VMware Fusion Black Screen Problem

2 minute read

It was one of those kind of things. A chain of events you could say. I needed to get on the work VPN, which I never do. I forgot that’s problematic at best on a MAC and after some feebly frustrating attempts I sadly gave up and moved on to my next option. I knew Windows worked better with the VPN client software so I decided to spin up a VM on VMware Fusion; problem solved. I started up the VM and noticed that the OS screen in the preview section showed the OS booting and the login display but the actual VM screen was black. I confirmed this with my other VM.

A quick google search showed that this was a known issue with a variety of resolutions but most pointing to some variation of the same thing. But first, how did I obtain this problem? It was working last time I checked. Essentially, when I upgraded macOS to Catalina, System Preferences > Security & Privacy > Privacy > Screen Recording was not enabled for VMware Fusion. I have VMware Fusion 10.1.6 installed. When viewing this setting it was just a grey box without any option to add or enable an application somehow. I tried my MacBook Pro which I also recently upgraded. It has the same setup. Same thing. Basically useless at this point. The fix that worked for me was the following:

Before Fix - figure 1: image-center

  1. Restart computer and go to Recovery Mode.
  2. Select Terminal
  3. Disable System Integrity Protection (SIP)
    csrutil disable
  4. Enable ScreenCapture for VMware Fusion. The last column can pretty much be any time stamp and I even tested empty. If left empty a change in the GUI will generate the current time of change otherwise it will remain empty whereas if a value is supplied then it will automatically generate to the current timestamp.
    sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" 'insert into access values ("kTCCServiceScreenCapture", "com.vmware.fusion", 0, 1, 1, "", "", "", "UNUSED", "", 0,1565595574)'
  5. Restart computer and go to Recovery Mode.
  6. Select Terminal
  7. Enable System Integrity Protection (SIP)
    csrutil enable
  8. Restart

After Fix - figure 2: image-center

Now I am happy that I have a working VM, but what is going on here. Once I went back into System Preferences > Security & Privacy > Privacy > Screen Recording I could see that VMware Fusion was now there and checked. So what exactly is TCC db and what is the sqlite insert command modifying? Running the following command gives an indication of what is being modified:

/usr/bin/sqlite3 -column -header "/Library/Application Support/com.apple.TCC/TCC.db" 'SELECT * FROM access'

Looking at the headers we can see that by setting the column, allowed, to either 1 or 0 we are enabling or disabling it. In other words we are allowing VMware Fusion the screen capture privilege which is required to display a running VM’s screen. This represents the fourth column from left. Each column must be represented in the command and in the correct order from left to right as well as separated by a comma. The service will be the privilege and is specified first and the client is next which represents the application which is VMware Fusion in our case.

So what is all this? Well Apple, protects users with Transparency Consent and Control (TCC), which focuses on obtaining a user’s consent for access to private or protected data. TCC is a part of the security mechanism where a sandboxed application must request the user’s permission to access data from another application or protected system resource.

Anyhoo, there ya have it. My weekend diversion.