Hi,
env: host: WIN10 enterprise LTSC (1809)
VMWARE workstation PRO 16.2.1 , guest: WIN10 enterprise LTSC (1809)
I left the office with the guest running , the next morning the guest was powered off. No restart was scheduled for that night for the guest or the host. Trying to power on the guest I got the error msg: File not found: D:\vmname-000005.vmdk ; I pressed on browse, pointed at the file, OK'ed and then received the following errors:
The parent of this virtual disk could not be opened
Cannot open the disk 'D:\vmname-000011.vmdk' or one of the snapshot disks it depends on.
Module 'Disk' power on failed.
Failed to start the virtual machine
These files, as well as the "main" vmname.vmdk file do exist and their contents appears to be the "normal" content of a VMDK description file. I ran: vmware-vdiskmanager -R "<path of the vmdk(virtual disk>" as suggested here: https://kb.vmware.com/s/article/2019259, to no avail. No error messages, but also no apparent affect.
I also tried vmware-vdiskmanager -e "<path of the vmdk(virtual disk>" and the result was: "Disk chain is consistent". I also restarted the host and ran CHKDSK on its disks, just to make sure.
Any suggestions would be appreciated !
Thanks a lot,
MMI
You are right - the VM does not start because name-000005-023.vmdk is missing.
I would suggest uploading that file to virustotal.com and get a second opinion on how dangerous the malware stored in that vmdk-slice actually is.
If you come to the conclusion that it is a false positive then I would set an exclusion for vmdks in your antivirus and move the file back.
On first start disconnect network and run a virus-scan inside the VM.
And remember how you troubleshoot issues like this - if you dont tell your Antivirus to exclude vmdk files from scans you will run into this again and again.
By the way - this line in the vmware.log tells you in one line what is wrong:
vmx AIOWIN32C: Failed to open 'D:\aedicula-000005-s023.vmdk' : Could not find the file (393219).
Next time use a search for "Failed to open" in notepad+ or another decent texteditor.
Well done
Ulli
To start with, you need to post a folder listing of what files you do have, the recovery experts here (I'm not one of them) also usually ask for a copy of the .vmx file too.
Additionally to the details Scott already asked for we also need the latest vmware.log files - please attach all of them. (you may need to zip them before you can attach them)
Probably we also need all small vmdk-files (the textfiles usually have a size of a few kb only)
If you provide the filelisting as a screenshot make sure that it displays the full name AND date AND size.
If you use any antivirus-tool check if you have vmdks in quarantin folder.
Do you use ONEDRIVE ? - dont do that if you run Workstation.
Ulli
Hi,
First of all thanks for the immediate response!
I'm attaching:
1. The filelist with dates and sizes.
2. "small" vmdks
3. vmware logs.
4. A vmware-vmx.dmp file created on the 7th. 07:30 AM
5. a picture of the info about a quarantined file (by windows defender-atp, showing a vmdk file (!!), quarantined on the 6th. 9:22 PM (ie, before the creation of the dump file).
so - it seems that the reason for the failure is now clear. How can I handle it. I thought about restoring the vmdk, stopping defender, and if the guest-VM does start, try to manually scan the guest hoping it'll find and remove it, and then restart defender on the host. Does this make sense or are there better ideas?
(to the last question - I don't use onedrive).
Thanks a lot,
MMI
You are right - the VM does not start because name-000005-023.vmdk is missing.
I would suggest uploading that file to virustotal.com and get a second opinion on how dangerous the malware stored in that vmdk-slice actually is.
If you come to the conclusion that it is a false positive then I would set an exclusion for vmdks in your antivirus and move the file back.
On first start disconnect network and run a virus-scan inside the VM.
And remember how you troubleshoot issues like this - if you dont tell your Antivirus to exclude vmdk files from scans you will run into this again and again.
By the way - this line in the vmware.log tells you in one line what is wrong:
vmx AIOWIN32C: Failed to open 'D:\aedicula-000005-s023.vmdk' : Could not find the file (393219).
Next time use a search for "Failed to open" in notepad+ or another decent texteditor.
Well done
Ulli
Thanks a lot, I really appreciate the assistance !
BTW - after restoring the said file from quarantine, I started the guest-VM and ran full-scan a/v checks, including with the same tool that quarantined the vmdk file, and nothing was found. Virustotal showed the issue by 2 engines - MS defender, same tool as quarantined my vmdk and another engine.
MMI
Lets assume it is a false positive then ... by the way - why do you use so many snapshots.
Do you keep them as you are a developer and must be able to jump to different states of deleopment when a customer calls for it ?
That would be the only good reason for keeping so many snapshots.
Other than: the more snapshots - the more fragile a VM becomes.
Ulli