diff --git a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
index 50e6a7314cb..d38023c4641 100755
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@@ -836,7 +836,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
     @DB
     public boolean addInstanceToGroups(final Long userVmId, final List<Long> groups) {
         if (!isVmSecurityGroupEnabled(userVmId)) {
-            return true;
+           s_logger.warn("User vm " + userVmId + " is not security group enabled, can't add it to security group");
+           return false;
         }
         if (groups != null && !groups.isEmpty()) {
 
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
index 5fd1ba4c066..914c78757a2 100755
--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -128,6 +128,7 @@ import com.cloud.network.router.VirtualNetworkApplianceManager;
 import com.cloud.network.rules.RulesManager;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.network.security.SecurityGroupManager;
+import com.cloud.network.security.dao.SecurityGroupDao;
 import com.cloud.network.vpn.PasswordResetElement;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.Availability;
@@ -323,6 +324,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
     protected SSHKeyPairDao _sshKeyPairDao;
     @Inject
     protected UserVmDetailsDao _vmDetailsDao;
+    @Inject 
+    protected SecurityGroupDao _securityGroupDao;
 
     protected ScheduledExecutorService _executor = null;
     protected int _expungeInterval;
@@ -2012,32 +2015,35 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             networkList.add(_networkDao.findById(defaultNetwork.getId()));
         }
         
-        if (securityGroupIdList == null) {
-            securityGroupIdList = new ArrayList<Long>();
-        }
+        boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
         
-        SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
-        if (defaultGroup != null) {
-          //check if security group id list already contains Default security group, and if not - add it
-            boolean defaultGroupPresent = false;
-            for (Long securityGroupId : securityGroupIdList) {
-                if (securityGroupId.longValue() == defaultGroup.getId()) {
-                    defaultGroupPresent = true;
-                    break;
+        if (securityGroupIdList != null && isVmWare) {
+            throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+        } else if (securityGroupIdList == null && !isVmWare) {
+            securityGroupIdList = new ArrayList<Long>();
+            SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
+            if (defaultGroup != null) {
+              //check if security group id list already contains Default security group, and if not - add it
+                boolean defaultGroupPresent = false;
+                for (Long securityGroupId : securityGroupIdList) {
+                    if (securityGroupId.longValue() == defaultGroup.getId()) {
+                        defaultGroupPresent = true;
+                        break;
+                    }
                 }
-            }
-            
-            if (!defaultGroupPresent) {
+                
+                if (!defaultGroupPresent) {
+                    securityGroupIdList.add(defaultGroup.getId());
+                }
+              
+            } else {
+                //create default security group for the account
+                if (s_logger.isDebugEnabled()) {
+                    s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
+                }
+                defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
                 securityGroupIdList.add(defaultGroup.getId());
             }
-          
-        } else {
-            //create default security group for the account
-            if (s_logger.isDebugEnabled()) {
-                s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
-            }
-            defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
-            securityGroupIdList.add(defaultGroup.getId());
         }
         
         return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId, 
@@ -2053,6 +2059,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         Account caller = UserContext.current().getCaller();
         List<NetworkVO> networkList = new ArrayList<NetworkVO>();
         boolean isSecurityGroupEnabledNetworkUsed = false;
+        boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
         
         //Verify that caller can perform actions in behalf of vm owner
         _accountMgr.checkAccess(caller, owner);
@@ -2067,6 +2074,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             networkList.add(networkWithSecurityGroup);
 
         } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) {
+            if (isVmWare) {
+                throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+            }
             // Only one network can be specified, and it should be security group enabled
             if (networkIdList.size() > 1) {
                 throw new InvalidParameterValueException("Only support one network per VM if security group enabled");
@@ -2117,7 +2127,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
         }
         
         // if network is security group enabled, and default security group is not present in the list of groups specified, add it automatically
-        if (isSecurityGroupEnabledNetworkUsed) {
+        if (isSecurityGroupEnabledNetworkUsed && !isVmWare) {
             if (securityGroupIdList == null) {
                 securityGroupIdList = new ArrayList<Long>();
             }
@@ -2299,6 +2309,15 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
             rae.setResourceType("vm");
             throw rae;
         }
+        
+        //verify security group ids
+        if (securityGroupIdList != null) {
+            for (Long securityGroupId : securityGroupIdList) {
+                if (_securityGroupDao.findById(securityGroupId) == null) {
+                    throw new InvalidParameterValueException("Unable to find security group by id " + securityGroupId);
+                }
+            }
+        }
 
         // check if we have available pools for vm deployment
         List<StoragePoolVO> availablePools = _storagePoolDao.listPoolsByStatus(StoragePoolStatus.Up);