The managed object browser (MOB) provides a way to explore the VMkernel object model. However, attackers can use this interface to perform malicious configuration changes or actions because it is possible to change the host configuration by using the MOB. Use the MOB only for debugging, and ensure that it is disabled in production systems.

Starting with vSphere 6.0, the MOB is disabled by default. However, for certain tasks, for example when extracting the old certificate from a system, you have to use the MOB. You can enable and disable the MOB as follows.


  1. Select the host in the vSphere Web Client and go to Advanced System Settings.
  2. Check the value of Config.HostAgent.plugins.solo.enableMob, and change it as appropriate.

    Do not use vim-cmd from the ESXi Shell.