hi:
i tried to use vmxnet3 for all my vm in exsi 4.0.
i have one quesiton: the vmxnet3 device show as an removable icon in the corner of windows OS.
can i hide that icon?
and i have one problem: vmxnet3 is working fine except in my 64bit linux os.
in 64 bit linux os, if i tried to make large traffic for it, like download a 4GB iso with speed about 80-100 MB/sec, the network will stop.
there are no message in the linux system, but the network is unusable anymore. i need to restart linux to get the network back.
my linux distribution is mandriva 2009 with kernel 2.6.27.24. i also tried intel E1000 and it is fine with it.
thanks a lot for information!!
hi:
i upgrade esxi 4 to build 175625, the situation is the same. then i upgrade guest vmware tools to 175625, magic things happen. the vmxnet3 nic become stable. i test large traffic for several hours, and everything is fine.
however, i still don't see the way to hide the icon of vmxnet3. any comment?
Take a look at these articles:
http://blog.ryantadams.com/2008/10/27/hide-the-safely-remove-hardware-icon-from-the-system-tray/
---
VMware vExpert '2009
hi:
thanks for the information. but i only want to hide vmxnet3 icon, because my virtual nic is always fixed and removeable is useless to me. other removable device icons are useful.don't want to hide all of them..
Hello,
Moved to Virtual Machine and Guest OS forum.
This is not actually an ESX issue it is a VMware Tools and perhaps a Guest OS issue. If your Guest OS has a way to hide icons in the systray then you can use that method.... If you look at the NIC settings, I believe there is a method for Windows.
Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]
hi:
this issue is specific to vmxnet3. and since vmxnet3 is new, so it is a specific issue to vsphere. i didn't see this kind of behavior
with pcnet or e1000 or vmxnet2 in ESXi 3.5. and i didn't see easy way to hide it in windows.if you know,please comment.
same here but really quite a problem because the ability to remove the nic is now available to all the non-privileged users and some are quite curious.
having just upgraded to hw7 and vmxnet3 on 21 terminal servers for 300+ users i found that some of them were losing their nics for no apparent reason, curious but no problem adding it back in through Edit Settings on the VM profile.
just tested with a non-priv user on a server and sure enough that is what is happening.
so now i need to try and find a way to either hide the icon or make it stop working for non-priv users as this is quite disruptive when some curious nit decides to see what happens and everybody on that production server is disconnected.
surprising that VMware is not taking more interest in this "undocumented New Feature", kind of like ejecting the Warp Core in-flight.
wayne
oops, my mistake the non-priv account actually had some left over privs from a previous test.
without privs the icon was not present in the tray for the test account.
not as serious as first thought but still not a feature that one wants on their server.
wayne
un-oops, kept testing and non-priv users do seem to be able to remove the nic
how to block this back at the top of the list
I'm having the same problem here. Since updating to ESX4 and updating the hardware the NIC's are shown as "Removable Hardware". The risk of someone (myself or one of my collegue's who also are system administrators) removing hardware by accident is to big.
I tried to find options within Windows or in the VMware tools as mentioned in this thread but they don't seem to exist. Running a program to hide it at every logon is a workaround, not a solution.
Can anyone tell me if someone already has solved this problem (and how ofcourse )? Thank you very much!
Anyone heard anything from VMware on this problem? I can see this as a potential huge problem myself.
One more thing to add- it doesn't matter if it is set as the vmxnet3 driver, I changed to vmxnet2 and flexible and they all allowed the removal. I think it has to do with the VM version 7 format allowing hot-add of NIC's
I have the same problem on my vShere 4 Enterprise. Any solution, other than stop using hardware version 7 on the VMs?
This is a huge security and operational problem! Vmware must address this problem a.s.a.p!
I think the device could be marked as non removable via a registry change on the device:
The site refers "Beginning with Windows 7"... All other Windows versions retain this behavior.
For fixing this perhaps a new NIC driver via VMWare tools?
Changing the default behavior of Windows by hammering de registry or using third party applications is just a workaround, not a real fix.
This is a huge deal to me; I have +50VMs on hardware version 7, and in one month, I had 2 NICs removed from production servers, one by a curious user in a TS server, other by a system admin on a slow link, and accidently pressing the remove icon :_| …
More suggestions please?
Thanks in advance.
I just realized this is hardware 7 specific not windows 7 specific.
I think the registry setting is the same or close to the same.
Perhaps you should open a support incident with vmware?
Your interim fix is just to remove hotplug support in the vmx that should solve the problem in the short term.
Hi, Thank you for the reply.
I just remove the hot-plug support (http://kb.vmware.com/kb/1012225) as temporary solution on the “Terminal Server” hosts VMs (most critical problem).
My next step is to open a support incident with vmware. I need a real and global solution to this problem.
I looked at this issue a little more.
Another potential fix is to mark the device as "not user removable."
http://www.anetforums.com/posts.aspx?ThreadIndex=3204
Which can be set via a registry set, or via the inf file that installs the vmxnet3 device.
I think vmware should add this configuration on the vmx file or via the vmware network device properties.
You sir, are my hero. Exactly what I needed after having someone either curiously or accidentally unplugging the network device today.
It's also worth mentioning that using Vsphere free edition doesn't allow you to Hotplug the network back in while the VM is switched on, so you have to shutdown the VM, add the device again and then reboot. What a pita.
I did more research, it appears this is a better solution, it prevents removeal of devices from inside the os, all device configuration can only occur from the vi client machine configuration.
Prevent Unauthorized Removal or Connection of Devices
Normal users and processes—that is users and processes without root or administrator privileges—within
virtual machines have the capability to connect or disconnect devices, such as network adapters and CD‐ROM
drives.
For example, by default, a rogue user within a virtual machine can:
Connect a disconnected CD‐ROM drive and access sensitive information on the media left in the drive
Disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service
In general, you should use the virtual machine settings editor or Configuration Editor to remove any
unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not
always a good solution. In that case, you can prevent a user or running process in the virtual machine from
connecting or disconnecting a device from within the guest operating system by adding the parameter shown
Table 8. Configuration Setting to Prevent Device Removal or Connection
Name Value
Isolation.tools.connectable.disable true
http://www.vmware.com/files/pdf/vi35_security_hardening_wp.pdf
I believe this solves your issue.