Unable to connect to VM using Azure Bastion in the Portal

Jimmy 30

I have setup an azure vm that is Microsoft Entra joined with Bastion configured for the vnet. I can login to the vm via the local admin account I created when the vm was built. I also enabled Azure for Windows login and user has been given the role for virtual machine login RBAC. I get the log in failed when connection to the vm from within the portal.

I also have azure ad connect configured with ad accounts syncing to Entra ID.

Is this some authentication issue I'm missing somewhere? I've read that in order to use the native rdp client that my corporate pc would need to be either hybrid joined or azure ad registered. The issue there is that my pc belongs to another tenant.

ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee

2023-09-26T23:52:12.9133333+00:00
@Jimmy

Thank you for reaching out.

I understand you are facing issues while connecting to VM using Azure Bastion. You were able to login using the local admin account, but you are unable to login using the user account.

As documented here, can you please confirm if the following roles are also assigned to the user account?

In order to make a connection, the following roles are required:

Reader role on the virtual machine.

Reader role on the NIC with private IP of the virtual machine.

Reader role on the Azure Bastion resource.

Reader role on the virtual network of the target virtual machine (if the Bastion deployment is in a peered virtual network).

Additionally, you can also refer to the troubleshooting doc provided by Jimmy Salian below and also configure diagnostic logging for Azure Bastion to get more information on the issue. Thank you!

Accepted answer

JimmySalian-2011 42,071 Reputation points

2023-09-26T20:25:09.8533333+00:00

Hi,

Did you followed the Kerberos authentication process in the configuration? Please check here - https://video2.skills-academy.com/en-us/azure/bastion/kerberos-authentication-portal

Some steps to troubleshooting connectivity issues over here - https://video2.skills-academy.com/en-us/azure/bastion/troubleshoot#connectivity

Hope this helps.

JS

==

Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

1 additional answer

Jimmy 30 Reputation points

2023-09-26T20:51:35.1833333+00:00

Getting the login connection error after enabling Kerberos
Please sign in to rate this answer.

1 person found this answer helpful.
Jimmy 30 Reputation points

2023-09-26T21:10:48.4966667+00:00

I found some others that you commented on about this. I will follow that.

Thanks for the info.

Vince Hardwick 20 Reputation points

2023-10-20T23:06:39.42+00:00

Hi Jimmy,

Could you point me in the direction of the guidance from @JimmySalian-2011 that you found in other question threads?

I'm getting the exact same Connection Error when I try to connect to a Win10 VM via Bastion in Azure Portal using credentials for an Entra ID user with all the admin roles under the sun, after joining the machine to Azure AD/Entra DS.

I've already tried adding a network security group to both the bastion and the VM, with inbound/outbound rules as documented here:

https://video2.skills-academy.com/en-us/azure/bastion/bastion-connect-vm-rdp-windows

I've also changed the password for the Entra ID user whose credentials I'm trying, to try to force the password hash to be regenerated and synced to the VM, but nothing is working. I'm tearing my hair out here.

On these resources:

the VM

the NIC associated with the subnet/private IP of the VM

the Bastion

the Virtual Network that the VM's subnet/private IP are part of

...I have the following roles:

Owner

Role Based Access Control Administrator (Preview)

User Access Administrator

Virtual Machine Administrator Login

Virtual Machine User Login

VH
Sign in to comment

Share via

Unable to connect to VM using Azure Bastion in the Portal

1 additional answer