VMware Communities
zvika
Contributor
Contributor
‎06-08-2022 07:42 AM
Jump to solution

File not found: D:\vmname-000005.vmdk - vmware-vdiskmanager does not help

Hi,

env: host: WIN10 enterprise LTSC (1809)

        VMWARE workstation PRO 16.2.1 , guest: WIN10 enterprise LTSC (1809)                      

I left the office with the guest running , the next morning the guest was powered off. No restart was scheduled for that night for the guest or the host. Trying to power on the guest  I got the error msg:  File not found: D:\vmname-000005.vmdk ; I pressed on browse, pointed at the file, OK'ed and then received the following errors:

The parent of this virtual disk could not be opened

Cannot open the disk 'D:\vmname-000011.vmdk' or one of the snapshot disks it depends on.

Module 'Disk' power on failed.

Failed to start the virtual machine

These files, as well as the "main" vmname.vmdk file do exist and their contents appears to be the "normal" content of a VMDK description file. I ran: vmware-vdiskmanager -R "<path of the vmdk(virtual disk>"  as suggested here: https://kb.vmware.com/s/article/2019259, to no avail. No error messages, but also no apparent affect.

I also tried vmware-vdiskmanager -e "<path of the vmdk(virtual disk>" and the result was: "Disk chain is consistent". I also restarted the host and ran CHKDSK on its disks, just to make sure.

Any suggestions would be appreciated ! 

Thanks a lot,

MMI

0 Kudos
1 Solution

Accepted Solutions
continuum
Immortal
Immortal
‎06-08-2022 03:02 PM
Jump to solution

You are right - the VM does not start because name-000005-023.vmdk is missing.
I would suggest uploading that file to virustotal.com and get a second opinion on how dangerous the malware stored in that vmdk-slice actually is.
If you come to the conclusion that it is a false positive then I would set an exclusion for vmdks in your antivirus and move the file back.
On first start disconnect network and run a virus-scan inside the VM.

And remember how you troubleshoot issues like this - if you dont tell your  Antivirus to exclude vmdk files from scans you will run into this again and again.

By the way - this line in the vmware.log tells you in one line what is wrong:
vmx AIOWIN32C: Failed to open 'D:\aedicula-000005-s023.vmdk' : Could not find the file (393219).
Next time use a search for "Failed to open" in notepad+ or another decent texteditor.

Well done

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

View solution in original post

6 Replies
scott28tt
VMware Employee
VMware Employee
‎06-08-2022 08:49 AM
Jump to solution

To start with, you need to post a folder listing of what files you do have, the recovery experts here (I'm not one of them) also usually ask for a copy of the .vmx file too.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
continuum
Immortal
Immortal
‎06-08-2022 09:38 AM
Jump to solution

Additionally to the details Scott already asked for we also need the latest vmware.log files - please attach all of them. (you may need to zip them before you can attach them)
Probably we also need all small vmdk-files (the textfiles usually have a size of a few kb only)

If you provide the filelisting as a screenshot make sure that it displays the full name AND date AND size.

If you use any antivirus-tool check if you have vmdks in quarantin folder.
Do you use ONEDRIVE ? - dont do that if you run Workstation.

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
zvika
Contributor
Contributor
‎06-08-2022 02:04 PM
Jump to solution

Hi,

First of all thanks for the immediate response!

I'm attaching: 

1. The filelist with dates and sizes.

2. "small" vmdks

3. vmware logs.

4. A vmware-vmx.dmp file created on the 7th. 07:30 AM

5. a picture of the  info about a quarantined file (by windows defender-atp, showing a vmdk file (!!), quarantined on the 6th. 9:22 PM (ie,  before the creation of the dump file).

so - it seems that the reason for the failure is now clear. How can I handle it. I thought about restoring the vmdk, stopping defender, and if the guest-VM does start, try to manually scan the guest hoping it'll find and remove it, and then restart defender on the host. Does this make sense or are there better ideas?

(to the last question - I don't use onedrive).

Thanks a lot,

MMI

 

 

small_vmdk_files.zip
vmware_logs.zip
vmware-vmx_dmp.zip
24 KB
28 KB
0 Kudos
continuum
Immortal
Immortal
‎06-08-2022 03:02 PM
Jump to solution

You are right - the VM does not start because name-000005-023.vmdk is missing.
I would suggest uploading that file to virustotal.com and get a second opinion on how dangerous the malware stored in that vmdk-slice actually is.
If you come to the conclusion that it is a false positive then I would set an exclusion for vmdks in your antivirus and move the file back.
On first start disconnect network and run a virus-scan inside the VM.

And remember how you troubleshoot issues like this - if you dont tell your  Antivirus to exclude vmdk files from scans you will run into this again and again.

By the way - this line in the vmware.log tells you in one line what is wrong:
vmx AIOWIN32C: Failed to open 'D:\aedicula-000005-s023.vmdk' : Could not find the file (393219).
Next time use a search for "Failed to open" in notepad+ or another decent texteditor.

Well done

Ulli


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

zvika
Contributor
Contributor
‎06-09-2022 04:52 AM
Jump to solution

Thanks a lot, I really appreciate the assistance !

BTW - after restoring the said file from quarantine, I started the guest-VM and ran full-scan a/v checks, including with the same tool that quarantined the vmdk file, and nothing was found. Virustotal showed the  issue by 2 engines - MS defender, same tool as quarantined my vmdk and another engine. 

MMI

 

 

0 Kudos
continuum
Immortal
Immortal
‎06-09-2022 05:12 AM
Jump to solution

Lets assume it is a false positive then ... by the way - why do you use so many snapshots.
Do you keep them as you are a developer and must be able to jump to different states of deleopment when a customer calls for it ?
That would be the only good reason for keeping so many snapshots.
Other than: the more snapshots - the more fragile a VM becomes.

Ulli

 


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos