your ESXi network interfaces with ease.
Ever wanted to spruce up that default login screen on your ESXi host or have some fun with your DCUI? Then you’re in the right place! In this post, I’ll walk through using the Annotations.WelcomeMessage advanced setting to display a custom welcome message on your ESXi host. Best of all, I’ll share a neat PowerShell function to make it easy.
Why Customize the Welcome Message?
Personalization: Display a personal greeting, instructions, or a quick reminder for anyone logging into the ESXi console.
Useful Info: Share contact details or support info in case someone needs to know who to call if something breaks.
Fun Factor: It’s always nice to see something other than “Welcome to VMware ESXi” from time to time at least in homelab.
Security: Display security/legal warning.
The Advanced Setting: Annotations.WelcomeMessage
Annotations.WelcomeMessage is an advanced ESXi host parameter. It’s where you store the text you want displayed in DCUI on the default console screen (replacing some default text, similar to screenshot below).
(virtual ESXi)
PowerShell Script: Set-WelcomeMessage Function
Here is the star of the show—my simple PowerShell function that taps into VMware’s PowerCLI to set Annotations.WelcomeMessage on your ESXi host. It even shows you the old message before setting the new one.
Function Set-WelcomeMessage {
<#
.SYNOPSIS
This function retrieves the vCenter version and build number.
Based on https://knowledge.broadcom.com/external/article/315410/
.NOTES
File Name : set_welcome_message.ps1
Author : Stanislav Musil
Prerequisite : PowerShell
Website : https://vpxd.dc5.cz/index.php/category/blog/
X (Twitter) : https://www.x.com/stmusil
.DESCRIPTION
The script is a function that takes a single parameter, the vCenter server name. Retrieves the version and build number.
To use the function, you can dot-source the script and then call the function.
Windows: . .\set_welcome_message.ps1
Mac/Linux: . ./set_welcome_message.ps1
.EXAMPLE
Set-WelcomeMessage -Hostname "ESXi.example.com" -WelcomeMessage "Welcome to {{hostname}"
#>
param (
[string]$HostName,
[string]$WelcomeMessage
)
# Ensure PowerCLI module is imported
if (-not (Get-Module -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue)) {
Import-Module VMware.VimAutomation.Core
}`
# Define the target host and the parameter values
$ESXihost = Get-VMHost -Name $HostName
$paramName = "Annotations.WelcomeMessage"
$current = Get-AdvancedSetting -Entity $ESXihost -Name $paramName
Write-Host "Current Weclome message:" $current.Value
# Set the advanced parameter
Get-AdvancedSetting -Entity $ESXihost -Name $paramName | Set-AdvancedSetting -Value $WelcomeMessage -Confirm:$false
# Verify the change
$updatedSetting = Get-AdvancedSetting -Entity $ESXihost -Name $paramName
Write-Output "New $paramName value on $ESXihost : $($updatedSetting.Value)"
}
How to Run It
1. Dot-source the script (so the function is recognized):
On Windows:
. .\set_welcome_message.ps1
On Mac/Linux:
. ./set_welcome_message.ps1
2. Execute the function:
Set-WelcomeMessage -Hostname "ESXi.example.com" -WelcomeMessage "Welcome to my ESXi host!"
3. That’s it! Now when you check the DCUI over iDRAC/IPMI/iLO etc.. or on directly on console screen, you’ll see your brand-new custom text.
Customizing your ESXi’s welcome message is quick, easy, and surprisingly fun. Whether you’re adding a helpful notice or just a silly greeting, a personal touch goes a long way. Give it a try, and see if your team notices!