The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,640 other followers

Very odd cause (and solution) for VMware View Client “Connect Desktop Failed”: Event Log could not start because of Access Denied error 5.

Posted by jpluimers on 2012/02/09

Lets start post 800 by mentioning it took quite a bit of time to solve the connection problem to VDI. I hope it will help others, and if I ever run into this again myself: now I know where to look :)

Some clients make heavy use of VMware VDI (Virtual Desktop Infrastructure) which moves the desktop into the VMs in the data center.

A while ago I spent most of the day tracking down a “Connect Desktop Failed” error with VMware View Client running on a Windows 7 x64 workstation to connect to a VDI VM. It would connect to the VDI server, authenticate, start the Desktop, but could not connect to the Desktop.

The amazing thing is that the VMware view client worked fine on an XP VM workstation (with and without SNX) XP physical machine with SNX, and another Windows 7 x64 VM workstation (also with and without SNX) and Windows 7 x64 physical machine with SNX.

Clearly something was wrong with this particular Windows 7 x64 workstation that is host of most of my development VMs so I didn’t want to do a re-install.

I tried many obvious things on the Windows 7 x64 workstation:

  1. reboot
  2. disable firewall
    (that would have indicated some of the ports required by VMware view were not open: in practice not all ports mentioned in the list are used)
  3. uninstall software from various vendors that might interfere with network activity
  4. disabled virus scanner
  5. step down from VMware View Manager 5 client to VMware View Manager 4.6 client
  6. circumvented SNX (CheckPoint SSL VPN extender) making sure I was on the same WAN and later LAN of the VDI
  7. verified twice I had indeed Windows 7 SP1 applied
  8. laughed about the SSE support required by VMware view client

Since the “Connect desktop failed” does not return many English search results, I started browsing the Russian ones.

This particular Google translated Russion article on SSE got me started: it mentioned that the VMware view client would log errors in the eventlog.

So I started eventvwr.msc, and almost fainted: it could not show my eventlog!

This was the error message: “The Event log service is unavailable. Verify that the service is running.”

So I ran services.msc, found out the eventlog service was not started, and tried to start it manually getting this error message:

[Services]
Windows could not start the Windows Event Log service on Local Computer.
Error 5: Access is denied.
[OK]

I don’t normally look in the eventlog often, but it appeared the eventlog hadn’t been running for a a few months.
The last event log entries back then were from a regular shutdown of the machine. Right before that, a Windows Defender Update KB915597 was applied, but I doubt this combination is the real cause.

There are many search results for “Windows 7” “Windows could not start the Windows Event Log service on Local Computer.” “Error 5: Access is denied.”.

I was looking for a security related solution as my experience with Access Denied errors usually comes down to either of these:

  • a process (might even be on a remote machine) is still active keeping a handle open
  • wrong Access Control List
  • wrong object ownership

When the eventlog service cannot start, there is not much to log, but Process Monitor came to the rescue: it showed that accessing files in this directory failed:

%SystemRoot%\System32\winevt\logs

That lead me to a Sysinternals forum thread and this Windows Server 2008 support article (Windows 2008 R2 is the server variant of Windows 7) explaining the correct rights of the logs directory.

Somehow the “NT SERVICE\EventLog” didn’t have full control on that directory any more. As soon as I gave it full control, I could start the Windows Event Log service (I didn’t have to rename the log files), view them with the Event Viewer, and – finally – the VMware view client could connect!

In retrospect, the error message somewhat made sense. Just before trying to connect, it wanted to write to the eventlog, but couldn’t, and therefore not setup the right connection. The classic “something is at fault, lets post a wrong error message”.

Now that I finally could use the VMware view client, I also created a shortcut for this particular client that starts the VMware view client with the right parameters:

"%ProgramFiles%\VMware\VMware View\Client\bin\wswc.exe" -serverURL FullyQualifiedDomainName -userName AWindowsUser -domainName SomeWindowsDomain

–jeroen

PS:

  1. If you have never used VDI, watch this very nice VDI video (based on VMware Infrastructure 3, but the basic idea is still the same). The VMware View article on Wikipedia is a bit outdated.
  2. I noticed that the SNX applet has a hint text in the icon tray containing phrases like “EGG ANEW UP DART FOIL ONTO WELD HUM MUFF NEW ADEN SONG” which looks a lot like the 6-word (64 bit) S/KEY One-Time Password System, but now using 12 words (and 128 bits).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

 
%d bloggers like this: