Cannot start brand-new vm

Discussions related to using VirtualBox on Windows hosts.
Post Reply
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Cannot start brand-new vm

Post by jrw »

I have used virtualbox before, but this one has me stumped.

Windows 7 Pro SP1 64-bit host, Dell Latitude E6430 4GB memory
installed latest virtualbox software successfully (no guest additions), v4.3.28 r 100309
created new vm with 1GB memory, 10GB disk using linux/ubuntu64 template
try to start the vm with latest Linux Mint MATE (or Cinnamon) 17.1 iso
starting vm aborts after about 3 seconds with these final messages in the log:

00:00:13.139120 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false
00:00:13.242640 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false
00:00:14.314719 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false

I've attached the full logs
Attachments
zipped_logs.zip
(53.15 KiB) Downloaded 38 times
noteirak
Site Moderator
Posts: 5229
Joined: 13. Jan 2012, 11:14
Primary OS: Debian other
VBox Version: OSE Debian
Guest OSses: Debian, Win 2k8, Win 7
Contact:

Re: Cannot start brand-new vm

Post by noteirak »

How do you start the VM? Any message on the screen/console?
Hyperbox - Virtual Infrastructure Manager - https://apps.kamax.lu/hyperbox/
Manage your VirtualBox infrastructure the free way!
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Cannot start brand-new vm

Post by mpack »

This seems to be a hardening error, perhaps due to VBox's rejection of DropBox's attempt to inject DLLs (e.g. DropBoxExt64.25.dll) into the VirtualBox executable memory space.
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Cannot start brand-new vm

Post by jrw »

steps to reproduce:

uninstall virtualbox
remove c:\Users\MYUSER\VirtualBox VMs and C:\Users\MYUSER\.VirtualBox and remainders of install location.
download/reinstall virtualbox (only customization is install location)
create vm (linux, 2.6/3.x 64-bit, 1GB memory, 10GB disk)
start vm and point it at Linux Mint .iso
aborts in 3 seconds with no message, but vm icon/text now says Aborted

@mpack: I uninstalled Dropbox and reinstalled virtualbox and tried again with the same results. New logs attached.
Attachments
logs.zip
(53.28 KiB) Downloaded 23 times
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Cannot start brand-new vm

Post by jrw »

Checked laptop bios options:
Intel Virtualization Technology is enabled
Intel Virtualization Technology for Direct I/O is enabled
Intel Trusted Execution Technology is not enabled (TPM is also not enabled)
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Cannot start brand-new vm

Post by jrw »

Here is the content of the C:\Users\MYUSER\.VirtualBox directory
Attachments
vb.zip
(5.71 KiB) Downloaded 24 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Cannot start brand-new vm

Post by mpack »

Now you seem to be having a problem with "bc0.f8c: supHardenedWinVerifyImageByHandle: -> -615 (\Device\HarddiskVolume2\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe)".

Instead of peppering us with slightly modified logs, you could perhaps look at VBoxStartup.log yourself. Verify that the last line ends on an error (a non-zero exit code), and then search the word "error" in the log. Ignore "error opening", since if the foreign DLL isn't present then it can't cause a problem.
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Cannot start brand-new vm

Post by jrw »

Thanks, mpack!

As a user unfamiliar with the implementation of VirtualBox (especially on Windows), I wasn't sure if it was the installation of VirtualBox itself, or the creation/starting of the VM, or the particular .iso I'm trying to load, or what. I've tried installing different versions of VB4.3 all to no avail.

But since you're focusing on the messages in VBoxStartup.log, I'll do the same.

I was able to uninstall DropBox, since I can easily reinstall it later. But I haven't uninstalled Roxio, since then I won't be able to reinstall it (it's a corporate laptop). Using ProcessExplorer, it does not appear that Roxio starts a process at boot time. Using msconfig, I found one "startup item" for Sonic Solutions, disabled that, rebooted.

Then I uninstalled VirtualBox, cleaned up (removed the installation directory entirely: the sdk folder was not entirely removed by the uninstallation, and removed C:\Users\MYUSER\.VirtualBox), reinstalled the very latest VirtualBox 4.3.28 and tried again. During installation, I did notice that sometimes when I install VirtualBox, I'm asked to click thru 4 permissions prompts and sometimes just 3 permissions prompts -- I don't understand why it should be different for different installations if everything is getting removed properly by the uninstall.

Then I created my VM and tried to Start it. It failed in same way. Grepping the two logs (attached) in the VirtualBox VMs folder, I see:

$ grep -i error *
VBox.log:00:00:33.106530 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false
VBox.log:00:00:33.204080 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false
VBox.log:00:00:34.269750 ERROR [COM]: aRC=VBOX_E_IPRT_ERROR (0x80bb0005) aIID={480b372c-c0b5-4c23-9bd7-dcbb85b1594c} aComponent={Display} aText={Could not take a screenshot (VERR_TRY_AGAIN)}, preserve=false

VBoxStartup.log:1bb8.1310: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
VBoxStartup.log:1bb8.1310: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
VBoxStartup.log:1bb8.258: Error (rc=0):
VBoxStartup.log:1bb8.218: Error (rc=0):

Focusing on VBoxStartup.log, I see wintab32.dll which appears to be related to a Sony system recovery CD or maybe Wacom Technology something or other, according to a google search.

So, I'm thinking that I could go on for a long time removing or disabling different bits of already-installed software, without getting to the root cause. There must be something fundamentally different about my laptop that's causing these errors with VirtualBox, but I don't have a clue about what it might be.

This is a Dell Latitude E6430 corporate laptop with Win7 Pro SP1 64-bit, i5 processor, 4GB of memory, with Anti-Virus and various kinds of protection (e.g. Trend Micro), full disk encryption, Juniper VPN. Could there be some more fundamental issue with the laptop that's allowing VirtualBox to be installed, but causing it to keep aborting every time I try to start an image?

As a comparison, I had absolutely no problem installing VirtualBox on my daughter's personal (not corporate) ThinkPad and creating VMs with it.

Thanks again for your help!
Attachments
logs.zip
(53.92 KiB) Downloaded 26 times
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Cannot start brand-new vm

Post by mpack »

Please don't post any more logs unless one of us asks for it. So far these new logs tell us nothing that the first log didn't, so they are just wasting server space - though at least they are compressed, so thank you for doing that.

As I said before, you can ignore all "Error opening" messages. You can also ignore the "could not take screenshot", which is a harmless warning (the preview window in the GUI can't grab a thumbnail because the VM isn't responding - as if we didn't know already).

The hardening feature in VirtualBox is a security feature whereby it checks for another program "injecting" code modules (a.k.a. DLLs) into the VirtualBox program space. Some of the VirtualBox program space runs at elevated privilege levels, so in theory malware could inject a trojan into the VirtualBox space and thereby gain access to your entire PC. VirtualBox will allow foreign DLLs if they carry a valid certificate - but you seem to have habit of installing a number of invasive but uncertified applications! If you don't want to give up these applications you might want to check if certified versions are available.

The only difference between yours and your daughters laptop will be the exact mix of secondary apps installed on it.

You might also want to check the Windows update history - a couple of updates in the last year have resulted in corrupted certificates databases on Win7 32bit hosts.

Finally, you can try downgrading VirtualBox to version 4.3.12, which is the last version not to implement the hardening feature.
jrw
Posts: 7
Joined: 10. Jun 2015, 16:59

Re: Cannot start brand-new vm

Post by jrw »

Thanks, mpack! I was able to use 4.3.12 successfully. Now that I'm aware of the hardening thing, I understand better what's going on. I posted to viewtopic.php?f=6&t=67840&p=324432#p324432 to give some information to that thread about hardening issues.

As I mentioned in that post, I don't think the bulk of what I've installed is security sensitive (with the sole exception of 7+ Taskbar Tweaker). All the other applications I've installed should have no impact on security. Maybe some of the applications installed by my company's IT guys are the cause of the problem I was experiencing? (e.g. Trend Micro, CyberArmor, Juniper VPN).

Thanks for pointing me to 4.3.12 -- I hadn't gone back that far because I wasn't aware of the hardening effort that had taken place since that version.

As to the latest error messages in my previous post, if I exclude the "Error opening" messages, then I'm not seeing any real error messages except for the failure at the end of the log. I don't understand the "Error (rc=0)" message -- if rc = 0, then why is there an error? In any case, those two occurrences were right after lines mentioning
1bb8.218: supHardenedWinVerifyImageByHandle: -> -615 (\Device\HarddiskVolume2\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe)
so maybe that was indicating some kind of error with Roxio?

If the error was with Roxio, then I think I'm stuck. I didn't install Roxio; that was pre-installed on my laptop by either Dell or by my IT guys and I don't want to uninstall it because of that. The same goes for Windows updates -- I don't install them; my IT guys are responsible for pushing out Windows updates to my laptop.

As I mentioned in the Security post I referenced above, let me know if I can supply any extra information to help you; Using 4.3.12 has allowed me to work around the hardening issue (of course I'd prefer the current (hardened) version of VirtualBox, but I don't know what to do to get around the hardening issue).
mpack
Site Moderator
Posts: 39156
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Cannot start brand-new vm

Post by mpack »

jrw wrote:As I mentioned in that post, I don't think the bulk of what I've installed is security sensitive (with the sole exception of 7+ Taskbar Tweaker).
That doesn't really help anything I'm afraid. VirtualBox requires that any application that injects itself into the VirtualBox address space - which is something apps need to have a VERY good reason to do - must have valid certification. VirtualBox has no way to know whether the app is "security sensitive" or not (*), so it must insist that they are certified.

I am not saying that I agree with the need for the feature (I suspect that it's a high level Oracle policy and the VBox devs were not given much choice), but having decided to implement it there are very few practical ways I can see that they could have done it.

> 1bb8.218: supHardenedWinVerifyImageByHandle: -> -615 (\Device\HarddiskVolume2\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe)
> so maybe that was indicating some kind of error with Roxio?
I see what you see in the log, so I can only guess. My guess was that Roxia might inject more than one DLL into the VBox address space. If one such DLL was blocked and another allowed, then the allowed one might crash (null ptr deref) due to not finding its partner in crime.

(*) whitelists will quickly become outdated and in any case provide a backdoor which can be exploited by malware.
Post Reply