The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Virtual Machines!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Cannot RDP into newly created VM RRS feed

  • Question

  • I am creating a VM from a custom image that I have created recently. I go use the option to create "From Gallery", select my image, and provide all the information including the username and password.

    The machine takes a long time in the "Provisioning" state (several hours!). It frequently ends up timing out. Regardless, the "Connect" option is available... when I try to RDP, I get challenged for the username and password. However, when I enter the credentials I get an error saying that the credentials did not work.

    I'm 100% sure that I'm entering them correctly... I have tried several times (created different VMs), and keep having this problem.

    I have using Azure IaaS VMs for almost 9 months now... this only started happening with images created very recently (since last week).

    Any suggestions? Thanks...

    Wednesday, June 12, 2013 8:17 PM

Answers

  • Hello ,

    Expanding on my last post with some more things we can try.

    The problem is that if you can't connect to the VM there isn't much we can do. Normally you would connect with console access to troubleshoot but in this case we don't have console access.

    What we can do

    1) Resize the VM - which will result in a new NIC being detected with default IP settings and recreate the endpoint

    2) Recreate the VM

    3) Try to connect via RDP from another VM in the same or subscription service/or virtual network. This eliminates a lot of factors such as local firewall issues and Azure load balancer issues.

    4) From another VM in the same or subscription service/or virtual network you can try loading the Firewall MMC and connecting remotely to check the firewall settings.

    5) From another VM in the same or subscription service/or virtual network you can try loading the service MMC and connecting remotely to check that the firewall service is running.

    6) From another VM in the same or subscription service/or virtual network you can try using MSTSC /admin and then using the role manager just remove the terminal services service (make sure you do not need it first)

    7) From another VM in the same or subscription service/or virtual network you can use the Sysinternals tool Psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553) to remotely access a VM to verify RDP is enabled, try to enable it, and/or disable the firewall and retry the RDP connection.

    A. From a command prompt on the VM that you are able to access, run psexec against the DIP of the inaccessible VM:

    psexec \\10.175.194.31 cmd

    Psexec uses TCP ports 135, 137, 445, which are open in the default Windows Firewall settings even when RDP is not.

    B. Verify RDP is enabled:

    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting get servername,allowtsconnections

    Sample output showing 1 for AllowTSConnections meaning RDP is enabled:

    C:\>wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting get servername,allowtsconnections

    AllowTSConnections ServerName

    1 TEST1

    C. This will both enable RDP and set the firewall exception:

    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting WHERE (__CLASS !="") CALL SetAllowTSConnections 1,1

    Sample output:

    C:\>wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting WHERE (__CLASS !="") CALL SetAllowTSConnections 1,1

    Executing (\\TEST1\root\CIMV2\TerminalServices:Win32_TerminalServiceSetting.ServerName="TEST1")->SetAllowTSConnections()

    Method execution successful.

    Out Parameters:

    instance of __PARAMETERS

    {

    ReturnValue = 0;

    };

    D. You can show the current windows firewall state:

    netsh advfirewall show currentprofile state

    E. To disable the windows firewall:

    netsh advfirewall set currentprofile state off

    To revert that you would just do: netsh advfirewall set currentprofile state on

    8) It is possible to download the VM and host it locally to fix it but that should be a last resort.

    Wednesday, June 19, 2013 9:03 AM
    Moderator