1 2 Previous Next 28 Replies Latest reply on Oct 24, 2018 5:05 AM by RonaldJanssen

    Console mouse session interfering with guest Citrix sessions

    jcrowland Novice

       

      We're running a number of Citrix Presentation 4.5 servers on Microsoft Windows 2003 R2 fully patched guests on ESX 3.5.0 (64607) hosts and recently encountered two problems:

       

      1. Today, we RDP'ed into our VirtualCenter server and hit the console for a guest server, after logging in as a local administrator, about 12 users complained that their mouse was moving.  We verified that this was the case and that it correlated to the console session.  We disconnected the administrator, closed the session, reconnected from another source, and reproduce the problem again.  We've never experienced anything like this on any of our 3.0 or 3.5 ESX servers.

      2. Last week, we consoled into a server, again via RDP, logged in, logged out, and then copy and pasted text into something on my local PC.  The text surprised me as it was something from a user logged into the server, probably from her buffer, it was a confidential excerpt from a contract.  This was on a separate Citrix 4.5 server guest running on a different 3.5 ESX host.

       

      I hunted around the KB and couldn't find recent references to issues like this.  We have the VMware tools installed on the guests, updated as of a few months ago.  Any ideas?

       

       

       

       

       

      Thanks!

       

       

       

       

       

      --John C. Rowland

       

       

       

       

       

        • 1. Re: Console mouse session interfering with guest Citrix sessions
          Texiwill Guru
          vExpertUser Moderators

          Hello,

           

          Sounds like a citrix/microsoft problem more than a ESX/Remote Console issue. But you definitely have something going on.

           

          When you RDP into a VM do you RDP in with /console enabled or do you use whatever Terminal is given. Since the remote console mouse/cut-n-paste buffer is whatever the console buffer is for the system if this is a citrix/RDP/Microsoft problem you can duplicate this using physical hardware. When Citrix is in use are they using the 'console' or another Terminal as well. If everyone is sharing the console then this will happen.

           

          I would really start there. If you cannot reproduce it then you need to report this to VMware as soon as possible as a security problem.

           


          Best regards,

          Edward L. Haletky

          VMware Communities User Moderator

          ====

          Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

          CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

          As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

          • 2. Re: Console mouse session interfering with guest Citrix sessions
            jcrowland Novice

             

            Ed--

             

             

             

             

             

            Thanks for the pointer.  The Citrix sessions aren't using the /console switch and when we use VMware's VirtualCenter we aren't using the /console switch to RDP into that server (which is a physical standalone server).  We haven't reproduced this in a physical server, but also we haven't been able to reproduce this all the time with these guest servers either, it seems intermittant, but it raises some significant security concerns.

             

             

             

             

             

            --John

             

             

            • 3. Re: Console mouse session interfering with guest Citrix sessions
              Texiwill Guru
              vExpertUser Moderators

              Hello,

               

              The host on which you run the VIC and VC server should have nothing to do with this. You are talking about using the ICA client to access the Citrix sessions from a user desktop and using the VMware Remote Desktop via the Virtual Infrastructure to access the Console of the Citrix Server? I hope this is correct.

               

              The remote desktop by default can cut-n-paste from a VM (whatever is in the user's buffer within the VM) to the desktop upon which you are running the VIC and visa versa. THat is the default settings. To secure this you will have to set the following on the VM's advanced settings.... VIC ->Select VM -> Edit Settings -> Options -> General heading Advanced link -> Configuration Parameters button... Select the Add button and enter in to the left the following:

              isolation.tools.copy.enable
              

               

              Enter into the right

              false
              

               

              Repeat for isolation.tools.paste.enable, also setting its value to false.

               

              This disables remote console cut-n-paste from the host that runs the VIC to the VM and visa versa. TO set this you do have to recycle the power on the VM however.

               


              Best regards,

              Edward L. Haletky

              VMware Communities User Moderator

              ====

              Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

              CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

              As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

              1 person found this helpful
              • 4. Re: Console mouse session interfering with guest Citrix sessions
                jcrowland Novice

                 

                We'll definitely try this, you are correct in that we were able to copy and paste from the console connection via the VirtualCenter remote from one of the user sessions.  Honestly, on our physical servers, we don't copy and paste after hitting a console session, so I can't test against that.  It just seemed odd.  It seems like a safe bet to disallow copy and paste in the future to address this security concern.

                 

                 

                 

                 

                 

                What is most pecular though is the first problem I reported, where a console user (via VirtualCenter) seems to interact with most of the Citrix (ICA) and a handful of Microsoft (RDP) sessions via his mouse.  We've never seen anything like that with a Citrix Presentation 4/4.5 server or a Microsoft Terminal Server, but have encountered this today with one our guest servers.  I tried reproducing this via an RDP session to the console and could not repeat this, so it seems to be something with the VirtualCenter console.

                 

                 

                 

                 

                 

                Thanks!

                 

                 

                 

                 

                 

                --John

                 

                 

                • 5. Re: Console mouse session interfering with guest Citrix sessions
                  Texiwill Guru
                  User ModeratorsvExpert

                  Hello,

                   

                  To duplicate that you would need to login to the physical console of a physical machine and not an RDP session. The remote console replicates the physical console. I would also check to see if there is some form of screen sharing going on within Citrix. Or it could be that the 'complaints' were made when multiple people were logged into the Remote Console and NOT using ICA. This would really be a problem with ICA and not necessarily VMware as ICA should prevent any 'console' actions from bleeding through.

                   


                  Best regards,

                  Edward L. Haletky

                  VMware Communities User Moderator

                  ====

                  Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

                  CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

                  As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

                  • 6. Re: Console mouse session interfering with guest Citrix sessions
                    jcrowland Novice

                     

                    We have about a dozen guest 2003 servers residing on two separate hosts, some using Citrix, but we've been able to reproduce this on all the servers, those running Citrix and those that aren't-- so just plain jane file servers, IIS servers, for example.  We have not been able to reproduce this on physical 2003 servers, of which we have about fifteen.

                     

                     

                     

                     

                     

                    It seems to happen whenever we RDP to the virtualcenter server and click on the console view, when we move the mouse off the virtualcenter console, anyone logged into the server via Citrix ICA or RDP (in the case of the file or IIS servers, where another administrator connects) experiences interference in their sessions from our mouse.  We've been able to reproduce this from multiple workstations using different mice.

                     

                     

                     

                     

                     

                    Normally, we don't use the console via VirtualCenter, but lately we've had a need to do this and have found this disconcerting.  Any ideas?

                     

                     

                     

                     

                     

                    --John

                     

                     

                     

                     

                     

                     

                     

                     

                     

                     

                     

                    • 7. Re: Console mouse session interfering with guest Citrix sessions
                      Patrick Miller Hot Shot

                      We are experiencing the same issue when testing our Citrix environment inside ESX...

                       

                       

                       

                       

                       

                      The problem is when the mouse comes back into "focus" of the console, the user's mouse will jump to that point. Once the console has "grabbed" the mouse, you can move it around without inferring with the user's session. This happens in a standard RDP session as well as a Citrix session.  I uninstalled VMware tools, and reinstalled without the mouse driver, the problem is still there.

                      • 8. Re: Console mouse session interfering with guest Citrix sessions
                        Texiwill Guru
                        vExpertUser Moderators

                        Hello,

                         

                        I would open a support request with VMware. This definitely does not sound correct unless someone is RDP in using the console.

                         


                        Best regards,

                        Edward L. Haletky

                        VMware Communities User Moderator

                        ====

                        Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

                        CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

                        As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

                        • 9. Re: Console mouse session interfering with guest Citrix sessions
                          depping Champion
                          User ModeratorsVMware Employees

                          Please phone support and log a Call. This isn't something you would want to fix with a workaround.

                           



                          Duncan

                          Blogging: http://www.yellow-bricks.com

                           

                          If you find this information useful, please award points for "correct" or "helpful".

                          1 person found this helpful
                          • 10. Re: Console mouse session interfering with guest Citrix sessions
                            HHO-Tim Novice

                             

                            Hello Texiwill,

                             

                             

                            can you say me something about your support call? Is there an answer from vmware?

                             

                             

                            Best regards

                             

                             

                            Tim 

                             

                             

                            • 11. Re: Console mouse session interfering with guest Citrix sessions
                              Texiwill Guru
                              vExpertUser Moderators

                              Hello,

                               

                              My comment was that the original poster should open a support call, or anyone experiencing this problem.

                               


                              Best regards,

                              Edward L. Haletky

                              VMware Communities User Moderator

                              ====

                              Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

                              CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

                              As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

                              • 12. Re: Console mouse session interfering with guest Citrix sessions
                                HHO-Tim Novice

                                Oh sorry, Texiwill.

                                 

                                 

                                i read this thread very fast.

                                 

                                 

                                But i have the problem, too. I'm very interested in a solution of the problem.

                                 

                                 

                                 

                                 

                                 

                                Best regards

                                 

                                 

                                Tim

                                • 13. Re: Console mouse session interfering with guest Citrix sessions
                                  jcrowland Novice

                                   

                                  So far, we've opened a ticket and the support people seem a bit baffled by this. 

                                   

                                   

                                  Like I said earlier, we discovered this behavior on two separate host servers and it doesn't just impact Citrix sessions, it impacts RDP sessions to all the guest Windows 2003 servers.

                                   

                                   

                                  --John

                                   

                                   

                                  • 14. Re: Console mouse session interfering with guest Citrix sessions
                                    jcrowland Novice

                                     

                                    Just to keep everyone updated, we've determined this is related to the Vmware Tools on the guest Windows servers.  If we don't install it on new servers, we don't have a problem.

                                     

                                     

                                     

                                     

                                     

                                    VMWare support is investigating further and thinks they may have a patch for us to try.  I'll keep people updated as it appears others have experienced this issue.

                                     

                                     

                                    1 2 Previous Next