- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RDP VDM Agent - Access is Denied
I have setup 2 pools of VM's, each consisting of 4 VM's for testing.
I have installed the VDM Agent but when I go to simply RDP onto my VM's the RDP screen comes up and then a box with a red cross saying "VMware VDM Agent - Access is Denied".
So before I get to enter credentials into RDP I get this error. There is no firewall turned on in the VM's and this is before I even use the VDM Windows Client to test logging onto my pool, I am usign RDP straight from my own Windows laptop.
What causes the VDM Agent to say access is denied even before I get to enter my credentials doing a normal RDP to a VM?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By default the VDM 2.1 agent will block non-VDM RDP connections, this was a request from customers after 2.0 was released. It can be disabled by group policy or registry setting on the agent VMs - the group policy file is included in the VDM connection server install under the ADM subfolder.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmmmmmmmm I'm not sure on that.
I have found that DNS was not quite right so I changed that and one of my VM's I can now RDP....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you go into more detail when you say the DNS wasn't quite right? I just installed VDM 2.1 and found that I too received the access denied message when trying to use straight RDP to access the VM's. I used the GP template that referenced and was able to change this behavior on my test machines without any issues. Are you using 2.1 or 2.0?
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had previously tried a few weeks ago VDM with a pool of VM's and I reused the names but not the IP's therefore my DNS had the host names pointing to the wrong addresses.
After I cleaned up that all my VM's now work fine although I have not applied the GPO thing for allowing normal RDP to my pool of VM's but RDP outwith VDM works fine, and VDM works fine as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any idea what that reg key is on the agent machine?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The GPO should only going to apply if you are using the VDM 2.1 agent.
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think this is the key in question
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VMware, Inc.\VMware VDM\Agent\Configuration
"AllowDirectRDP"="true"
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, mittim12.[~122286]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When does this policy get enabled? I've had it occur on 1 out of 3 VDI images ... with VDM 2.1...
/kimono/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When does this policy get enabled? I've had it occur on 1 out of 3 VDI images ... with VDM 2.1...
/kimono/
It is supposed to be the default behavior for the VDM 2.1 agent.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
one posibility is the agent has been upgraded from 2.0 to 2.1 hence the reason the Reg key is not there.
Tom Howarth
VMware Communities User Moderator
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Strange cause I have a very old workstation XP VM that was converted to ESX, then installed VDM 2.1 agent on it, which is allowing RDP and VDM connections. Another XP VM, clean install with VDM 2.1 , doesn't allow RDP and doesn't have that policies\VMWare Inc subkey. I found the only way to allow RDP add the value to this location:
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Agent\Configuration
I didn't test it with the POLICIES\ key mentioned before... is that a mistake?
/kimono/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
that is strange and worrying. I would expect that the install routine would have repeatable behaviour, did you use the same build of agent on all occasions
Tom Howarth
VMware Communities User Moderator
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should see with the VDM 2.1 agent that the default setting is to block non-VDM RDP connections when the SSO component is installed - this componenet handles broker authentication to the agent and hence is also repsonsible for blocking direct connections. Both registry locations are correct (with/without policies), the policies version is generated by the group policy file included with the server installation and overrides the normal software registry entry. I hope that clarifies things.
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm having the same problem. Since the key didn't exist on my vm, I created it, seeing from this guy's blog: here
Still didn't work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you want to do? Block the non-VDM connections of allow them?
Regards,
Christoph
Don't forget to award the points if this answer was helpful for you.
Blog:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Allow - I got it - I was adding a registry key instead of a string.
Thanks!
Jude Eden
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've asked because the default was changed once. First it blocked by default then default was allow... If I remember correctly it was in View 3.0 or so...