Connect to Azure VM by RDP: An internal error has occurred - azure

we have the virtual machine:
account: xxxxxxxxx#xxxxxxx.xxx,
account type: Personal account,
subscription: Microsoft Partner Network,
resource group: xxxxxxxxxxx,
virtual machine: xxxxxxxxxxx,
public ip address: xx.xxx.xx.xx:xxxx and
OS: Windows Server 2012 R2 Datacenter.
I downloaded the xxxxxxxxxxx.rdp from Azure portal.
If I clicked on the RDP I had got error:
Remote Desktop Connection: An internal error has occurred.
Do you know cause?
Thank you very much.

I managed to fix my issue with these 3 steps. To do so, you need to be able to connect to your machine with RDP. I can do that, if I am connecting while it is starting up, then my RDP somehow works.
The permanent fix for me was these steps.
1: remove the checkmark
2: change group policy setting
3: delete machine keys

One option is to use an alternative RDP client, such as the Microsoft Remote Desktop Windows Store app or even FreeRDP.
Edit to add: RDP access had been misconfigured leaving open access to the public internet and there were multiple dead connections leftover from brute force attempts to login. Cleaning up the firewall to restrict access meant no more invalid login attempts and the problem seems to have gone away without any VM configuration changes.

The internal error may be caused by several reasons and you can follow the steps here to troubleshoot and solve it. Take care, backup the VM OS disk is an important action and should be done before doing other actions.

Related

Azure VM: the user account used to connect to remote PC did not work

I have an Azure Virtual Machine connected with Azure Active Directory. A user from this AD is added to this machine as an admin. Other people can successfully RDP to the machine with this user's credential, but I get error saying "The user account used to connect to remote PC did not work. Try again". Well, I am trying the whole day. Does anyone know what can cause this?
The fun fact is, I can RDP to the machine using the local admin, but again it fails with AD user.
I tried connecting with Microsoft Remote Desktop for Mac, mstsc for Windows and with Remote Desktop Connection Manager. The same result everywhere.
I tried different usernames format:
alex.sikilinda#mydomain.com - other people can successfully login using this format
AzureAD\alex.sikilinda#mydomain.com - for windows client getting the same error, for Microsoft Remote Desktop for Mac getting "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
AzureAD\AlexSikilinda mstsc error - "Remote machine is AAD joined. If you are signing in to your work account, try using work email instead", Mac - "Your session ended because of an error. If this keeps happening, contact your network administrator for assistance. Error code: 0x807"
Microsoft Remote Desktop for Mac version 10.2.3 (1343)
Windows 10 version 16299 (also tried with 1803 on another machine, the same result).
I also came across the same error for the win10 that is AAD join, and I tried the following way to solve this:
Change VM Remote desktop settings same as the picture
Create a new RDP config file
Open mstsc.exe, click on Show Options and then click Save As(give it a new name such as AzureAD_RDP, save it somewhere easy to find).
Open the saved file using Notepad. Verify that the following two lines are present, if not, add them, and save.
enablecredsspsupport:i:0
authentication level:i:2
RDP to the target VM
Open the RDP config file that you just edited, enter the IP address of the VM, do not enter any username, and then connect.
Here you could use AzureAD\UPN or username to log in.
I haven't tried disabling the NLA (and wouldn't recommend), however in my case was the legacy MFA getting in the way of getting into the VM, even if only enabled for the account, and not forced.
In my case, we're using the Conditional Access with MFA, but we have to exclude the VM from the cloud apps (Azure Windows VM Sign-In), because we're not using Windows Hello (thanks Microsoft for a half baked solution!).
See Login to Windows virtual machine in Azure using Azure Active Directory authentication for more details.

azure: how to access abc.cloudapp.net

one colleague of mine set up a virtual machine on azure and sent me the following address: abc.cloudapp.net.
He then told me that I can access to the machine, but he didn't tell me how...
Now he is in vacation and I'm stuck with that address...
Here is my questions:
how to use the address he gave me?
do I need an Azure account in order to get access?
should I use my browser (chrome) to access, or should I download some Azure app?
Here's the document that will help you with troubleshooting what is wrong with the VM (in case you can't connect using mstsc)
https://learn.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-troubleshoot-rdp-connection
If this is a virtual machine you should be able to remote desktop to it.
From a Windows based OS go to "Remote Desktop Connection" from the start menu or type mstsc from a Run prompt (Start--> Run or Windows Key + r)
Then type in that address and hit "Connect", you should then be prompted to enter your credentials to log onto the machine

How do I connect Release Management 2013 client on a non-domain Windows 10 box?

I've got 2 machines:
A corporate desktop machine which is running Windows 7 SP1 which resides on the corporate domain and which I log into using a corporate domain account.
A personal laptop that I use when working from home via the Cisco VPN client but presently sits on my desk connected to the corporate WiFi (though I had it connected to the wire and on the same subnet as my desktop machine today also). This machine is not on the corporate domain; I log into this machine with a Microsoft Account.
I need to run Visual Studio 2013 Release Management Client from both machines. The machine on my desktop works fine when entering either the IP address or the URL into the Release Management Server URL entry field and everything hooks up and all is glorious.
On my Windows 10 laptop however, it's a different story. Every attempt to connect is met with the error:
The server specified could not be reached. Please ensure the
information that is entered is valid (please contact your Release
Management administrator for assistance). <-- I'm the admin
I can ping the machine both with IP address and with hostname, ruling out DNS issues. Both client machines are on the same subnet. Both machines are using the same outbound port.
Checking the event log I see a bunch of Message: The remote server returned an error: (401) Unauthorized.
Checking with Fiddler, on my desktop machine, I can walk through the handshake of each of the stages of startup and all is good. But in Fiddler on my laptop I see 3 401 Unauthorized errors before Release Management Client bombs and returns the rather uninformative message I posted above.
I've attempted to create a shadow account on my laptop and do the Shift-Right Click-Run As Different User dance, but I must be missing something because I can't get this to run.
I've talked to the network administrator who suggests that I should be able to access all of the same resources from both machines and that it must be a Release Management issue.
Is this an incompatibility between VS2013 Release Management & Windows 10 or something else? Has anyone else had this issue and overcome it? I have access to be able to administer the Release Management environment if there's changes that need to be made there and I'm a local administrator on both machines. I'm not however a domain administrator if changes need to be made there.
I would bet you simply have a security issue as the workstation is not domain-joined and the WPF client is using Integrated Authentication.
Often creating a local "shadow" user with same username and password, and running the client app under that account (run as) works.
Another option is to join the workstation to the domain or use a domain-joined VM.
After fully investigating the situation, it appears to have been a combination of factors. I am posting a response because this appears to be a relatively common problem:
The workstation was sending an unexpected credential to the server. To get around this, you have to configure the user account on the server without a domain in the username and create a shadow account on your local machine. When running the client application, you must either log into this shadow account on the local machine or you must SHIFT+RIGHT CLICK and choose "Run as" entering your local shadow credentials. This will then pass the shadow account to the server which will now authenticate without referencing the domain. OR
Create a user account on the server that matches the credentials on your local machine including MACHINENAME\LocalUsername
There appeared to be a network issue when attempting to connect to the Release Management Server from the non-domain machine when connected inside the network. When connecting via the VPN from home, this situation was resolved, but only after we'd ensured the account and local machine accounts were correctly configured. The domain connected machine always connected properly.

Unable to connect to worker role using RDP

I am using a Cloud services running a single worker role with two instances. For almost a year I have been able to connect using RDP.
This week I wanted to connect, but couldn't. The remote desktop connection display the wrong credentials displaying: "Use the following credentials to connect: Password for Admin"
When an deployment is uploaded to the staging environment, I am able to connect. After swapping to the production environment, I cann't connect.
But the old deployment can be connected in the staging environment.
When I set up the connection from another PC, I am able to connect.
I think there is something going on with my PC, but no idea where to look.
Can somebody help me?
It turned out I have checked "Save my credentials" by accident. There was an entry in the Windows Credential Manager.
Deleted the entry, I can connect again.
After creating the RDP account, I had to reimage the webrole (Roles And Instances -> WebRole -> Reimage). After the reimage I was able to connect.

Azure Connect won't connect

Just installed azure connect on my localhost, but it won't connect. I see my machine dbates-HP as a active endpoint in my vistual network/connect section on my azure portal and organized it into a group.
I can see in the azure connect portal that the machine endpoint is active, and that it refreshes since the last connected updates.
My local connect client lists the following diagnostics messages:
Policy Check: There is no connectivity policy on this machine.
IPsec certificate check: No IPsec certificate was found.
Also tried with firewall turned off.
Duncan
In some scenarios getting Windows Azure connect to working becomes very complex. I have worked on multiple such scenarios and found most common issues are related with network settings. To start investigate you need to collect the Azure Connect logs first from your machine and try to figure the problem out by yourself. I have described some info about collecting log here:
http://blogs.msdn.com/b/avkashchauhan/archive/2011/05/17/collecting-diagnostics-information-for-windows-azure-connect-related-issues.aspx
To open a free Windows Azure support incident please use link below:
https://support.microsoft.com/oas/default.aspx?gprid=14928&st=1&wfxredirect=1&sd=gn
Have you "linked" your Azure role with the machine group you created? The message "There is no connectivity policy on this machine" suggests that you haven't defined (in portal) to whom this machine should connect to.

Resources