A comprehensive guide to understanding, safely removing, and securing VMware lock files (.lck) to get your virtual machine running again without compromising data privacy.
To fix the "VMware failed to lock the file" error: Navigate to your Virtual Machine's directory. Locate the folders ending in .lck (or .lck-xxxx). If the VM is completely powered off and no background VMware processes are running, delete or move these .lck directories. Restart VMware and power on your VM. For ESXi, you may need to use SSH to identify the locking host via the vmkfstools -D command.
Select your scenario to jump to the right fix:
Failed to lock the file in a vSphere environment due to vMotion, HA events, or improper shutdown.
Jump to ESXi steps →Local desktop lock errors, often caused by host system crashes or background processes hanging.
Jump to Workstation steps →Blocking waiting for file lock on build directory or backup software holding the VMDK file.
Jump to Troubleshooting →Specific host lock conflicts where the process cannot access the file because another process has locked it.
Jump to Error Codes →
Whenever you power on a Virtual Machine, VMware creates a .lck (lock) file or directory alongside the Virtual Disk (VMDK) and configuration (VMX) files. This is a critical safety mechanism. It prevents multiple VMware processes, or multiple ESXi hosts, from writing to the same virtual disk simultaneously—which would cause catastrophic data corruption.
However, when a host crashes, a backup job hangs, or a process is abruptly terminated, VMware may fail to delete this lock file. The next time you attempt to boot the VM, you encounter the dreaded error: "VMware failed to lock the file."
"While deleting a stray .lck file is technically simple, the real danger is leaving the underlying VMDK data exposed on shared storage after a crash. Understanding the difference between operational file locking and actual data security is crucial."
Before proceeding, you must be 100% certain that the Virtual Machine is not actually running or migrating in the background. Deleting a lock file on an active VM will corrupt your disk.
For local desktop virtualization, fixing this error is straightforward. The locks are standard file system directories.
vmware-vmx.exe processes are running in the background..lck. They often look like Windows10.vmdk.lck or Windows10.vmx.lck..lck folders. (If you are nervous, move them to your Desktop instead).In a vSphere cluster, simply deleting the lock file via the datastore browser is dangerous and often impossible if another host actively holds the lock. You must find the lock owner.
Step 1: Connect via SSH to the ESXi host where the VM is registered.
Step 2: Navigate to the VM's directory:
Step 3: Check which MAC address owns the lock using vmkfstools:
Review the output in /var/log/vmkernel.log. Look for the "RO Owner" MAC address. Match that MAC address to the network interfaces of your ESXi hosts to find out which host is holding the lock.
Step 4: Release the lock.
If the host holding the lock is hung, you may need to restart the management agents on that specific host:
| Method | Environment | Difficulty | Risk Level |
|---|---|---|---|
| Manual Deletion (File Explorer) | Workstation / Fusion | Low | Low (If VM is off) |
| Datastore Browser Delete | ESXi | Low | High (May cause corruption) |
| vmkfstools -D (SSH) | ESXi | Advanced | Low (Proper diagnostic) |
| Pre-empting exposure with Folder Lock | Workstation / PC Host | Very Low | Zero (Secures data regardless of locks) |
Fixing a .lck error gets your VM running again. But it highlights a terrifying truth: your raw VMDK files are sitting completely exposed on your host system. If a malicious actor, malware, or data broker accesses your PC, they can simply copy your unencrypted virtual disks and extract all your personal data offline.
We recommend Folder Lock by NewSoftwares.net to secure the directories housing your virtual machines. The software utilizes AES 256-bit on-the-fly encryption, meaning your VMDK files are decrypted dynamically in RAM only when actively accessed, leaving zero traces on your physical hard drive. Even during a catastrophic VMware crash or a stuck lock file scenario, the raw data is cryptographically shielded from unauthorized extraction.
Unlike standard operating system hiding techniques that are easily bypassed, this utility integrates directly with the system kernel. Your virtual machine directories vanish completely from the file explorer, remaining invisible and inaccessible even if an attacker restarts the host computer in Safe Mode.
If you maintain backups of your virtual machines on external networks, the application seamlessly integrates with platforms like Google Drive, Dropbox, and OneDrive. Critically, it scrambles the data locally before the upload begins, ensuring the cloud provider never holds the keys to your architecture.
For administrators running VMware Workstation from external flash drives, you can generate standalone encrypted executable files. These isolated vaults allow you to securely transport your virtual environments and authenticate on entirely different computers without needing to install the primary security software on the guest machine.
When decommissioning an old virtual machine, simply deleting the VMDK file leaves recoverable magnetic traces. The software includes a robust deletion engine that overwrites the discarded files and scrubs empty hard drive sectors, preventing forensic tools from resurrecting your obsolete environments.
When discussing virtual machines, people often confuse privacy and security. While related, understanding the distinction is vital for compliance with frameworks like GDPR and CCPA.
Security is the technical safeguard—the locks on the door. Setting up ESXi permissions, fixing .lck errors securely, and using AES encryption are security tasks.
Privacy is the policy and right of the user—who is allowed through the door. If your VM contains customer databases, protecting their privacy means ensuring only authorized personnel have security access to that VM.
Anonymity is masking identity entirely, which is rarely applicable in enterprise VM management but highly relevant for end-user web browsing.
Data brokers scrape public records, purchase app data, and acquire leaked databases. If an unsecured VMDK containing user data is accidentally exposed or exfiltrated, data brokers will rapidly ingest it. Ensuring data minimization principles (only storing what you need inside the VM) and host-level encryption (like Folder Lock) are your primary defenses.
If your VM stores data on EU or California residents, you must comply with GDPR/CCPA. This includes the "Right to be Forgotten" (deleting their data) and the "Right to Access." A technical failure like a stuck lock file cannot be an excuse for failing to honor these requests within the legal timeframe.
This specific error code often indicates that the VM is on a shared datastore, and a different host is actively using the file, or a backup proxy appliance has mounted the VMDK for backup and failed to unmount it. Check your backup software (Veeam, Commvault) and ensure no snapshots are stuck.
This Windows-specific error means a host process is locking the file. This could be antivirus software scanning the massive VMDK file. To fix this, add your Virtual Machines directory to the exclusion list of Windows Defender or your chosen Antivirus.
This is generally a developer error when building VMware tools or compiling code within a locked environment. You may need to manually clear the python file lock or compilation cache lock before rebuilding.
Provides up to 1 GB of encrypted vault capacity and allows secure synchronization across two separate hardware endpoints at no cost. Ideal for testing small configurations.
Download FreeA one-time flat fee that entirely removes storage ceilings, expands seamless synchronization to five simultaneous devices, and enables advanced asymmetric file sharing.
Get the Full VersionA one-time flat fee that entirely removes storage ceilings, expands seamless synchronization to five simultaneous devices, and enables advanced asymmetric file sharing.
Get the Full Version
If you repeatedly see "Failed to lock the file," perform a quick infrastructure audit:
"We used to get lock errors constantly during backup windows. Fixing the exclusions and locking the parent folder securely resolved our compliance headaches."
- IT SysAdmin"When my Workstation host crashed, deleting the .lck file was easy. Using Folder Lock afterward gave me peace of mind about the PII inside that VM."
- Security Researcher"The SSH vmkfstools command is a lifesaver for ESXi lock hunting. Excellent guide."
- Datacenter Engineer"We used to get lock errors constantly during backup windows. Fixing the exclusions and locking the parent folder securely resolved our compliance headaches."
- IT SysAdmin
A .lck file is a small lock directory created by VMware when a virtual machine is powered on. It prevents multiple processes from accessing and modifying the same virtual disk simultaneously, which would corrupt the data.
First, verify the VM is completely powered down and no background processes (like vmx.exe or backup agents) are running. Navigate to the VM's datastore directory and delete the folder ending in .lck. For ESXi, verify lock ownership via SSH first.
When a host machine crashes abruptly, it fails to delete the .lck files during standard shutdown. Once the host reboots, manually delete the leftover .lck folders in the VM directory to release the false lock, then power on the VM.
This Windows OS-level message occurs when a host-level application (like an antivirus scanner, backup tool, or cloud sync client) is holding the VMDK file open. VMware sees the file in use and throws the lock error.
Data security protects data from unauthorized access (e.g., encryption, passwords). Data privacy governs how authorized data is legally collected, shared, and used (e.g., GDPR, consent forms).
Companies and data brokers use tracking cookies, device fingerprinting, purchase histories, and hidden terms of service agreements in apps to aggregate data profiles seamlessly in the background.
Practice data minimization (don't give out data unless necessary), use unique strong passwords with a manager, enable 2FA, and utilize local encryption tools like Folder Lock to secure sensitive files on your physical devices.
Resolving the "VMware failed to lock the file" error is a matter of verifying host status and cleanly removing the stale .lck directories. However, leaving unencrypted Virtual Machines on a host PC is a significant security liability. We highly recommend adding a layer of encryption to your storage directories.