When I connect to a Windows VM using Bastion, I get the error: “A Bastion session should be initiated only from Azure Portal. Please login to Azure Portal and start your session again.” Of course, I am logged into Azure Portal, and I did start it from there. Then I can see the server desktop, but it is dimmed and not responsive due to the modal dialog with the error and a close button.
More details: On the Connect screen there is an “Open in new browser tab” option. If I clear that, then I don’t get the above error, but then screen is just blank. After I click connect, in the lower right corner it shows for a second, "The network connection to the Bastion Host appears unstable." It acts the same if I am on a VM or not. I am using an AD account; it acts the same if I include just the username or name#domain.
How can I get Bastion to work?
I disabled or deleted all my browser extensions, and that fixed it. The problem extension was Wappalyzer.
Related
I have an Azure Virtual Machine connected with Azure Active Directory. A user from this AD is added to this machine as an admin. Other people can successfully RDP to the machine with this user's credential, but I get error saying "The user account used to connect to remote PC did not work. Try again". Well, I am trying the whole day. Does anyone know what can cause this?
The fun fact is, I can RDP to the machine using the local admin, but again it fails with AD user.
I tried connecting with Microsoft Remote Desktop for Mac, mstsc for Windows and with Remote Desktop Connection Manager. The same result everywhere.
I tried different usernames format:
alex.sikilinda#mydomain.com - other people can successfully login using this format
AzureAD\alex.sikilinda#mydomain.com - for windows client getting the same error, for Microsoft Remote Desktop for Mac getting "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
AzureAD\AlexSikilinda mstsc error - "Remote machine is AAD joined. If you are signing in to your work account, try using work email instead", Mac - "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
Microsoft Remote Desktop for Mac version 10.2.3 (1343)
Windows 10 version 16299 (also tried with 1803 on another machine, the same result).
I also came across the same error for the win10 that is AAD join, and I tried the following way to solve this:
Change VM Remote desktop settings same as the picture
Create a new RDP config file
Open mstsc.exe, click on Show Options and then click Save As(give it a new name such as AzureAD_RDP, save it somewhere easy to find).
Open the saved file using Notepad. Verify that the following two lines are present, if not, add them, and save.
enablecredsspsupport:i:0
authentication level:i:2
RDP to the target VM
Open the RDP config file that you just edited, enter the IP address of the VM, do not enter any username, and then connect.
Here you could use AzureAD\UPN or username to log in.
I haven't tried disabling the NLA (and wouldn't recommend), however in my case was the legacy MFA getting in the way of getting into the VM, even if only enabled for the account, and not forced.
In my case, we're using the Conditional Access with MFA, but we have to exclude the VM from the cloud apps (Azure Windows VM Sign-In), because we're not using Windows Hello (thanks Microsoft for a half baked solution!).
See Login to Windows virtual machine in Azure using Azure Active Directory authentication for more details.
I can't seem to access my server from the local ipv4 my instance shows in Amazon. When I try to access the website it fails also I couldn't ping to it.
Does anyone know how to fix this or help me if possible.
Thanks.
This is a common asked question which I've read a lot on the internet but couldn't find a clear answer. The problem is that your server instance doesn't allow all traffic which is connecting to your server. You have to open all gates for your server. To do so, login into your account on Amazon. When logged in go to your server instance. Then on your EC2 dashboard scroll down and click on 'Security groups'. After clicking on 'Security groups' from the dashboard click on your last created security group, you can see this from the description of your last created instance. Then select your instance and choose >> 'inbound'. Click to see where you have to click. After clicking on the button 'Edit', add a new line under your RDP connection. The new line has to look like this >>
Click this to see how the line has to look like your connection has to allow all traffic as you can notice.
I have a VPS with Windows Server 2016 Datacenter, which I access through Remote Desktop. I would like to access it through VPN, so I tried to repeat the working configuration I have in another VPS with Windows Server 2008 Standard.
Both servers have a single Network Interface with a public address and a second internal address (10.1.0.1/255.255.255.248). As I said, VPN works perfectly on 2008.
The procedure I followed is described perfectly with screenshots in an article by Thomas Mauer
http://www.thomasmaurer.ch/2016/10/how-to-install-vpn-on-windows-server-2016/
So, briefly, I added the Remote Access role with the Remote Access and Routing features. The role and features get installed without any problem and then I am directed to a wizard, though which I try to initialize the VPN-only feature with a custom configuration. When I finally get into the "old" Routing and Remote Access Management console and try to right-click on the server node to "Configure and Enable Routing and Remote Access" this procedure never ends. A rotating clock icon stays there forever, so I have to kill the management console from the task manager.
When I reopen the management console, either with or without restarting the server, the server looks like running. Then I right-click on the server and select "Properties" in order to define the tunneling protocol for VPN as well as the internal address range that will be provided to the connected clients. The problem here is that this properties popup never gets saved. The "Apply" button does nothing, the "OK" button does not close the form and only the "Cancel" button closes the form without changing anything.
Has anybody seen this behaviour? Am I missing something?
Best regards,
Alex
I don't know why, but for this service to work the user "Network Service" needs to have "Logon as Service" permission, other services do not seam to require that...
You can grant this permission either by using secpol.msc or by just switching the service to run as e. g. "Local System" and back to "Network Service" (empty password fields).
To answer my question, it turned out that, for reasons I don't know, when the routing and remote access was being installed, the "Remote Access Management Service" was not starting. And after the server's restart it was always at "Starting" status.
This service is installed to run under the "Network Service" credentials with an Automatic (Delayed start) start type. When I changed to "Local Service" and manual, I was able to install the Role and initialize it without any problem. And then when I went back to Network Service and Automatic it runs without any more problems.
Strange ...
Alex
We're using cloud service to host a MVC web application, we want to access the remote desktop to do some settings. We deploy this application by uploading the packages and configuration file. When we click on the "Connect" button on the cloud service dashboard, we got the error:
"Failed to download the file Error details: error 400 Bad Request"
I think that the 400 Bad Request is a generic response when the Azure RDP configuration is bad. When I went to the old portal and tried to RDP from there I received a better explanation
The supplied cscfg file can not be parsed. Got exception
Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword
Turns out the real issue was that the thumbprint I provided for my cert did not match the cert I had uploaded to Azure. The quick fix was to
Go to the old portal and select my cloud service
Select the 'Configure' tab
Select 'Remote' on the bottom bar
Re-configure the remote desktop settings
It cycled my roles, but when they came back I was able to successfully RDP. The real fix would be to put the correct information in the Cloud Service configuration as you are deploying.
Using the new interface for Windows Azure, how do I enable RDP? I am using a cloud service and my site is mysite.cloudapp.net. In my publish settings, I enabled RDP. Where do I find my RDP credentials? How do I enable FTP, if possible? Here are the instructions that I followed:
https://www.windowsazure.com/en-us/develop/net/common-tasks/remote-desktop/
I see no hosted services tab in the new layout.
When I try to RDP, I receive an instant failure message that I cannot connect. I am using Windows 8 and I tried Windows 7.
For RDP, assuming you've followed all the steps and the configuration is right, you need to use the management portal, click on cloud services on the left and select the service whose instance you want to RDP into, select instances in the menu at the top and then pick the instance you want to RDP into.
The bottom toolbar should include a connect option, clicking on it should download an RDP file you can open to RDP into the machine, this will prompt you for the credentials you need to provide (as provided in your project configuration).
You can actually save this RDP file and re-use it for the deployment, but it may become invalid if you re-deploy as port numbers change.
As for FTP, much has been written about it, for example this, but you really need to consider the note in this article, for example - files you upload to the role instance will disappear if the role needs to be recycled for whatever reason.