forgot user name password for a linux (ubuntu) vm. tried to "Reset Remote Access" from the portal, but it is not helping - more than 30 minutes - it still shown in progress. Tried to do it via azure command line. Created a new user with password, but unable to login. SSH says access denied. Should I do any additional steps?
After creating new user you should also reset your SSH connection. You could refer to Reset Access and Manage Users and Check Disks with the Azure VMAccess Extension for Linux for detailed steps.
Related
I'm attempting to query a remote machine with the PowerShell cmdlet: Get-WmiObject and using credentials for a user in Azure AD that has the Azure AD joined device local administrator role and the IAM role assignment of Virtual Machine Administrator Login on the remote machine.
When I run the following command:
Get-WmiObject -Class Win32_Process -Namespace "root/cimv2" -ComputerName <remote_computer_local_ip> -Impersonation Impersonate -Credential AzureAD\<username>
I receive the following error message:
Get-WmiObject : A security package specific error occurred. (Exception from HRESULT: 0x80070721)
Is the ability to run remote WMI queries supported when using an Azure AD user?
Remote machine specs:
Windows Server 2019 Datacenter
10.0.17763 Build 17763
Other troubleshooting notes:
I'm able to sign to the remote machine with the same user and have followed the steps in the https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows document
When running the same command on the remote machine locally it properly returns the Win32_Process data
If I use the local administrator credentials on the remote command it also works which suggests that remote WMI is working
Both computers are Azure AD joined and show AzureAdJoined : YES from the dsregcmd /status command
I've attempted to use the Computer Name, Local IP, and FQDN and they all yield the same result
After talking with Microsoft support about this issue, it seems that the error stems from the different authentication methods between a local user account and an Azure AD account.
It seems it is not supported as they are using different authentication protocols.
Azure AD user uses OAuth and the security error is due to Kerberos.
Here is the reference article for more details: Authentication protocols in Azure Active Directory B2C | Microsoft Docs
They have also mentioned that there is no current information on whether or not this will be supported in the future and have recommend checking Azure updates for future product updates.
It could happen for number of reasons. Please check if any of these in your case is the one.
When You try to setup a WMI session when:
a. There are more than one computer accounts with the same name in play and one of those stale computer accounts resides in the same domain as your user account
b. Or when servers operating reside in the same AD DS forest but in different domains.
When server is not able to find the user object due to password credentials that may be stored as cache from previous login.
Incorrect time on machines/server that doesn’t match.
If firewalls are enabled for server which may restrict the access.
possible work arounds
Try azuread\user#mydomain.com or user#mydomain.com or domainame\username format to login or Try taking out the domain and adding it back again.
The local PC and remote PC must be in the same Azure AD tenant.
Run AAD delta Sync to make sure everything is Synced and make sure of internet connectivity and network.
Try if you can turn off firewall.
References:
remote access - AAD- Server Fault
rdp -Azure AD Joined - Server Fault
«0x80070721 | exchange12rocks.org)
A security package specific error occurred | Microsoft Docs
I am trying to change the admin password for an Azure VM. I am not able to log on to the VM remotely.
What I've tried:
The password reset tool located in the Azure Portal for the VM
Set-AzVMAccessExtension via Powershell in the Azure Cloud Shell
Both return the following:
Failed to reset password
VM has reported a failure when processing extension 'VMAccessAgent'. Error message: "Parsing Extension protected settings failed. Exception : Cannot find certificate with thumbprint '[Thumbprint Snipped]' to decrypt protected settings."
Has anyone encountered this situation in an Azure VM? If so, what can be done to remedy this error and reset the admin password OR add an admin user to the account?
To answer this, in case anyone stumbles upon it looking for an answer, I had to do the offline password reset method outlined in Azure documentation:
Reset local Windows password for Azure VM offline
It wasn't that painful if you go slow and methodically, but as there was something misconfigured on the VM instance that was seemingly beyond my control, this was the only recourse. And while yes, this is probably better suited to ServerFault, I will leave it here to help anyone that runs into a similar situation.
I am the admin of this particular azure subscription. I had to add my ssh key to a ubuntu server. But when I try to add the ssh key through "Reset Password", After sometime I'll get the following error message.
VM agent on VM 'Server' has not reported latest status for extension 'enablevmaccess'. Please verify the VM has a running VM agent and can establish outbound connections to Azure storage.
What might be the issue? How to resolve this?
Failed to reset ssh key
vmaccess is enabled
Two simple thing you might try;
Uninstall the VMAccess extension and try reset again.
Use the 'Run Command' to set/reset password.
Hope this helps.
your first error tells you exactly why this happens. vm extension needs to talk to azure storage to report extension status. if it cant - portal operations might fail (this doesnt mean the extension failed; its just unable to report actual extension status).
I've created a VM of Apache Solr by Bitnami on Azure, specifying my username / password in the creation process .
When i run : ssh my_username#my_vm_ip it works
But in the web portal http://my_vm_ip/solr , a popup username/password appears . I use same credentials than SSH and it fails
Any idea?
The application password generated by the Bitnami VM is generated uniquely for each VM, and is shown on the application vm console:
I'm not sure how you'd display the console login screen on Azure, but you can check the boot diagnostics log at least. The banner message is usually stored either in /etc/issue.* or /etc/motd, so I'd check that as well.
The default user name is user.
The default password you need to ssh to your VM and check /var/log/syslog. Search Bitnami, you will get like below:
More information about this, you could check this FAQ.
It's really big problem for me - ugly UI, where I can't see ssh connection requisites for my new virtual machine instance. Is it possible to change password? Password and login from my manage.windowsazure.com panel is not approach.
I guess you are talking about a Linux VM? When creating a new VM you have to supply a username and password or you can upload an SSH key. The standard username is azureuser. There is no way to reset the password of a VM w/o having access to it.
Update: By now it's possible to create a new User/Password or upload a new SSH key via the new Azure Portal.
Got to https://portal.azure.com
Select your virtual machine
Click on Settings
Select Reset Password
Generate new certificate using this article: http://azure.microsoft.com/en-us/documentation/articles/linux-use-ssh-key/
In Azure management console, go to "CLOUD SERVICES" -> your service -> certificates
Upload you new generated certificate
Now you can login with ssh -i ~/.ssh/[private_key] azureuser#[yourappname].cloudapp.net
Have you tried changing it on the machine.
Login to the Virtual Machine via SSH with your current password. and run chpwd