[Resolved] Possible Hardening Issue

[VladD]

I was using VBox 4.3.38 on a Windows Server 2003 PC for various tests and everything was OK ... I know I'm a dinosaur, but I need some help ...

Then I tried to install on my PC (host) 3 programs that had stated XP support. Two of them failed to start the install process (most likely didn't like a "server" environment), and the third one (a trial) installed OK and I uninstalled it almost immediately (not useful). Note that I have checked all the installers on VirusTotal before using them. After that, my VBox problems started. Basically I wasn't able to start any of my VM's, and most of my tries resulted in empty log files. I immediately run a virus scan (ClamWin) on the PC and all seemed OK.

I updated to 4.3.40 and the problem persisted. I reverted to 4.3.12 and everything was OK. Went back to 4.3.40 and tried the "on demand service" hack, but nothing changed. VBox itself seems quite slow, almost "unresponsive". The errors I get from VBox when I try to start a VM are of various types, the only constant thing being that the hardening logs always end with two timeouts. I have attached the relevant files from 3 VMs: a Win7 test machine that was working before, an empty machine I had just set for testing Linux when the problems started, and a plain empty VM I just created.

While the problem seems to be with my PC, the only affected program seems to be VBox with hardening. My hope is that someone able to make some sense of the hardening logs, can point me towards the system issue that is affecting VBox.

Thanks.
----------
Update:

It turns out that because of some network glitch (?), my Application event log was full of crypt32 events #8 (2 per failed VM start) and #11 (1 per failed VM start).

I used KB2328240 (cleanup the certificate caches) to take care of #11's (this solved the problems I had with starting the VM's), and KB2253680 (disable automatic root updates) to take care of #8's (this took care of the "slowness" of VBox).

Note, however, that the Hardening log still ends with 2 timeouts, so that's probably the way it should be ...

[socratis]

For the "TestLinux" and the "EmptyTest" VMs, you have the following error:

Failed to open a session for the virtual machine TestLinux.

Implementation of the USB 2.0 controller not found!

Because the USB 2.0 controller state is part of the saved VM state, the VM
cannot be started. To fix this problem, either install the 'Oracle VM VirtualBox
Extension Pack' or disable USB 2.0 support in the VM settings.

Note! This error could also mean that an incompatible version of the 'Oracle VM
VirtualBox Extension Pack' is installed (VERR_NOT_FOUND).

Result Code: E_FAIL (0x80004005)
Component: Console
Interface: IConsole {8ab7c520-2442-4b66-8d74-4ff1e195d2b6}

which I think it's pretty self-explanatory; you need to install the appropriate Extension Pack! How simpler can the error message be?

00:00:17.542326   Oracle VM VirtualBox Extension Pack (Version: 4.3.40 r110317; VRDE Module:
	VBoxVRDP unusable because of 'Failed to load the main module
	('D:\WIN52S0X\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/
	VBoxPuelMain.DLL'): VERR_MODULE_NOT_FOUND - GetLastError=126')

Since you're at 4.3.40 (yes, you are an unsupported dinosaur) the ExtPack can be found in the older VirtualBox downloads: Download VirtualBox » VirtualBox older builds » VirtualBox 4.3 » Extension Pack All Platforms.

BTW, how come you have an "EmptyTest" VM with a saved state? You should definitely avoid (like the plague) Saved States when upgrading/downgrading VirtualBox versions. Because this is exactly what happens...

Edit: You updated your message while I was writing up mine. KB##### or not, the above advice still stands. You may have solved the "Win7_SSD_Test" with its hardening error, but not the other two VMs, they didn't have a hardening error.

[VladD]

Thanks for the answer, but this is not what happened. The hardening issue has made various VMs to crash at start with various WRONG error messages (I've got 4 or 5 different ones, depending on the VM's contents). The USB 2.0 one was the first one one I've got, I checked it (as far as I could without being able to start the VM) and all was OK, so I tried to start different VMs and I've got a different error, then another one ... Once I solved the hardening issue, ALL the errors went away!

I am a software designer, with many years of experience, and I can tell you that when the VB hardening has hit the crypt32 errors, it didn't figure them out, tried to continue while being in a weird state, and crashed somewhere along the VM initialization path. Maybe this issue has been solved in the 5.* versions, but if it wasn't explicitly addressed, someone might take a better look at the hardening's error handling - crypt32's error #8 may not show in 7+ Windowses (the feature that was causing it became part of the kernel and it changed its approach), but error #11 can still occur in some contexts.

Empty VMs are (for me, at least) the best way to evaluate various Linux LiveCDs ... The EmptyTest VM was just created, started and crashed by the hardening issue (a few times) ... I don't know exactly what "save state" you're referring to, but I assume that it was the result of VBox marking it as "Aborted" after the failed start. If this behavior is something to be concerned about, then it is another issue to assess in the VBox code.

I really appreciate VBox and have been happily using it for many years, so please take the comments above not as critique, but as part of my desire to make it as good as it can be.

[socratis]

I only went with what you gave me. If you don't want to confuse me and the rest of the people, then next time pick ONE VM at a time, pick ONE problem at a time. I couldn't even make heads or tails from your reply, neither I'm going to try anymore, just the fact that it's working is enough; we can all move on...