Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
247 questions
Azure Bastion login failed with a Windows 10 Pro, Version 20H2 VM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 31%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
So Yon Lee
0
Reputation points
Hello all,
I'm seeking help to solve 'login failed' issue while using Azure Bastion.
My current topology is:
- vm1(domain controller) which image is Windows Server 2019 Datacenter, sits in vnet1; vnet1 has two subnets: vnet1-subnet1, AzureBastionSubnet
vm2(client) which image is Windows 10 Pro, Version 20H2, sits in vnet2; vnet2 has one subnet: vnet2-subnet1.
vnet1 and vnet2 are peered bidirectionally.
vm1 is domain controller; I created Domain admin and Domain users respectively.
So far, I connected to vm1 via Bastion with Domain admin credential. However, when I try to connect to vm2 via Bastion with Domain users credential, it says login failed. When I tried, both vm are running. Both Domain admin and Domain users' password are set never expired, never changed.
I've done:
Removed Bastion and re-deployed
Changed username from 'user' to 'user@mydomain.com'
Made vm2 using vm1's private IP as DNS server address but I had no luck.
I'd much appreciated if you would give an explanations based on Azure portal. I'm new to Azure, not much familiar with its CLI. Thank you for reading.Hello all,
I'm seeking help to solve 'login failed' issue while using Azure Bastion.
My current topology is:
vm1(domain controller) which image is Windows Server 2019 Datacenter, sits in vnet1; vnet1 has two subnets: vnet1-subnet1, AzureBastionSubnet
vm2(client) which image is Windows 10 Pro, Version 20H2, sits in vnet2; vnet2 has one subnet: vnet2-subnet1.
vnet1 and vnet2 are peered bidirectionally.
vm1 is domain controller; I created Domain admin and Domain users respectively.
So far, I connected to vm1 via Bastion with Domain admin credential. However, when I try to connect to vm2 via Bastion with Domain users credential, it says login failed. When I tried, both vm are running. Both Domain admin and Domain users' password are set never expired, never changed.
I've done:
Removed Bastion and re-deployed
Changed username from 'user' to 'user@mydomain.com'
Made vm2 using vm1's private IP as DNS server address but I had no luck.
I'd much appreciated if you would give an explanations based on Azure portal. I'm new to Azure, not much familiar with its CLI. Thank you for reading.
{count} votes
-
KapilAnanth-MSFT 39,446 Reputation points Microsoft Employee2024-07-03T04:13:08.0766667+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to RDP to a VM which is domain joined via Azure Bastion
I see,
Remote connection to VMs that are joined to Microsoft Entra ID is allowed only from Windows 10 or later PCs that are either Microsoft Entra registered (minimum required build is 20H1) or Microsoft Entra joined or Microsoft Entra hybrid joined to the same directory as the VM. Additionally, to RDP by using Microsoft Entra credentials, users must belong to one of the two Azure roles, Virtual Machine Administrator Login or Virtual Machine User Login.
Refer : Log in using password authentication with Microsoft Entra ID
Can you confirm if the VM2 is either
- Microsoft Entra registered or
- Microsoft Entra joined or
- Microsoft Entra hybrid joined ?
Also, can you please check if you are able to login to VM1 using DomainUser Credential (not DomainAdmin) and let us know?
Cheers,
Kapil
-
So Yon Lee 0 Reputation points
2024-07-04T17:05:20.0166667+00:00 Hello Kapil,
I've installed ADDS in the vm1, I assume Microsoft Entra is the same thing with ADDS?
I'm afraid that vm2 neither was registered or joined in Entra. The only thing I know is that the subnet where vm2 sits is peered with the subnet where vm1 sits.
I was able to login to vm1 using DomainUser credential.
Thank you.
Sign in to comment