The managed object browser (MOB) provides a way to explore the VMkernel object model. However, attackers can use this interface to perform malicious configuration changes or actions because it is possible to change the host configuration by using the MOB. Use the MOB only for debugging, and ensure that it is disabled in production systems.

The MOB is disabled by default. However, for certain tasks, for example when extracting the old certificate from a system, you have to use the MOB. You can enable and disable the MOB as follows.

Procedure

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, click Advanced System Settings.
  4. Check the value of Config.HostAgent.plugins.solo.enableMob, and click Edit to change it as appropriate.
    Do not use vim-cmd from the ESXi Shell.