VMWare-Tools jump server connection requirements

Overview

This article will cover permissions, settings, group policies with links to other articles that will help you setup your VMware-Tools connection to your Windows jump server


Considerations

  • Have configured a service account for your vCenter endpoint connection
  • Have configured a service account for your Microsoft Endpoint with appropriate permissions


Information

vCenter endpoint permissions


Group Policies on your jump server

Most organizations have hardened group policies to ensure specific accounts have certain rights whilst others may have minimal rights.  We have found a couple of group policies which needs to be revised that will break VMWare-Tools connections to your jump server.

  • Computer Configuration
    • Windows Settings
      • Security Settings
        • Local Policies
          • User Rights Assignment 
            • Allow log on locally

If you have the above policy configured then you need to ensure that your Microsoft End Point Service Account is a part of this policy.


If you have the opposing policy configured then you need to ensure you DO NOT have your Microsoft Endpoint service account as a part of the following policy

  • Computer Configuration
    • Windows Settings
      • Security Settings
        • Local Policies
          • User Rights Assignment 
            • Deny log on locally

Jump server temporary folder

We recommend utilizing a different location for your Microsoft Endpoint instead of the default c:\windows\temp location.  Once you create your new temporary location for example c:\SovLabs you need to ensure that the service account for your Microsoft End Point has modify permissions on that folder.


Active Directory / DNS / IPAM permissions

Ensure you have configured your Microsoft account with the appropriate permissions. Below are documents we have around minimum permissions required.

Additional information

VMware-Tools Jump Server trouble shooting : https://support.sovlabs.com/a/solutions/articles/6000233227
Remoter Trouble Shooting : Remoter - RemoterResponse{exitCode=null, stdout='null', stderr='null'}
Jump Server / VMWare-Tools Account setup : https://support.sovlabs.com/a/solutions/articles/6000226359
AD account control configuration : https://support.sovlabs.com/a/solutions/articles/6000200139


Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.