VMware Horizon Client Disconnects Immediately After Connecting: HccChannelPlugin::ChannelAddRef: No shared memory channel

Recently I’ve needed to connect to a virtual desktop using VMware Horizon Client. Immediately after connecting, I received the error message:

ERROR (1FD0-19D0) <6608> [vmware-remotemks] HccChannelPlugin::ChannelAddRef: No shared memory channel. Horizon client service may be down.
FATAL (1FD0-1E14) <vmware-usbd> [vmware-remotemks] GOT DEP ACCESS VIOLATION

After much research and try & error, I was able to determine that VMWare Horizon Client requires up to 4GB of RAM for physical machines and 5GB of RAM for virtualized Windows 7, 8.1, 10 systems (VirtualBox, VMWare Workstation).

Share Button

Sun’s VirtualBox 3.1.x: Getting VRDP (remote desktop) to authenticate properly with Linux PAM

I rebuilt an Ubuntu 9.10 server this past week, ripping off VMware and replacing it with VirtualBox 3.1.2. Setting up VirtualBox as a headless server was very easy with VBoxTool. However, I ran into a problem that I was unable to connect using remote desktop (rdesktop) as any user but the user that started the virtual machine.

Jan 21 22:43:13 vm-holder unix_chkpwd[16040]: check pass; user unknown
Jan 21 22:43:13 vm-holder unix_chkpwd[16040]: password check failed for user (jason)
Jan 21 22:43:13 vm-holder VBoxHeadless: pam_unix(vrdpauth:auth): authentication failure; logname=virtualbox uid=1001 euid=1001 tty= ruser= rhost=  user=jason

This is, currently, an undocumented security feature of VirtualBox 3.1x to prevent just anyone from accessing the virtual machine console. For most folk, this might be a very good thing but if you have a team of sysadmins that should have access to the virtual machine consoles, you probably don’t want them to use the same login.

If that is the case, you can add the user(s) that should have access the virtual machine console to the shadow group on the host Linux machine. Be warned though that the user(s) that are added to the shadow group should not be able to log into the host machine else they will be able to read the shadow file where all the passwords to the box are stored. If the users need access to the host box, then they should have a login for host access (not part of the shadow group) and another for virtual machine console access.

Adding linux user jason_vrdp to the shadow group:

(root) # usermod -G shadow,virtualbox jason_vrdp

Prevent jason_vrdp from logging in to the host or anyone from sudo’ing to it:

(root) # usermod --shell /bin/false jason_vrdp

That’s it 🙂

Share Button