Cannot access Azure VM throught rdp but remote powershell works - powershell

I need your help, any idea is welcome.
[skipable]
Here's the situation : i was working on a VM hosted in Microsoft cloud (Azure), everything was fine. This VM was supposed to be a Domain Controller (Active Directory), which was link to many VMs (i was working on grid computing with many compute nodes). Everything was setup correctly. The next step was to host a WCF service on a IIS server accessible through https. Therefore i opened port 443 on firewall as well as an valid endpoint for the VM (azure portal). From there things get weird. Opening endpoint 443 on the azure portal didn't work as expected, i needed to reboot the VM. Then i cannot access through RDP connection anymore :-(. However i succeed to take control of the VM via powershell remoting.
[Question]
How can i restore rdp connection via powershell remoting ONLY ? I tried to disabled firewall, open port 3389, capture an image of the vm to recreate it etc.. but nothing worked. Any idea ? i don't want to loose all my work, my fresh service etc..
Thanks you!

Related

How to add new local user in Azure VM through the PowerShell?

I have VM machine running which is not part of the domain and I would like to add the new local user through the PowerShell. Is this possible to do?
Once you have created your VM in Azure you will be able to interact with it as any other windows machine via PowerShell.
You will create a New-PSSession to the machine (you will use the ip adress for the VM as the computername):
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/new-pssession?view=powershell-6
You will then enter the session and create the local user: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/new-localuser?view=powershell-5.1
The main issue you may run into is, depending on firewall rules, you may not be able to directly access your azure VM. You will likely need to create a VPN in azure, include your Azure VM in that VPN, and then access the VPN from your local machine before you are able to establish a connection to the Azure VM. Please see the documentation for setting this up here: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal.

Not able to access a rest service in Microsoft Azure VM

I am having problem to access a node js rest service deployed on an ubuntu virtual machine. I am able to access the VM using putty, however I am not able to ping the reserve ip from command line. I have put the logs in the rest service as when it gets the hit it prints the log, the logs are not getting printed. I want to know if there is any additional setting which needs to be done to open a port from the virtual machine or it is supposed to be open by default. If I need to open the port in order to access the service, where should I look for it.
Thanks & Regards
I want to know if there is any additional setting which needs to be
done to open a port from the virtual machine or it is supposed to be
open by default.
No, Azure will not open other ports by default, we should open ports manually.
I am not able to ping the reserve ip from command line
It is a classic VM, am I right? if so, we should make sure the rest service listening on which port, and add endpoints via Azure portal:
More information about create an endpoint please refer to this link.
If your VM in ARM module, we should add a inbound rules to NSG.
More information about NSG, please refer to this link.

Remote Powershell session connection failure with Kerberos authentication

I have an on-premises network and an Azure virtual network that are connected together via a gateway.
With this setup, all machines (on-premises and Azure) are joined to the domain which allows me remote access to the administrative shares as well as remote Powershell sessions on each machine in the Azure virtual network from machines in my office. For example, I can simply open up Windows Explorer and type in the address bar \\machinename\c$ or I can open a remote Powershell session by using the command $Session = New-PSSession -ComputerName machinename.
This works perfectly for one of my Azure subscriptions, but on another Azure subscription that appears to be configured identically, the remote Powershell command is failing with error:
New-PSSession : [machinename] Connecting to remote server machinename failed with the following error message : WinRM cannot process the request. The following error occurred while
using Kerberos authentication: Cannot find the computer machinename. Verify that the computer exists on the network and that the name provided is spelled correctly. For more information,
see the about_Remote_Troubleshooting Help topic.
When I look in DNS on the Azure domain controller, the machine that I am trying to connect to exists. When I look in DNS on-premises, the machine is missing. What it looks like to me is a replication problem between the two domain controllers.
The first thing that is likely to be suggested is to start looking at WinRM configurations on the client machine. To be clear, the same machine is able to connect successfully to machines in a virtual network in a different Azure subscription so it is very unlikely that anything on the client machine needs to be changed. Nevertheless, I Googled the Kerberos error with remote Powershell and have checked that the TrustedHosts setting on the client is set to *.
Interestingly enough, I can successfully open a remote Powershell session from a machine in the Azure subscription to a machine in my office, I just can't go the other direction....from Azure to my office. This would seem to indicate maybe a one-way trust instead of two-way, but I am not sure how to verify this.
I ran the tool and it is reporting that everything is working with regard to replication.
So I guess what I am wondering is if this is truly a replication issue or if someone can give me an idea of what the problem might really be.
Edit 1
Now it looks like the domain controller in the Azure network is replicating just fine but any other VM that I add to the Azure network is not replicating. Based on this I will guess that the replication is working, but it would seem it only works for the domain controller and not any other machine. I have no idea what that means.
Based on the error message, it seems that the DNS records on Azure domain controller are not replicated to the on-premises domain controller.
To verify this, you can run the command below on the on-premises machine, and use the IP address as the value of parameter -ComputerName instead of the machine name. The PowerShell session should be established successfully if this is a DNS issue.
New-PSSession -ComputerName IP address of server on Azure
Also, you can run the following commands on the domain controllers to check the replication status.
repadmin /kcc
repadmin /replisummlry
If the output of commands are successfully, you can run the following command to replicate manually, and check the DNS again.
repadmin /syncall
Finally, to check the trust relationship, you can refer to the following link for step-by-step guide.
https://technet.microsoft.com/en-us/library/cc753821(v=ws.11).aspx
Update
Based on the new information you provided, I would recommend to check the type of DNS zone on the Azure DNS server. Please make sure the type is Primary zone, and store the zone in Active Directory.
You can check this by using the DNS Manager.

Manually configure routing tables for azure virtual network (point-to-site)

I am having trouble connecting to my virtual network using the azure VPN client on windows 10 (I get an error about the certificate not found).I found a way to manually configure the VPN, I can successfully connect to it, ping my virtual machines from my local machine, ping my local machine from my virtual machines, remote desktop to it with the virtual network IP address (or hostname) and even connect to my shared folders on my local machine from the Virtual machines. What I can't do, and want to do is to connect to my shared drives on the VMs from my local machine (it works perfectly when I connect with the azure vpn client from windows 7). I've noticed when you connect through the vpn client it actually sets up the routing tables for you. So my question is: How do you configure it manually with powershell?
PS: For some reason you can't go to the IPV4/6 or any properties on your VPN connection on windows 10, So i have to do everything through powershell.
The problem wasn't the routing tables. The problem was that there was credentials stored in my my Credential Manager (Control Panel\All Control Panel Items\Credential Manager) for the VM which was incorrect, I think, I cleared it, and all worked. And by the way, I got the Azure VPN client to work on my windows 10 machine with help from this article

Powershell restrict Remote access on Host

I have three windows 2008 R2 servers; DEV, UAT and Live. I am deploying web apps between these servers, including IIS setup and config and database backup and restore via a PowerShell script. I use a powershell remote session.
I would like to prevent any machine, other than my deployment machine, from creating a powershell remote session on the host, even if the user is authenticated. Is this possible?
I have looked extensively through the PSRemoting documentation and can't find anything helpful.
Thanks in advance
Read the below link to better understand what needs to be done but I think you need to set the trusted host on the remote servers.
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2008/02/23/remotely-managing-your-server-core-using-winrm-and-winrs.aspx
This is an excerp from the blog.
On the Windows server Core box
Run the following commands on the console of the Server Core box to lower security:
WinRM set winrm/config/service/auth #{Basic="true"}
WinRM set winrm/config/client #{TrustedHosts="<local>"}
WinRM set winrm/config/client #{TrustedHosts="RemoteHost"}
Where RemoteHost is the host you want to be able to connect to the server.
You can also use certificate-based authentication.
http://blogs.msdn.com/b/wmi/archive/2009/03/23/how-to-use-wsman-config-provider-for-certificate-authentication.aspx
If you only want your computer to be able to connect, install the certificate on your computer and don't give it to anyone else.