Remote Desktop to Azure VM Has Failed

Microsoft-Azure-cloud-hero
 
This post will step you through the troubleshooting steps for when you are unable to log into a Windows virtual machine (VM) in Azure via a remote desktop connection (aka RDP).
There are several things that can prevent you from successfully logging into a Windows VM in Azure. Some of these are human errors — configuration errors — some are regular faults that sometimes happen in a Windows installation, and some are things that can go wrong in the Azure fabric.
 

 
Note that many of the methods shown in this post change locations the Azure Portal faster than a whack-a-mole. The methods shared in this post are correct, but their locations will probably have changed since this post was written! You should be able to find the Azure Portal tools in the settings of the VM in question without much effort.

Check Boot Diagnostics

From time to time a VM might have a problem starting up or it might have crashed. If you have enabled Boot Diagnostics (under Diagnostics Settings), you can view a screenshot that is regularly taken of the VM’s “console” where you can see if your VM is running.
You can find this in Diagnose and Solve Problems (in the VM settings) > View Boot Diagnostics.

Checking if an Azure virtual machine is running [Image Credit: Aidan Finn]
Checking if an Azure VM is running [Image Credit: Aidan Finn]

Reset Remote Desktop Configuration

This option allows you to reach into the VM via a back door, the VM extension, to reset some configurations in the guest OS that can prevent successful remote desktop connections, such as enabling remote desktop in the Windows Firewall.
Go to the settings of the VM, browse to Diagnose and Solve Problems > Reset Password and select Reset Configuration Only as the mode before clicking Update.

Resetting an Azure machine’s remote desktop configuration [Image Credit: Aidan Finn]
Resetting an Azure machine’s remote desktop configuration [Image Credit: Aidan Finn]

Check Network Security Groups

Azure is secure by default. If you have done an advanced deployment of Azure VMs  (i.e., you haven’t used a next-next-next method), then there is a chance that you either forgot to create a network security group (NSG) to allow RDP into the NIC or subnet of the VM. Check to see if there are any NSGs assigned, and if there are, double check the rules to make sure that RDP is being allowed in to your NIC or your subnet/network address.

Checking if an Azure VNet has a network security group [Image Credit: Aidan Finn]
Checking if an Azure VNet has a network security group [Image Credit: Aidan Finn]

Check NAT Rules

I have experienced quite a few challenges with Azure load balancer administration in the Azure portal lately — I do not experience these issues when managing the load balancer via PowerShell or a JSON template. Every time I have a remote desktop issue, it’s been caused by a faulty NAT rule. Two things appear to happen:

  • Failed Target Update: The portal tells me that the NAT rule failed to create, but I can see it in the load balancer. However, the target (the NIC of the VM on the subnet), has not been updated, so the target field is blank. Update the rule and it should fix this issue.
  • Created Rule Doesn’t Work: I have found that the Azure Portal (at least in CSP subscriptions) is creating NAT rules, but it can take quite some time for them to work. This appears to be an issue with the portal — NAT rules that I create using PowerShell or JSON work immediately. A tip that this bug is happening is that the Connect button is enabled in the console, everything looks good, but you cannot connect.
Azure load balancer NAT rules [Image Credit: Aidan Finn]
Azure load balancer NAT rules [Image Credit: Aidan Finn]

Public IP Addresses

Some VMs might not be placed behind a load balancer, such as the Basic A-Series machines, which are not supported by the load balancer. These machines require:

  • A public IP address: You must create and assign a publicly addressable IP address to the NIC of the VM.
  • NSG: The VM must have an NSG to allow RDP into it.

Check VM Resource Health

The VM relies on the Azure fabric to grant you access to it. If there is an underlying problem, then it might be reported in Resource Health, which you can find in the settings of the VM under Diagnose and Solve Problems. You can learn more about the health of the machine by clicking More Details.

Azure virtual machine resource health [Image Credit: Aidan Finn]
Azure VM resource health [Image Credit: Aidan Finn]

Reset the Guest OS Password

If you are getting a username/password prompt to the VM, then you have network connectivity. Any problems now are probably down to failing memory, poor communications/documentation, or fat fingers — you need to reset the username and/or password, which is easily done via the VM Extension without any support calls to Microsoft.

You can find the Reset Password action in Diagnose and Solve Problems. Set the mode to Reset Password, enter the desired username and password, and click Update. A notification will appear to tell you when you can use these new credentials to sign in.

Reset the password of an Azure virtual machine [Image Credit: Aidan Finn]
Reset the password of an Azure VM [Image Credit: Aidan Finn]

Restart Your VM

Let the jokes start — yes, restarting Windows can solve problems. There’s nothing like giving the jukebox a jolt to get it going again. Use the Restart action in the VM settings in the Azure Portal to trigger a restart.

Redeploy Your VM

If there is a localized issue in Azure, then you can move your VM to a different host. Doing so can often solve remote desktop issues that aren’t related to user configuration. You can trigger a redeploy action in Diagnose and Solve Problems.

Note that this action restarts the VM and you will lose anything stored on the temp drive.