Can't access Azure VM via RDP any more

Solution 1

OK, so luckily I wasn't in too much of a hurry to log into this machine, so over the past few weeks I've been thinking of other ways to get in. In case anyone else has this problem, here's a compiled list of ways I've thought of or found to regain access to a VM that is not responding:

• Reset password as per the links in my original question (if lost password, locked account, unknown username, etc). This will change the username to the specified username, set the password and unlock the account. Except when it doesn't.
• Remote install VNC (eg. if RDP service is broken). Good if the password works but you can't RDP in for some reason. Make sure you remove the self-signed certificate from the certificate store if you use this method.
• Delete VM (using "Keep existing disks"), and recreate the VM, re-attaching the old disks (eg. if VM configuration is corrupted)
• Delete VM (keep disks) and attach disks to another Windows instance to check disk integrity, scan for viruses, etc. Recreate instance using the detached disks.
• Delete VM (keep disks) and attach to a Linux instance (don't initialize the disk as this link outlines!!), then use offline Linux tools to repair any problems.

I used the last method to finally gain access to my VM. Here are the detailed steps, as I haven't seen them elsewhere:

1. Create a new low spec Ubuntu machine in the same region as the faulty Windows one.
2. SSH into the box and issue the following commands:

sudo apt-get install chntpw

(confirm if required)

3. Mount the Windows VHD to the Linux VM using the Azure Management Portal, then enter these commands on the console:

sudo grep SCSI /var/log/syslog

This will give you an idea of where your disk is located in the /dev directory: look for the last disks to be mounted, mine was sdc. If your windows disk has one main partition (like the C: of my VHD did), then you want to mount sdc1:

sudo mkdir /mnt/win

sudo mount /dev/sdc1 /mnt/win

If this was successful, you should now be able to see your Windows root folder by entering:

ls -l /mnt/win

4. To use the password recovery tool we installed (chntpw), we need to change directory to where the main SAM registry hive is:

cd /mnt/win/Windows/System32/config

(remember Linux is case sensitive, even on Windows drives)

5. Then start the password recovery tool on the SAM hive:

sudo chntpw -i SAM

This will take you into the interactive password tool and registry editor. Type ? to get help, l to list users in the SAM file, you can choose a user, reset the password to blank, unlock the account, etc. It's fairly self explanatory. Resetting the password is easy - the next step is harder though!

When you've finished updating the user account(s), quit (q) and write changes back to the SAM file.

6. Because the password is now blank, and Windows by default doesn't allow blank passwords for remote logins, you also need to change a registry key to allow you to log in without a password. For this you need to load another hive and use the built in registry editor in chntpw (here's a helpful guide):

sudo chntpw -i SYSTEM

Select 9 for registry editor, then use the cd command to navigate to the right registry key and edit it:

cd CurrentControlSet

cd Control

cd Lsa

ed LimitBlankPasswordUse

Change the value to 0x0 and then press q to exit and make sure you write changes to the registry hive.

Now type sudo umount /dev/win then log off the SSH session and shut the linux VM down and detach the Windows VHD from the Linux VM.

7. You're now ready to create a new azure VM from the old VHD disk, then cross your fingers and start the machine.

Note that this leaves the VM wide open to ANYONE to log in, so once the VM is reprovisioned and running you will need to immediately log in, set a new secure password, and re-enable the registry flag via regedit. For obscuritys' sake, you might want to create the VM with a different Cloud Service name, in case existing users stumble on the open RDP door before you do.

Good luck to any others who find themselves in this situation, and thanks @IceMage for your willingness to help!

Solution 2

Check the date and time on your VM and your local machine to make sure that everything is set correctly. If you've manually set the clock on either and they are not in sync, it can cause problems with the authentication.

Related videos on Youtube

05 : 11

How to connect your Azure VM without RDP rule, by using the Bastion

Saleh Elnaggar

389

04 : 57

[Easily] Change default RDP port 3389 on azure cloud | Make more secure Azure VM

LinuxFork

112

04 : 04

Unable to connect to azure VM using RDP

kudvenkat

29

09 : 38

Log in with Remote Desktop to an Azure VM using Azure Active Directory

Robert McMillen

12

13 : 48

Troubleshooting RDP issues on Azure VM

Blue Brain

6

03 : 23

Can't connect to your Virtual Machine on Azure with RDP? "Logon Attempt Failed" watch it

Orkhan Ahmadov

1

04 : 32

Unable to connect to Azure VM using RDP Remote Desktop can't connect to the remote computer ADF 2021

TechBrothersIT

1

Author by

pcdev

I fix stuff. And I like it. I also build stuff, and I like it even more. Most of my time I'm designing stuff that will never be built, just for fun. I'm a maker, hacker, programmer, designer, engineer, dad: Making better stuff and making stuff better.

Updated on September 18, 2022