I am a Windows Sysadmin running a set of Windows 2012 R2 servers on GCP that were deployed via Itopia which is a Google Cloud partner that orchestrates the deployment of Windows 2012 R2 servers on Google cloud for the sole purpose of running IAAS Windows RDS servers on GCP.
Sporadically when users or myself (domain admin) logs into the RDS session host the login appears as normal and seems to pass user login stage but then the desktop experience shows up as a blank black screen with no start menu or explorer as you would normally see logging into a windows desktop experience on RDS.
Has anyone else experienced this issue on Windows RDS or Windows RDS on GCP? I know that GCP does not install display adapters into their servers so it is impossible to get to a graphical UI as an administrator to see what is going on with this server.
I'm not very familiar with the Google Cloud Shell but I understand there might be some commands there to check on services or other parts of the O/S health.
In my case I believe it is a RDS service that is failing and needs to be restarted but is stuck for some reason. With the lack of a console it is difficult to troubleshoot.
Any suggestion on how to best tackle this?
Thanks
You might have install the Windows Server 2012 R2 Datacenter Core instead of the Windows Server 2012 R2 Datacenter one. the difference between these, there is no desktop in Server Core, by design. you can review the windows document for more details.
Also posting as answer as I don't have rep, sorry.
GCP vms do have a console you can access, will be CLI only but very handy for trouble shooting. From the instances page, click edit, right below the remote access options check "Enable connecting to serial ports" and then save. Then you should have the option to Connect to serial console at the top under Remote access. for windows I believe it's serial port 2. When you connect you'll enter "CMD" enter, then shift+esc, then enter, and you'll be prompted for your creds. no delete/backspace so type it in correctly or start over. Once authenticated you should be at the Windows CLI prompt
https://cloud.google.com/compute/docs/instances/interacting-with-serial-console
Related
I am looking for help on how to resolve the following informational message when creating a publish profile in visual studio 2017: "publishing to the selected azure virtual machine has not been enabled".
I'm trying to set up a new publish profile for my production server. I have already successfully set one up for my development server. Both servers are Azure VMs. They use different network security groups.
I get this message when selecting New Profile->Azure Virtual Machines (click browse), selecting my production server and clicking OK.
VS2017 Production Azure VM Selected
I have already triple checked my firewall settings on both the VMs and Azure Portal. I don't think these are the cause though because I do not get this message when I choose my db server which doesn't even have IIS set up. My db and production server share an Azure network security resource group.
I'm using VS Community 2017 15.9.2 with an Azure VM and WebDeploy 3.5
C:\inetpub\logs\wmsvc has no logs on my production server but DOES have logs on my development server which makes sense since it's working there.
I tried the "Import Profile" button which seemed promising but get the following message when I click the, "Validate Connection" button:
"Could not connect to the remote computer......ERROR_DESTINATION_NOT_REACHABLE".
I've tried the following references:
https://github.com/aspnet/Tooling/blob/AspNetVMs/docs/create-asp-net-vm-with-webdeploy.md#SetupDNSName
https://learn.microsoft.com/en-us/iis/install/installing-publishing-technologies/installing-and-configuring-web-deploy-on-iis-80-or-later
https://learn.microsoft.com/en-us/azure/devops/pipelines/apps/cd/deploy-webdeploy-iis-deploygroups?view=vsts
https://blogs.msdn.microsoft.com/webdev/2017/11/01/publishing-a-web-app-to-an-azure-vm-from-visual-studio/
https://blog.tallan.com/2017/05/02/deploying-a-site-to-an-azure-vm-using-web-deploy/
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-common-deployment-errors
https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-deployment-operations
The issue was that the production server is behind a load balancer. The request to port 8172 was stopped there. The solution was to add an inbound NAT rule (LoadBalancer - Inbound NAT rules) so that any attempt at the load balancer IP on 8172 gets forwarded to the production server.
I noticed that my VM in the google cloud platform is generating DOS and wondering where that may be coming from. On further search, I noticed a file that wasn't created by me and deleted the file.
So far, I have changed the ssh port but I'm still getting This project appears to be committing denial of service attacks
I would like suggestions on what else I can do to prevent this in the future.
I'm leaving here some interesting resources you can check to secure your Google Compute Engine instance:
Ubuntu SSH Guard manpage
ArchLinux SSH guard guide (guides you through installation and setup)
Apache hardening guide from geekflare
PHP security cheatsheet from OWASP
MySQL security guidelines
General security advice for Google Cloud Platform instances:
Set user permissions at project level.
Connect securely to your instance.
Ensure the project firewall is not open to everyone on the internet.
Use a strong password and store passwords securely.
Ensure that all software is up to date.
Monitor project usage closely via the monitoring API to identify abnormal project usage.
To diagnose trouble with GCE instances, serial port output from the instance can be useful.
You can check the serial port output by clicking on the instance name
and then on "Serial port 1 (console)". Note that this logs are wipped
when instances are shutdown & rebooted, and the log is not visible
when the instance is not started.
Stackdriver monitoring is also helpful to provide an audit trail to
diagnose problems.
Here are some hints you can check on keeping GCP projects secure.
I have changed some rdp settings to the windows server. I can see the screenshot but I cannot able to connect to the instance. What are the other methods to connect to the instance? I dont have snapshots. How to fix this?
Create an AMI of your server before doing anything below.
You will not be able to connect to the instance using RDP if you have messed up RDP thru any other tool. You might be able to repair your settings by attaching the root EBS volume on another Windows instance and repairing.
This document will show you how to attach the Windows volume to another server. Just skip the stuff about resetting the password.
Resetting the Windows Administrator Password
If the changes to RDP were made in the registry, you can also attach the registry on the other Windows instance. Then undo / repair your changes.
Just make sure that you are using the same Windows versions for everything above.
Load or Unload Registry Hives
Edit another Windows install's registry
I have one instance of a Windows Server 12 R2 VM on google cloud that's working properly and I have connected to it successfully using RDP. I have tried to replicate it by creating a snapshot out of it and creating an instance from the snapshot. According to the platform the instance was created, but i can't seem to connect to it or to get a password. When I click "Get windows password" I get this:
forever. When i try to connect to it, I get
I have no idea what to do, any help would be appreciated.Thanks
The password creation tool from the console only works for images builted from the official image repo. In this case your source is a previous VM through a snapshot. In that case, and also in migrations all the previous credentials are kept in the new VM. You can download the GCP RDP agent here and access using the credential you used to have in your source VM.
Connecting to a Windows Instance
https://cloud.google.com/compute/docs/instances/windows/connecting-to-windows-instance
-----------Update----------------
In the case you can not get to enter the VM, it seems to be a firewall rules issue. By default the port tcp:3389(RDP access) is open to all VM at the default network, check your VM is in that network or check if the firewall rule has a tag to be applied.
If not, apply a tag to your new machine and create a firewall rule tobe applied to that tag.
Hope it help. Keep us posted!
I am new to the amazon world.
I have got an amazon ec2 machine with it's public dns and a .pem file . i have connected to the machine using putty by generating a ppk file . now i am able to login to the remote machine using root user. Can someone help me how to create a remote desktop machine or as a cloud machine like the way windows has a rdp feature so that i can install the software. Do i need to install vncserver on it ?. if yes, is there any handy video or documentation which can provide me steps to connect . i have to install appache 2 and mysql on it.
Appreciate your help.
P.S. I can't see any instance on the amzon ec2 which can be created with the machine dns i have got.
Thanks.
1) To see you instance in AWS Console, you need to choose region, where that ec2 server is deployed.
Click on right top menu, there is list of regions there.
2) As we understood, you need to install LAMP Server on that instance.
There are lots of examples how to do it (without GUI, using command line interface).
Find them easily typing how to setup lamp server on ubuntu/centos, depending on your OS.