header image
 

Remote debugging trap

I’ve spent about an hour today trying to make remote debugging work with my test VM. For it to really work you need to have the same user on both machines, which can be problematic. My test machine contained a server process that needs to run under specific account, so I couldn’t change that. What I did was creating local user on a target (VM) machine identical as the one on the dev machine (with the same password). Then I logged on to VM as the new user, started msvsmon on the VM (as the newly created user by default), and started the server process as the other required user. This should work, just make sure the new account has administrative and debug privileges. Alas, when trying to attach to my program the following error appeared:

---------------------------
Microsoft Visual Studio
---------------------------
Unable to connect to the Microsoft Visual Studio Remote Debugging Monitor named 'admin@vm'.
The Visual Studio Remote Debugger on the target computer cannot connect back to this computer.
Authentication failed. Please see Help for assistance.
---------------------------
OK   Help   
---------------------------

On the target machine’s msvsmon I saw one line saying that a connection was successful. Well, at least successful one way. But apparently the VM couldn’t authenticate back for some reason. I tried accessing some host share from the VM – same result, authentication failed. I made sure I was using the right account and password. And then it struck me.

There is a setting in the Local Security Policy that dictates how LAN Manager authentication works. My dev machine runs Windows 7, while the VM was Server 2003. That particular option (Local Policies – Security Options – Network security: LAN Manager authentication level) was set to “Send NTLMv2 response only. Refuse LM & NTLM” on my dev machine. It basically means that only machines using the new protocol can authenticate correctly. Server 2003 sends v1 requests so it failed to authenticate because those were refused. I changed it to “Send NTLMv2 response only. Refuse LM” and behold, I could now debug to my heart’s content.

I must have changed that setting some time ago and forgot about it. It actually warns you about potential compatibility problems, so be careful if you fiddle with it.

~ by omeg on August 2, 2012.

code, troubleshooting

Leave a Reply