[Resolved] Requirements to restore encrypted VHD (Windows guest VM) in Vbox 5.2

[mothball]

What are the requirements to successfully restore a complete VM with Vbox encrypted disks in VirtualBox 5.2 running on Mac OSX 10.11? If I am able to restore the complete contents of ~/VirtualBox VMs/VMname/ that contains all VHDs, vbox, logs, snaps, etc, and I know the encryption password, is there any other step I need to restore my VM from backup?

Background:
I have a Windows guest VM with two encrypted VHD files working for years (I successfully enter the encryption password at each boot). I decided to take a snapshot before installing an update, then delete that snap after validation two days later, when I know the VM was successfully booting with the encryption password. But after the old snap deletion completed, I could no longer boot my VM. After the encryption password prompt, I get the error "FATAL: No bootable medium found! System halted".

I figure something must have borked with the delete/merge so I renamed the OS VHD file, then restored the VHD from backup just a couple days earlier. Same FATAL error. Because of the snapshot that's involved, I figured maybe I need to restore the complete VM folder, not just the OS VHD.

I consulted forum topic 55003 about moving VMs around on the same system. I remove the VM from the manager (remove only), close the manager, rename the VM's folder, restore the whole folder from a backup, then Machine > Add in the manager. But upon booting the VM I get the same FATAL error. Worse, I'm not even prompted for my encryption password at all, which I don't know how this is possible. The VM has been encrypted for months and the restore date was within the past week.

I've read through various forum posting about restoring an encrypted VM with backups and known passwords, but am not sure what steps I'm missing.

• How to Attach Encrypted vdi to VM in VBox 5.0 (topic 69503)
• How to re-use encrypted VDI??? (topic 75092)
• Can't open my encrypted vdi on a different host... (topic 70235)

(I can't post links with my new account FYI, so I've referenced just the topic number that appears in the U-R-L)

[socratis]

I'm going to move the thread to "Using VirtualBox" from the "OSX Hosts" area, because this is a cross-host issue...

What most people don't understand at a first pass is that when the VDI/VHD/VMDK is encrypted, the password hash is not saved in the VDI/VHD/VMDK file itself, but it's stored in the .VBOX file, the "recipe" of the VM. So, restoring or copying or backing up only the medium will be catastrophic!

In order to successfully restore an encrypted VM you need both the virtual medium and the .vbox file. If you have both of these, you should be able to start your VM.

I would like to see the "recipe" of the VM, the ".vbox" file:

1. Right-click on the VM in the VirtualBox Manager. Select "Show in Finder".
2. ZIP the selected ".vbox" file and attach it to your response.

Also, I'd like to see the output of the command:

• 
  VBoxManage showmediuminfo "<YourVHDsFullPath>"

[mothball]

After finding those other forum postings, I realized the .VBOX files is required, which is why I restore the entire VM folder. It includes the *.vbox, *.vhd files plus the Logs & Snapshots folders. But I encountered the same issue FATAL error after boot. I have other older backup copies I can try, but wanted to verify if I'm missing something before I try even older versions. The files are large.

I have the ZIP and output ready, but is there any risk to posting the CRYPT/KeyStore value in a public forum like this? I have already sanitized the file paths a little to remove some personal info.

[socratis]

I have the ZIP and output ready, but is there any risk to posting the CRYPT/KeyStore value in a public forum like this?

Absolutely 0%. Please read the article on Public-key cryptography.

I have already sanitized the file paths a little to remove some personal info.

Don't. Your "sanitation" process might taint the evidence. Why are you so afraid? Are you working for a TLA agency?

[mothball]

ZIP attached and CLI output below

Code: Select all

UUID:           7e72c63d-1e58-4e8a-a804-aa1adf34082e
Parent UUID:    base
State:          created
Type:           normal (base)
Location:       /Users/USERNAME/VirtualBox VMs/W7 Ultimate/W7UltimateC.vhd
Storage format: VHD
Format variant: dynamic default
Capacity:       102400 MBytes
Size on disk:   102357 MBytes
Encryption:     enabled
Cipher:         AES-XTS256-PLAIN64
Password ID:    W7 Ultimate
Property:       CRYPT/KeyId=W7 Ultimate
Property:       CRYPT/KeyStore=U0NORQABQUVTLVhUUzI1Ni1QTEFJTjY0AAAAAAAAAAAAAAAAAABQQktERjItU0hB
MjU2AAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAg7TVSPJvbG3xkfnYuaaKWevjN3dBq
BYKv8ii0zL+qCSAAAAAUDz+WYOv5/bWgqARgMH6AfYCqOGB8Na5w0zshKvJLkyBO
AABaQ9k3cTIOiR1CkMKmOjRbQIxpRPVAs1X0+pzsmKNr0eAiAgBAAAAA+ZPS6543
mG/Hyx+Zp2mVvOWa8++i4H8qIMBcpScl0pkF3bIONu6shuiIuW3PT+Doip6B4PVy
MuuPcaMKjl7v4g==
In use by VMs:  W7 Ultimate (UUID: 6581fce5-c70c-43cd-b5da-b0f768fc1123)

[socratis]

That's a funny^[1] situation:

• Your "showmediuminfo" output and the .vbox file match.
• You restored from a backup, which according to your sayings was a complete VM folder backup, the proper way. BTW, what is your backup media formatted as? What's the filesystem?
• You are not prompted for a password, which is puzzling to say the least.

Here's what I'd like you to try:

1. Unregister the VM. Delete the files (you do have a backup).
2. Go to the Media Manager and make sure that both "W7UltimateC.vhd" and "W7UltimateD.vhd" are not there. Attached or not. If they show up, I will definitely need more clarification, if they're attached to another VM for example.
3. Quit VirtualBox, wait for every VBox* process to end. Even better, reboot the host.
4. Restore the whole VM folder from the backup.
5. Register the VM, by either double-clicking, or going to the menu "Machine" » "Add...".
6. Start the VM.

---

^[1]: Funny, not as in "Ha, ha, funny!", but as in "The yogurt tastes funny", kind of funny...

[mothball]

My backup medium is CrashPlan Pro (Small Business), in their central cloud storage.

Followed your steps exactly: Unregistered VM with option to delete files. Verified Hard Disk Media Manager became empty after I refreshed a couple of times. Quit VB, waited until all vbox processes ended gracefully, then restored from 10/12. This is the day the VM started throwing the FATAL error at boot after I deleted a snapshot. The dates of the files are prior to the time I delete the snapshot (.vbox 10/10, .vhd 10/05).

Added back into the Manager but the error below is thrown. It seems clear that my 10/12 backup did not capture the needed snapshot files sadly, despite having the whole VM folder selected in CrashPlan. So now, I will retry all your steps but with a date before I took the snapshot as I am unable to find them in any of the my restore dates.

Code: Select all

Failed to open a session for the virtual machine W7 Ultimate.

Could not open the medium '/Users/USERNAME/VirtualBox VMs/W7 Ultimate/Snapshots/{7c0320d7-651f-4410-a505-a26a42d98dec}.vhd'.

VD: error VERR_FILE_NOT_FOUND opening image file '/Users/USERNAME/VirtualBox VMs/W7 Ultimate/Snapshots/{7c0320d7-651f-4410-a505-a26a42d98dec}.vhd' (VERR_FILE_NOT_FOUND).

Result Code: NS_ERROR_FAILURE (0x80004005)
Component: MediumWrap
Interface: IMedium {4afe423b-43e0-e9d0-82e8-ceb307940dda}

[socratis]

My backup medium is CrashPlan Pro (Small Business), in their central cloud storage.

I don't have a clue what that is, and I don't necessarily need to know, except one vital, one crucial detail: can it backup files greater than 4GB? Y/N?

This is the day the VM started throwing the FATAL error at boot after I deleted a snapshot.

How exactly did you delete the snapshot? From your host OS, from the Finder?

It seems clear that my 10/12 backup did not capture the needed snapshot files sadly

That seems to be the error in this case, the VERR_FILE_NOT_FOUND part...

[mothball]

Yes, they support very large files, which is why I use them. My VHDs are 50+ GBs.

I deleted it from the Manager GUI > Snapshots > right click Delete. The delete and "merge" appeared successful after it ran for awhile, but upon the next boot is when the FATAL error started.

Will update on the 10/09 restore attempt in the next day or so.

[mothball]

Success! Restoring a backup that contains all VM files prior to the snapshot worked, when following your exact steps. The first times I attempted this, I didn't wait for all the vbox* processes to close, nor did I check that Media Manager HDD was empty. Not having a backup of the snapshot file was also problematic for me.

Thank you very much for your help and increasing my knowledge of this product.

[socratis]

\o/
Really glad you resolved this, because in the majority of the cases with encrypted media, the end-result was catastrophic! Well, in your case, it seems that something went wrong in the backup process...

The true value of a backup, is the restore.
Socratis

Marking as [Resolved].