VMware Cloud Community
BCBSKS
Contributor
Contributor
‎04-11-2014 07:17 AM

Windows Server 2012 R2 Treating VMDKs as External Media in vSphere 5.1 U3


I have a few Server 2012 Standard R2 VMs, one happens to be a SQL Server with a total of 4 VMDKs, C:X:Y:Z volumes in the OS. My DBA called me to say all but the C: drive was giving her Access Denied after about a month of being in service. I logged on as Local Admin/Domain Admin and I got the same thing. I could not even access the security of the volumes. Logged on as Local Admin I could, and everything looked fine. I could UNC to these volumes admin shares with no issue. After some research I find that since server 2012, it has treated VMDKs as external storage. There was an issue with Hyper-V also, but Microsoft fixed those. If you go to your task bar and use your external media tool, you will see your drives there as external media to eject if possible.

In 2012 R2 there is a new security policy, that was not configured, but it seems to have acted anyway.. For removable media after so much I/O it locks the drives. There were a few work arounds for this, including disabling the audit policy, which again was not configured. And then this Vmware KB about adding a line to the VM advanced options to disable Plug-N-Play hot swap.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101222...

Neither fix worked in unlocking the locked drives.

I wound up as local admin adding authenticated users to the security permissions and that unlocked them for logged in and system account uesrs after that. But I don't know if this will lock up again for that fix after so much I/O again.

I have opened a ticket with Microsoft, and so far applied all the patches/hot fixes they advised, and then they suggested changing the SAS Controller from LSI to Parallel which borked the server by locking the C: drive and not allowing windows to boot or autorepair.

These are the Microsoft updates I have applied that they asked with no luck.

http://support.microsoft.com/kb/2883200
                                   http://support.microsoft.com/kb/2928680
                                   http://social.technet.microsoft.com/wiki/contents/articles/20885.hyper-v-update-list-for-windows-ser...

Anyone else having this issue? I think this is a huge problem that windows server 2012 & R2 is seeing  vmdks as external media attached. Especially with these type of audit policies being added in.

And maybe I hit it sooner since I have a SQL server with databases running on these drives.

Any help would be appreciated.

Here is another link describing the issue at hand, although this is more of a share issue, but related.

http://www.happysysadm.com/2013/02/access-denied-to-disk-share-on-windows.html

4 Replies
martola
Contributor
Contributor
‎05-07-2016 01:17 PM

Was there ever a reply to this questions? I'm having the exact same issue on a brand new Windows Server 2012 R2 box on VMWare 5.1

0 Kudos
MAVC
Contributor
Contributor
‎05-31-2017 10:42 AM

It worked for me on Windows Server 2012 with the same issue.

Disabling the HotAdd/HotPlug capability in ESXi 6.x, 5.x and ESXi/ESX 4.x virtual machines (1012225)...

AvinashESx
Contributor
Contributor
‎06-19-2017 12:09 PM

Hello,

You can remove the VMDKs from the edit settings for the VM.

Then add it back to the VM and that should work.

Worked for an exchange server that had the same issue.

Cheers!!

0 Kudos
cmcdowell
Contributor
Contributor
‎02-08-2018 01:25 PM

I had the same problem. My issue also involved excessive Window Security Event logs Event ID: 4663 Task Category: Removable Storage.

I first noticed very excessive logging in Windows Security event logs Event ID: 4663 Task Category: Removable Storage on an ESXi Windows Guest Virtual Machine. I was required to apply auditing "Audit Removable Storage" on my server for security and compliance requirements for the Government (i.e. STIGs V-36667 and V-36668 for Windows 2012 and Windows 2012 R2).

If you have excessive logging for Removable Storage  Event ID: 4663 it is because you have specific auditing "Audit Removable Storage" applied to your server to audit access to Removable Storage, and it is also an indication you need to disable HotAdd/HotPlug capability in ESXi for the virtual machine in question.

The Safely Remove Hardware option show options for removing the virtual machine's hardware such as the NIC and the Drives so these appeared as removable devices.

1. Shut down the virtual machine gently if you can.

2. Connect to my the vSphere Client.

3. In the vSphere Client, Right-click the virtual machine and clicked Edit Settings

4. Selected the Options tab at the top middle of the dialog box.

5. Under Advanced, select General.

6. Click the Configuration Parameters button.

pastedImage_9.png

7. A new dialog box will open.Click the Add Row button

pastedImage_17.png

8. Add a new row and type in the name devices.hotplug and set the value to false. Click ok.

pastedImage_19.png

.8. Powered on the virtual machine from the vSphere Client

When I did this to my server, the Safely Remove Hardware does not show my NIC and Drives.

I opened up the Security Logs and no longer have the Event ID: 4663 Task Category: Removable Storage logs showing.

VMware Knowledge Base

0 Kudos