Remote Debugging Across Domains
Updated: August, 2010
This topic applies to:
Pro and Team
Does not apply
Command or commands hidden by default.
Remote debugging involves two-way communication between the Visual Studio 2005 debugger and the Remote Debugging Monitor (msvsmon.exe). For remote debugging to work, it is important what user runs Visual Studio and also what user runs msvsmon.exe.
To connect to msvsmon, you must run Visual Studio under the same user account as msvsmon or under an administrator account. (You can also configure msvsmon to accept connections from other users.)
Visual Studio accepts connections from msvsmon if msvsmon is running as a user who can be authenticated on the Visual Studio computer. (The user must have a local account on the Visual Studio computer.)
With these restrictions, remote debugging works in various scenarios, including the following:
Two domains without two-way trust
Two computers on a workgroup
One computer on a workgroup, and the other on a domain
Running the Remote debugging monitor (msvsmon) or Visual Studio as a local account
Therefore, you must have a local user account on each computer, and both accounts must have the same user name and password. If you want to run msvsmon and Visual Studio under different user accounts, then you must have two user accounts on each computer.
You can run Visual Studio under a domain account if the domain account has the same name and password as a local account. You still must have local accounts that have the same user name and password on each computer.
For Windows XP Professional computers on a workgroup, the local security setting may prevent remote debugging. The policy must be set to Classic for remote debugging to work. (This concern does not apply to computers that are running Windows 2000, winxpsvr, or winxp computers that are joined to a domain.)
To change the security policy to allow remote debugging between domains (Windows XP Professional)
On the local computer, choose Control Panel on the Start menu.
In Control Panel, double-click Administrator tools.
In the Administrative tools window, double-click Local Security Policy.
Under Security Settings, open the Local Policies folder.
In the Local Policies folder, select Security Options.
In the Policy column, find Network access: sharing and security model for local accounts and double-click it.
In the Network access: sharing and security model for local accounts dialog box, change the setting from Guest only - local users authenticate as Guest to Classic - local users authenticate as themselves and click OK.
Close the window and restart the computer.
Repeat steps 1 to 8 on the remote computer.
You can now do remote debugging using the same user name on both computers.
Changing the security model to Classic can result in unexpected access to shared files and DCOM components. If you make this change, a remote user can authenticate with your local user account instead of Guest. If a remote user matches your user name and password, that user will be able to access any folder or DCOM object you have shared out. If you use this security model, make sure that all user accounts on the computer have strong passwords or set up an isolated network island for the debugging and debugged computers to prevent unauthorized access.