I have an existing VM Azure it seems the password of my XXX user has EXPIRED.
a) I know I have an Administrator user somewhere but how can I ask Azure for its password?
b) I think I read somewhere I could add more admins from the Azure Dashboard, but it was not clear if that was for the VM or for the Subscription. (I surely need for the VM).
I've been on Google for the past 4 hours looking at how can I fix this problem.
I really don't want to believe that MS does NOT offer a way to fix this issue.
At least the Remote Desktop should display a "Change Password" form....
Seriously, did I really lose control of this VM?
There is an option now in https://portal.azure.com/
You need to log in with your Azure credentials.
Browse -> Virtual Machines -> Select Your Virtual Machine
-> Select Setting on top -> Password Reset
It works... :)
Using the new Azure VM Agent you can do this (as long as the agent is installed, which it is by default on all new VMs you spin up).
You need the Azure PowerShell module for this, which can be downloaded from here:
http://t.co/2hQP6qsGeM
After its installed, fire up PowerShell, connect to your subscription (which is described here: PowerShell for Azure Documentation) and issue the following command after replacing the values:
Get-AzureVM -ServiceName MyService -Name MyVM | Set-AzureVMAccessExtension -UserName MyUserName -Password "MyComplexPassword123" | Update-AzureVM
This is the fastest solution:
Create a script called “ResetPassword.ps1” e.g. with Notepad
Add the following line and replace your credentials
net user <YourExistingAdminUserName> <YourNewPassword>
Go to the VM in the azure portal
Go into the extensions menu for that VM
In the top menu pick “Add”
Choose the Custom Script extension, create and pick your "ResetPassword.ps1" script file
The file will now be pushed to your VM and deployed. Once it is successfully executed, you can login with the new credentials.
Source: http://www.chrisjohnson.io/2018/02/15/domain-controller-in-azure-vm-with-expired-password/#comment-6825733
Related
I'm currently trying to enable VM Login on a Windows 2019 Server with Azure AD Credentials. For this I have followed the Microsoft Documentation: https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
I have tried by creating a new user as type "member" in my Azure AD. Then I have created a Windows Server 2019 VM with "Login with Azure AD" enabled as shown in the documentation. Afterwards I have given the "Virtual Machine Administrator Login" Role to the new User. Then I have tried to login to the VM using the new user credentials. Unfortunately it didn't work. I encounter the "Your Credentials did not work" error message.
With the local user I can login to the VM. I have tried to de- and reinstall the "Microsoft.Azure.ActiveDirectory.AADLoginForWindows" Extension. I have checked the VM with the command: "dsregcmd/status", whether th VM is really Azure AD joined.
Has someone done it before and know why it doesn't work? What have I done wrong?
Best regards!
I tried to reproduce the same in my environment and added successfully
I have added user and created VM with Windows Server 2019 enabled Login with Azure AD. While creating azure vm make sure to give username and password same as azure ad user Credentials.
Verify whether you have added AADLoginForWindows Extension in Azure as below:
Downloaded RDP file and tried to login it shows me an error. To resolve this issue, use different account use "\" try to login as below.
<VMname>\Username or localhost\username and password
Make sure you are using the correct credentials When RDP VM using Azure AD credentials, in order to log in, you can also reset your password try logging in if still error appears.
Once RDP has opened try to Join a Windows 10 Device to Azure AD and on your Windows 10 Azure VM -> system properties -> remote setting -> uncheck Allow connections only from computers as below:
To add azure ad user to RDP user group Run the command prompt as administrator like blow:
net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
Account should be AzureAD\USERNAME#DOMAIN.onmicrosoft.com type.
To confirm the Azure AD user has been added run this Get-LocalGroupMember -Name "Remote Desktop users" in powershell .
And then, I modify the azure vm RDP file. If you modify this file in before u will get an error, Click Download RDP File -> right click open with notepad file and try to add like below and save
address:s:IPADDRESS:3389
prompt for credentials:i:0
authentication level:i:2
enablecredsspsupport:i:0
username:s:USERNAME#DOMAIN.onmicrosoft.com
domain:s:AzureAD
And try to connect with this RDP file. make sure you need to use AzureAD\username#domain.onmicrosoft.com. if you are enter only the Azure AD user account without the domain it may cause an error.
Reference: Assign Azure roles using the Azure portal - Azure RBAC | Microsoft Learn
I created windows VM on azure and I login to VM using RDP. After login, I changed RDS "Limit number of connections" to 2. Now I restart the VM and I cannot login anymore. It says "The number of connections to this computer is limited and all connections are in use right now. Try connecting later or contact your system administrator"
I have access to powershell/PS and I can run any PS script in azure portal. So if any could give me PS script that will set the RDS "Limit number of connections" to x that would be great.
Note: RDS - Remote Desktop Service. You can navigate there by typing gpedit.msc to windows Run box. and then Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> "Limit number of connections"
reference link https://www.top-password.com/blog/enable-multiple-remote-desktop-connections-in-windows-server/
There is no PowerShell script to update the group policy. To limit the number of connections, you can temporarily edit the related registry MaxInstanceCount in your Azure VM portal.
For exmaple, add the registry MaxInstanceCount to value 300, refer here.
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name MaxInstanceCount -Value 300 -PropertyType DWORD -Force
Please note that you could update your group policy once you have login into your Azure VM because the group policy will refresh regularly. After one hour, the registry value might be changed to the original value 2.
When I try to do this:
I get this:
I really need to get into this VM.
I've had that happen too, and if you keep trying it usually works after a bit. It may help to try a different web browser, log out and log back in again, etc.
To install VM agent extension on your VM, please follow the below steps and let us know if that helps.
After you RDP to the VM and install the MSI (same as you would any other MSI package), use the April 2014 v0.8.0 or later Azure PowerShell release to update the VM property to indicate the agent is installed.
$vm = Get-AzureVM –ServiceName –Name
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM –Name –VM $vm.VM –ServiceName
Now if you run Get-AzureVM again, the GuestAgentStatus property should be populated instead of blank:
Get-AzureVM –ServiceName –Name
GuestAgentStatus:Microsoft.WindowsAzure.Commands.ServiceManagement.Model.PersistentVMModel.GuestAgentStatus
Note the steps to update the VM property are also on the Manage Extensions MSDN page.
Girish Prajwal
If you don't have the agent installed then you will need to mount the disk in another vm and manually make the changes. There are a number of offline password reset tools available (search for 'windows offline password reset') for a decent number of them. I've never used any (at least not since Win2k days) so I can't comment on how good they are.
Try Stop and Start from the azure portal for the VM which you wanted to update the password.
I have the latest version of the Azure Powershell installed (0.9.7). I have a new virtual machine that was created via the Preview Portal. It was created with the new Resource Group model.
I am trying to install a few extensions but I cannot figure out the correct Powershell commands. Most instructions say to use Get-AzureVM. This does not return my VMs. If I use Switch-AzureMode to AzureResourceManager, I can use Get-AzureVM to list my VM (v2 I assume).
It seems none of the Extension scripts are setup for Resource Manager mode. Most of the sample scripts say to use:
Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable -ReferenceName 'BGInfo' | Update-AzureVM
I have tried all kinds of ways. The AzureVMBGInfoExtension cmdlet is not available in Resource Manager mode.
Any suggestions?
Create a VM
I created a new VM so that I could help you. I used portal.azure.com > New > Compute > Marketplace > Windows Server > Windows Server 2008 R2 SP1 and chose the Resource Manager deployment model.
Create an Active Directory User
Since we're using the Azure Resource Manager, I needed to create a new Active Directory user so that I could authenticate with Azure PowerShell. That is the only way that I could authenticate.
You can create one using the following steps.
Login to the Azure Portal, and select Active Directory.
If no directory exists, select Create your directory and provide the requested information.
Select your directory and add a new user. This new user is a work or school account.
During the creation of the user, you will be supplied with both an e-mail address for the user and a temporary password. Save this information as it is needed later.
From the Azure portal, select Settings and then select Administrators. Select Add, and add the new user as a co-administrator. This allows the work or school account to manage your Azure subscription.
Finally, log out of the Azure portal and then log back in using the new work or school account. If this is the first time logging in with this account, you will be prompted to change the password.
Make sure you see your subscriptions when you log in as the work or school account.
Oddly enough, Azure Resource Manager seems to work best (or only to work) with if we authenticate with one of those types of accounts.
Install the Most Recent Azure PowerShell Module
Since we need access to the Extension related commandlets, I installed the most recent version of Azure PowerShell. The link shows how to install it via the Web Platform Installer. Once done, you can find out whether you have the correct one by running this:
> (Get-Module azureresourcemanager).Version
Major Minor Build Revision
----- ----- ----- --------
0 9 7 -1
When we run the following, look at all the Extension related commandlets. Hooray!
> Switch-AzureMode -Name AzureResourceManager
> Get-Command *extension* -Module AzureResourceManager
Get-AzureVMAccessExtension
Get-AzureVMCustomScriptExtension
Get-AzureVMDiagnosticsExtension
Get-AzureVMDscExtension
Get-AzureVMExtension
Get-AzureVMExtensionImage
Get-AzureVMExtensionImageType
Remove-AzureVMAccessExtension
Remove-AzureVMCustomScriptExtension
Remove-AzureVMDiagnosticsExtension
Remove-AzureVMDscExtension
Remove-AzureVMExtension
Set-AzureVMAccessExtension
Set-AzureVMCustomScriptExtension
Set-AzureVMDiagnosticsExtension
Set-AzureVMDscExtension
Set-AzureVMExtension
We have access to these while being in Resource Manager mode. To learn how to use each of them, run Get-Help Set-AzureVMAccessExtension -example on each one that is of interest. Then play around with the example.
Authenticate Azure PowerShell & Set the Extensions for Your VM
When authenticating via Add-AzureAccount, use the Active Directory user that we created. Then you can query your virtual machines.
> Add-AzureAccount
> Get-AzureResource -ResourceType Microsoft.Compute/virtualMachines
Once you know the details of your VM, you can add an extensions. Here is one example that worked for me.
> Set-AzureVMAccessExtension -ResourceGroupName "mvp1" -Location "West US" -VMName "mvp1" -Name "mvp1test" -TypeHandlerVersion "2.0" -UserName "shaunluttin" -Password "Password
EndTime : 9/1/2015 9:35:57 PM -07:00
Error :
Output :
StartTime : 9/1/2015 9:35:20 PM -07:00
Status : Succeeded
TrackingOperationId : f03210e0-e67e-40d7-aad7-d9acef64bebe
RequestId : 95f42767-edcf-443a-8977-4c9f6d0eafef
StatusCode : OK
Best of luck with that. Let me know if you have any questions.
I'm using Microsoft Azure VM and have reset the Administrator password using:
Computer Management - > User and Groups - > Right click and Reset
But once I try to RDP as Administrator,the new password didn't work out.
I tried to reset the password using powershell ISE with below explanation .
Resetting Admin Passwords on Microsoft Azure VM’s
And I found that VM Agent is not installed.
How can I install the VM Agent using Powershell ISE and then reset Admin password ?
Thanks
You need to be able to connect via RDP to be able to install the agent via executing a msi in the VM. You can download the msi for agent on Microsoft site.
The to let VM know that agent is installed you can execute below cmdlets via Azure PowerShell:
$vm = Get-AzureVM –ServiceName [Name]
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM –VM $vm.VM -ServiceName
If the agent is not installed this usually means that the VM image was not properly preped / generalized for Azure. I have had this situation(it was quite weird as I will use an image to deploy few VMs then about a week later new VM provisioning will start to fail stating agent was missing. When I called support and worked with them it got traced to bad provision process on my end)