Remote debugging in Visual Studio works great if both machines are on the same domain and/or workgroup. It also works dreamily if you’re doing straight native C++ where you can use the TCP/IP as the debugging transport. The problem comes in when you need to do remote debugging for managed code across domains or workgroups. It doesn’t work because .NET remote debugging relies on DCOM, which as a transport protocol does not jump workgroup or domain boundaries.
When I have to remote debug across domain/workgroup boundaries, here’s what works for me. It’s not an ideal solution but until Microsoft allows us to debug .NET code with pure TCP/IP this will get you at least started. Again, your mileage may vary and your network admins may not let you perform the following so you’re on your own with these steps. Finally, I’m assuming you know how to set up remote debugging for the supported same domain/workgroup scenarios. If you don’t you should read the documentation to understand what I’m talking about here.
The issue with DCOM is there’s a security ramification where an account one domain does not have rights on the other workgroup or domain. The big trick is to do your remote debugging with local machine accounts. DCOM first attempts to make the connection with machineusername account and if that does not work, it falls back to the username using the hashed password. As long as the username and password on the both machines is the same, DCOM can make the connection.
On the machine where Visual Studio runs, called the local machine, open up an elevated command shell or PowerShell window with administrator rights and execute the following command. Yes, you can do the same through the GUI but this is much faster. Don’t fear the command line!
net user username
password /add
That creates the user account you’re going to use for Visual Studio.
On the machine where your application runs, called the remote machine, open up an elevated command shell or PowerShell window with administrator rights and execute the following commands. Obviously you’ll be using the same user name and password you entered on the local machine.
net user username
password /add
net localgroup administrators remotecomputernameusername /add
With the same computer accounts on both machines account life is easy. On the remote machine, you’ll need to login with the new account or if you’re logging in with a different account, use RUNAS.EXE to fire up MSVSMON.EXE like the following.
runas /user:remotecomputernameusername “<full path>msvsmon.exe”
With the remote debugging stub waiting for connections, you’ll need to start Visual Studio on the local machine with the account as well.
runas /user:localcomputernameusername “<full path>devenv.exe”
With both sides running with the same account and password, you’ll work around the DCOM bumps and get your remote debugging across domains and/or workgroups functioning. As I mentioned, this approach isn’t ideal because you’re now running Visual Studio in a different account so all your settings, extensions, and drive mappings aren’t there. The good news is that those are pretty simple to set up especially since you can export and import your Visual Studio settings.
One problem you’ll run into with this approach is when you need to attach to a process running with administrator rights.
The issue is that MSVSMON.EXE itself is not running with administrator rights. One option is to log into the machine with the local username, right click on MSVSMON.EXE in Explorer and choose “Run as administrator.” Another option, which I do instead, is to use my Elevate program that starts processes as an administrator at the command line. When I need MSVSMON.EXE running with administrator rights, I simply do the following.
runas /user:remotecomputernameusername “<full path>elevate <full path>msvsmon.exe”
Right now some of you are sitting there thinking that instead of creating the completely separate account to run everything in, why not just create a machine account on the remote machine that matches the name of the domain account you want to use? That seems to make sense, but you’ll have a small little problem. The DCOM connection only works one way and you’ll get an error.
While not a perfect solution, using machine accounts with the same usernames and passwords on both machines will at least let you do remote debugging. In some cases this may cause more trouble than it’s worth, but I thought it was worth mentioning the approach. One of these days full remote debugging with complete security will be built into the operating system. A boy can dream, right?
Cloud management is difficult to do manually, especially if you work with multiple cloud…
Azure’s scalable infrastructure is often cited as one of the primary reasons why it's the…
https://www.youtube.com/watch?v=wDzCN0d8SeA Watch our "Unlocking the Power of AI in your Software Development Life Cycle (SDLC)"…
FinOps is a strategic approach to managing cloud costs. It combines financial management best practices…
Using Kubernetes with Azure combines the power of Kubernetes container orchestration and the cloud capabilities…
In the intricate landscape of modern business, compliance is both a cornerstone of operational integrity…
View Comments
PingBack from http://blog.dotnetgator.com/2010/06/16/remote-debugging-silver-bullet/
Thank you, thank you, thank you. I can't recall how many times this has hit me sqaure in the nose. (BTW, you may want to mention the SysInternals ShellRunAs utility to add some extra flair to this solution...)
Thank you for taking the time to post this. It will save lots of us lots of headaches out here...
links for 2010-06-17
I have set up a VSDEBUG user with password of DEBUG on my local and the remote server like you have said. All commands succeed and I can start the Remote Debug Monitor as the VSDEBUG user and Visual Studio locally as the VSDEBUG user, but when I try to Attach to Process I just get a message that:
"Microsoft Visual Studio Remote Debugging Monitor does not appear to be running on the remote computer."
If I switch to Native Only things show up, but it did that even without the special user. Problem is I am trying to debug ASP.Net and it doesn't work with Native Only. Any ideas?
This week I was debugging a problem with a WPF application. Actually, it being a WPF app had little
I prefer to use PsExec from Sysinternals, most Administrators know the tool and don't start shouting when I ask them to copy it to the production servers. PsExec doesn't allow "-u" and "-h" at the same time, so I figured out another way:
psexec -i -h c:temppsexec -i -u nordine "c:tempREMOTEDEBUGx64msvsmon.exe"
Et voilà!
Nicely done and very helpful! Thanks.
I succeded connecting in the single domain senario but when trying to debug using the cross domain senario I get the message "The debugger cannot connect to the remote computer". The remote computer is connected through a router. Does this requires any additional settings? In case the internet ip address is 70.xx.xx.xx and my remote computer is 10.xx.xx.xx, how do I refer to my remote computer?Thanks in advance!
Elton,
I bet there's some IPSEC issues going on with your cross domain. You'll probably get it to work if you drop one of the machines to a workgroup.
- John Robbins
It's not working for me :( . I have my debugging computer on our company's domain and the other on a workgroup. I created local accounts on both computers, started msvsmon and devenv on each, set the debugging properties in the project to "run on a remote machine": "robot" (the name of the domain machine). (Do I need to specify "debugger@robot"?)
The error message is: "The system cannot find the path specified."
The path to which it refers DOES exist on the debugging computer.
This is terribly irksome. I feel like it's trying to use the path to the program in the bindebug directory from the debugging computer and resolve it on the application-running computer, but that doesn't make any sense. Anyway, let me know if you know how to fix it or if you've come across this before.