Can't connect to remote desktop on azure virtual machine - azure-virtual-machine

I uploaded a hyper-v VHD file to storage. I then created a Windows VM from disk and specified that it contains the operating system. Azure says the machine is running and the remote desktop and powershell endpoints are configured. However, When I click connect I get the standard rdp error.
I have resized the VM and restarted the VM a few times to no avail.
Clicking Reset Remote Connection has failed in the Azure Preview Portal. This button is now disabled.
When I run (Get-AzureVM -ServiceName XXXXXX -Name XXXXXX).GuestAgentStatus it returns:
ProtocolVersion : 1.0
TimestampUtc : 10/13/2015 2:02:29 PM
GuestAgentVersion : Unknown
Status : NotReady
Code :
Message :
FormattedMessage : Microsoft.WindowsAzure.Commands.ServiceManagement.Model.GuestAgentFormattedMessage
ExtensionData :

I worked with Microsoft Support in resolving this issue. For those who have posted similar unanswered questions you need to edit the registry of the VM to disable the firewall and change the RDP security settings of the VM.
Delete your VM but keeping the attached disks.
Create a temporary VM from the gallery
Attach the original vhd as a disk to the temporary VM.
Bring the disk online, if it is not already.
Use Regedit to load the System hive from the attached disk under the HKEY_LOCAL_MACHINE key.
Turn off the firewall: Check your OS Registry keys. For a windows 7 machine: Open the following key for each of the ControlSetsXXX
HKEY_LOCAL_MACHINE\YOURLOADEDHIVENAME\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy
Set EnableFirewall = 0 in the DomainProfile, PublicProfile and StandardProfile subkeys
Modify the RDP security settings: Open the following key for each of the ControlSetsXXX
HKEY_LOCAL_MACHINE\YOURLOADEDHIVENAME\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp
Set the values: fAllowSecProtocolNegotiation, SecurityLayer and UserAuthentication to 0
Unload the Hive
Take the disk offline
Detach the disk from the temporary VM
Shutdown the temporary VM and delete it
Create your VM as your did previously
Connect to your VM and rdp into it. Set the appropriate Firewall rules for RDP and turn the firewall back on.
Original information taken from:
http://social.technet.microsoft.com/wiki/contents/articles/18710.troubleshoot-azure-vm-by-attaching-os-disk-to-another-azure-vm.aspx
and
http://www.technlg.net/windows/disable-enable-firewall-registry-key/

Related

GCP windows VM does not work when logged off

I am running a Windows Server VM on GCP.
When logging in via Remote Desktop, I am starting certain applications which should actively run for a couple of hours.
But when closing my Remote Desktop Connection, all applications stop working.
How can I prevent this from happening?
In order to keep the session ongoing, you'll have to configure the RD Session Host time limits.
Open the group policy editor with: Windows+R, then type gpedit.msc, confirm with Enter.
Then in the management console, navigate to:
Computer Configuration
Administrative Templates
Windows Components
Remote Desktop Services
Remote Desktop Session Host
Session Time Limits
There one can adjust the settings:
Set time limit for disconnected sessions
Terminate session when time limits are reached

Google Cloud Windows Server - Unable to launch a Command prompt

When attempting to forcely uninstall a software from the server, I switched off these two components from MSCONFIG.EXE:
MSConfig Screenshot
After rebooting the server, it doesn't respond anymore to RDP connections.
The Google Cloud Panel shows that the server is running, has an internal and external IP Address, but I cannot access it by any means. I already rebooted, stopped and started it many times.
This is the output for SERIAL PORT #1:
SeaBIOS (version 1.8.2-20181112_143635-google)
Total RAM Size = 0x00000000f0000000 = 3840 MiB
CPUs found: 1 Max CPUs supported: 1
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=104857600 = 51200 MiB
drive 0x000f2a30: PCHS=0/0/0 translation=lba LCHS=1024/255/63 s=104857600
Booting from Hard Disk 0...
I am able to connect to SERIAL PORT #2, to try a deeper troubleshooting, but the first message after connection is this:
Computer is booting, SAC started and initialized
And when trying to open CMD command, this is the response:
SAC>cmd
Error: Unable to launch a Command Prompt. The service responsible for launching
Command Prompt channels has not yet registered. This may be because the
service is not yet started, is disabled by the administrator, is
malfunctioning or is unresponsive.
Does anyone know how to recover this server?
Thanks!
You unselected "Load system services". This means that nothing is loaded in Windows. The services that are required so that you can access the system remotely are not running.
You have two options:
Mount the disk on another Windows system, mount the registry and change the settings for these two items (I don't rember but this information is on the Internet). Then unmount the registry and create another VM with the disk.
Create a new instance and attach this disk as the second disk drive. Copy all the data from the second drive to the first drive. You will loose system settings, applications, etc but at least you can save your data.

Google Cloud RDP not Working (User name & Password didn't work)

I just created a VM instance on Google Cloud for the very first time,
4 vCPUs
15GB Ram
Windows Server 2016 Datacenter
SSD 50gb
Access scopes - Allow default access
Firewall - Allowed bot http/https
Created
After that when am trying to connect thru RDP
(downloaded the rdp file and put the created password)
its saying
"The user name and password that were used to connect to the remote PC didn't work. Try a different account."
[am using Microsoft Remote Desktop on Mac]
I already tried creating new account & password... still no good..
Please help what could be the issues or solution.
Am using Google Cloud for the first time..
Thanks in advance
After you create a Windows Instance, you will first need to generate a password. Once you generate the password, paste it to a text editor. From here, you will need to install the RDP client for Mac. From here, you can follow these instructions which will explain how to connect to the Windows Instance using the RDP client you just installed.

AWS EC2 instance Login failure

I am getting below error when trying to login into my AWS EC2 instance. Last login was around 2 weeks back and everything was working fine so the password I am using is correct. No other information is available on the error message.
Is there a way I can see any logs through management console ?
Appreciate any help on this.
Remote Desktop Connection
An authentication error has occurred.The function requested is not supported
It seems like you are facing this issue.
Bottemline, This is caused by a Microsoft Security Patch. The Microsoft Security patch issued on Tuesday, May 8th 2018 triggered the problem by setting and requiring remote connections at the highest level.
Simply adjust the Remote Desktop settings on the host machine to a lower security level. From File Explorer, choose Computer, right-click and select Properties, then click Change Settings, and go to the Remote tab.
From Windows 10, uncheck the option to “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
From Windows 7, it’s setting the option to the Less Secure option rather than More Secure
Once these are set, users can remote to the machine again.
If you don't have any other way into the machine except Remote Desktop, I'm afraid the machine is lost.
For anyone facing this issue. Below is response from AWS technical support team:
Looking at the error message you posted, this is due to a recent patch (KB4103727) that Microsoft has released to fix a vulnerability. It is a mandatory requirement from Microsoft that both the client machine (the computer from which you are trying to RDP into your instances) and the remote server (your EC2 instance) has the latest updates installed. If one of these machines has the latest updates installed and the other does not, RDP connection would fail.
Note: If you see your Windows is up to date and you do not see the KB4103727 installed, it could be a different KB article which applied the KB4103727 as a cumulative update. If this is the case, please uninstall all KBs that were installed recently before the RDP connection was broken.
For more information about this hotfix, please refer to the Microsoft documentation below:
https://blogs.technet.microsoft.com/yongrhee/2018/05/09/after-may-2018-security-update-rdp-an-authentication-error-occurred-this-could-be-due-to-credssp-encryption-oracle-remediation/
https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018
There are multiple workarounds for this issue:
Option 1: If the update is installed on your client (workstation) and is not installed on your EC2 instance.
Uninstall KB4103727 from your client machine. After you uninstall the KB and gain RDP access to the EC2 instance, you can patch the instance with latest updates first and then update your client machine with the KB by running Windows Update again.
Alternately, you can keep your client machine updated and you can install latest Windows updates on your EC2 instance remotely using SSM Run Command. For detailed instructions on how to configure your instance to use SSM Run Command, please refer to the below documentation:
SSM Prerequisites: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-prereqs.html
Run Command Tutorial: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/tutorial_run_command.html#rc-tutorial-ui
After you configure your instance to use SSM Run Command, you can execute the Run Command document "AWS-InstallWindowsUpdates" remotely on your instance.
Option 2: If the KB is installed on your EC2 instance and is not installed on your client machine
Run Windows Update on your client machine and install latest software updates. Once the latest updates are installed on both your instance and the client machine, you should be able to RDP into the instance.
Alternately, if you have a backup AMI or an EBS snapshot created before the patch was installed on your EC2 instance, you may consider restoring your instance from the backup to roll back the installed software updates.
Option 3: There is a workaround suggested by third party websites to disable the check altogether on the unpatched Windows machine and RDP should work normally. On the unpatched machine, open a command prompt with Administrator privileges and run the command mentioned below:
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters" /f /v AllowEncryptionOracle /t REG_DWORD /d 2
Please note, you may have to reboot your Windows machine for the changes to take effect after you install/uninstall the KB.
So, finally I had to uninstall mentioned update from client machine(using which I was trying to connect to the aws instance) which allowed me to connect to the instance. Once connect, I updated the instance with windows updates and rebooted it which resolved the issue.

start VM on RDP request

I have a windows 10 VM in azure. I connect to this machine RDP. Because most of the time this machine is not in use (I'm not using it) I'd like, in order to save the costs, to shut down it.
My issue is to get back, to connect to it RDP after that. How do I start the machine remotely?
If you shutdown VM inside VM, you continue to pay for your VM.
If you shut down a VM from inside ( using Windows power options) or
through PowerShell by calling ShutdownRoleOperation with
"PostShutdownAction" equal to "Stopped".
More information please refer to this FAQ and this link.
You should use Portal or PowerShell to stop your VM.
If your VM is stopped(deallocated), you could use PowerShell to start your VM.
Start-AzureRmVM -ResourceGroupName $myResourceGroup -Name $myVM
More information about manage Azure Virtual Machines using PowerShell please refer to this link.
Also, you could start your VM on Azure portal. More information please refer to this link.
Notes: If you don't set static Public IP, the IP address will change.