I have setup 2 pools of VM's, each consisting of 4 VM's for testing.
I have installed the VDM Agent but when I go to simply RDP onto my VM's the RDP screen comes up and then a box with a red cross saying "VMware VDM Agent - Access is Denied".
So before I get to enter credentials into RDP I get this error. There is no firewall turned on in the VM's and this is before I even use the VDM Windows Client to test logging onto my pool, I am usign RDP straight from my own Windows laptop.
What causes the VDM Agent to say access is denied even before I get to enter my credentials doing a normal RDP to a VM?
By default the VDM 2.1 agent will block non-VDM RDP connections, this was a request from customers after 2.0 was released. It can be disabled by group policy or registry setting on the agent VMs - the group policy file is included in the VDM connection server install under the ADM subfolder.
Hmmmmmmmm I'm not sure on that.
I have found that DNS was not quite right so I changed that and one of my VM's I can now RDP....
Can you go into more detail when you say the DNS wasn't quite right? I just installed VDM 2.1 and found that I too received the access denied message when trying to use straight RDP to access the VM's. I used the GP template that referenced and was able to change this behavior on my test machines without any issues. Are you using 2.1 or 2.0?
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
I had previously tried a few weeks ago VDM with a pool of VM's and I reused the names but not the IP's therefore my DNS had the host names pointing to the wrong addresses.
After I cleaned up that all my VM's now work fine although I have not applied the GPO thing for allowing normal RDP to my pool of VM's but RDP outwith VDM works fine, and VDM works fine as well.
Any idea what that reg key is on the agent machine?
The GPO should only going to apply if you are using the VDM 2.1 agent.
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
I think this is the key in question
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VMware, Inc.\VMware VDM\Agent\Configuration
"AllowDirectRDP"="true"
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
Thank you, mittim12.[~122286]
When does this policy get enabled? I've had it occur on 1 out of 3 VDI images ... with VDM 2.1...
/kimono/
When does this policy get enabled? I've had it occur on 1 out of 3 VDI images ... with VDM 2.1...
/kimono/
It is supposed to be the default behavior for the VDM 2.1 agent.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
one posibility is the agent has been upgraded from 2.0 to 2.1 hence the reason the Reg key is not there.
Tom Howarth
VMware Communities User Moderator
Strange cause I have a very old workstation XP VM that was converted to ESX, then installed VDM 2.1 agent on it, which is allowing RDP and VDM connections. Another XP VM, clean install with VDM 2.1 , doesn't allow RDP and doesn't have that policies\VMWare Inc subkey. I found the only way to allow RDP add the value to this location:
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Agent\Configuration
I didn't test it with the POLICIES\ key mentioned before... is that a mistake?
/kimono/
that is strange and worrying. I would expect that the install routine would have repeatable behaviour, did you use the same build of agent on all occasions
Tom Howarth
VMware Communities User Moderator
You should see with the VDM 2.1 agent that the default setting is to block non-VDM RDP connections when the SSO component is installed - this componenet handles broker authentication to the agent and hence is also repsonsible for blocking direct connections. Both registry locations are correct (with/without policies), the policies version is generated by the group policy file included with the server installation and overrides the normal software registry entry. I hope that clarifies things.
Mike
I'm having the same problem. Since the key didn't exist on my vm, I created it, seeing from this guy's blog: here
Still didn't work.
What do you want to do? Block the non-VDM connections of allow them?
Regards,
Christoph
Don't forget to award the points if this answer was helpful for you.
Blog:
Allow - I got it - I was adding a registry key instead of a string.
Thanks!
Jude Eden
I've asked because the default was changed once. First it blocked by default then default was allow... If I remember correctly it was in View 3.0 or so...