johnhickley
Contributor
Contributor

Is it possible to create a VM on a network share?

Jump to solution

I have a SuSE 11 file server running samba to share files and directories to my XP x64 PC. I have installed VMware Player on my XP box and have gone through the steps to create a VM on my SuSE server. The vmx and vmdk files create successfully but when I try to start the VM I get the message: "Failed to open virtual machine: You do not have access rights to this file.". Yet VirtualBox (also installed on my XP box) has no such problem. Indeed, I created the Player VM in the same shared directory I use for my VirtualBox VM to eliminate permissions problems on the linux side. Is this a limitation of Player?

Regards,

John

0 Kudos
1 Solution

Accepted Solutions
MichaelLSimpson
Contributor
Contributor

Sadly, for me, it would not resolve my issue. My issue is that I have to authorize IP addresses and User IDs on my LDAP Server (using Openfiler) to give them access to my network share. I am able to access the network share from my Windows XP OS. When I run Ubuntu in a VM, I am able to access the network share there as well. But when Player is trying to access a VM on the network, it gets the 'access denied' message. Which tells me that my NAS is either seeing a different IP address or a different User ID from Player. I can see all of the network adapters (including the virtual ones), and I have them allowed in my LDAP. So, to me, that means that somehow Player is trying to access my network share with some User ID other than the one I'm logged into my computer with.

To test, I'm going to bring up one of my linux boxes, install Player there, and see if it has the same issue accessing a network share. Then that will tell me if maybe it's a nuance of Windows networking/authentication, or if it is OS independant and all in Player.

It would be nice if I could get a log file out of Openfiler (or any application) that showed when an unauthorized access attempt was made. Then I could easily get the User ID and IP Address and add it to the LDAP server. But, alas, I've not been able to find such a log or a tool that will do it.

Michael

View solution in original post

0 Kudos
13 Replies
MichaelLSimpson
Contributor
Contributor

Funny, I was just about to ask this same question. I created VMs with VMWare Player and downloaded appliances on my NAS. But when I try to run them, I get the same "Failed to open virtual machine: You do not have access rights to this file." error. I'm working on this now. I think the issue is that the SAN/NAS sees VMWare as some user other than who's authorized to access the share. I'm trying to see if that's the case.

EDIT:

I DID verify that I can put VMs on other machines and run them across the network. So this is not a limitation of VMWare Player. It appears to be an access issue with the authentication information that comes across from Player. I'm trying to get that information and will post when I have it (if no one else does first- which would be great!).

Note: In my test scenarios, I received the message "This virtual machine may have been moved or copied...". This is because of the different VM path (the UUID is based on the UNC and not the drive mapping). It works both if either "I moved it" or "I copied it" is selected. I believe the MAC address (and new UUID) are the only differences in the "new" VM. But I don't believe this should occur if the VM is being accessed by two different machines with the same mapping to the same network location.

-

Michael

johnhickley
Contributor
Contributor

Well done, Michael. I will try to find time this evening to repeat your scenario. I have created my VM on a local drive so I'll copy it to my file server and see if Player will open it.

0 Kudos
continuum
Immortal
Immortal

when you create the VM make sure you split the vmdk in 2 Gb chunks - this works better over network-shares than the usual one-piece files

___________________________________

VMX-parameters- VMware-liveCD - VM-Sickbay

Do you need support with a recovery problem ? - send a message via skype "sanbarrow"
0 Kudos
johnhickley
Contributor
Contributor

Would that eliminate the original problem?

0 Kudos
MichaelLSimpson
Contributor
Contributor

Sadly, for me, it would not resolve my issue. My issue is that I have to authorize IP addresses and User IDs on my LDAP Server (using Openfiler) to give them access to my network share. I am able to access the network share from my Windows XP OS. When I run Ubuntu in a VM, I am able to access the network share there as well. But when Player is trying to access a VM on the network, it gets the 'access denied' message. Which tells me that my NAS is either seeing a different IP address or a different User ID from Player. I can see all of the network adapters (including the virtual ones), and I have them allowed in my LDAP. So, to me, that means that somehow Player is trying to access my network share with some User ID other than the one I'm logged into my computer with.

To test, I'm going to bring up one of my linux boxes, install Player there, and see if it has the same issue accessing a network share. Then that will tell me if maybe it's a nuance of Windows networking/authentication, or if it is OS independant and all in Player.

It would be nice if I could get a log file out of Openfiler (or any application) that showed when an unauthorized access attempt was made. Then I could easily get the User ID and IP Address and add it to the LDAP server. But, alas, I've not been able to find such a log or a tool that will do it.

Michael

View solution in original post

0 Kudos
johnhickley
Contributor
Contributor

Having created my VM on a local disk I then copied it to my file server and was able to open it in Player. Yet if I create the VM on my file server to start with, Player bombs out with the original problem. Go figure!

0 Kudos
continuum
Immortal
Immortal

next time try with

diskLib.sparseMaxFileSizeCheck= "false"

in the vmx before starting the installation of the guest




___________________________________

VMX-parameters- VMware-liveCD - VM-Sickbay

Do you need support with a recovery problem ? - send a message via skype "sanbarrow"
0 Kudos
MichaelLSimpson
Contributor
Contributor

You know what... I read the original post wrong. I have a slightly different issue. So... I'm going to create a separate thread. Sorry if I created any additional confusion.

Before I go, I'll post the last thing I found in the event someone reads this post and is looking for an answer to my issue. VMWare Player IS using a blank/empty/anonymous User ID when running a VM (or at least starting one). I won't go into details in this thread. But when monitoring Player's access (from another PC) to a local VM, I get the following log:

The 'blank' User ID connects multiple times from 4 - 11 seconds each time. For my issue, that is what's causing my authentication error. I don't know how to use controlled access AND allow that anonymous access in my LDAP server. If I turn off controlled access and just leave my NAS with no authentication, Player can access the VM on the share just fine.

Again, I'll put this in another thread to see if I can get assistance. And I'm looking other places, since it's really an LDAP issue and not a VMWare issue.

-

Michael

Message was edited by: MichaelLSimps…

0 Kudos
Student_Driver
Enthusiast
Enthusiast

@Michael

Is your Windows XP system hardened in any way? There's a setting in the security policy that's called "Do not allow storage of .Net credentials or alternate passwords" (or something similar) that can have this effect. The setting has been around for a while, however it didn't really get "activated" until Windows XP SP2 and Server 2003 SP1. If enabled, the machine will not use your credentials you've stored and will drop to anonymous authentication. It's a very powerful setting that has its uses, but is heavily abused and causes problems with over-zealous hardening routines. You can look for it in secpol.msc, under Local Policies-->Security Options.

Dell SXPS 1340, P9600, 8GB RAM

MCSE/MCSA 2003, MCTS, RHCT

Dell SXPS 1340, P9600, 8GB RAM MCSE/MCSA 2003, MCTS, RHCT
0 Kudos
johnhickley
Contributor
Contributor

No, my XP system has not been hardened in any way. I've just checked the option you suggested and it's set to Disabled.

0 Kudos
Student_Driver
Enthusiast
Enthusiast

It looks like the vmx process is being launched without user credentials, unless you take every process into consideration in Task Manager. I need to setup a VM domain controller on my other system and see how they interact. There might be some other issues going on.

Dell SXPS 1340, P9600, 8GB RAM

MCSE/MCSA 2003, MCTS, RHCT

Dell SXPS 1340, P9600, 8GB RAM MCSE/MCSA 2003, MCTS, RHCT
0 Kudos
MichaelLSimpson
Contributor
Contributor

Hi Student...,

No, my system isn't 'hardened'. That security policy is disabled. But my authentication isn't happening on the XP machine, it's happening on a remote LDAP server. So I see that your VM is starting without user credentials also. It would be nice if there was a way to add/force credentials on the VM player. Otherwise, I'm going to have to rethink my security strategy. I look forward to seeing what you find.

-

Michael

0 Kudos
Student_Driver
Enthusiast
Enthusiast

Right, but if the XP machine isn't forwarding your credentials, then the authentication will never happen via the LDAP server. This happens all the time when that one setting is enabled, but I think this is a process management issue.

Dell SXPS 1340, P9600, 8GB RAM

MCSE/MCSA 2003, MCTS, RHCT

Dell SXPS 1340, P9600, 8GB RAM MCSE/MCSA 2003, MCTS, RHCT
0 Kudos