Home > Mobile >  Using Point-to-Site and an Azure AD User Account, how do I access an Azure VM that is AzureADjoined?
Using Point-to-Site and an Azure AD User Account, how do I access an Azure VM that is AzureADjoined?

Time:12-14

I have created a VM in Azure as mentioned below

resource "azurerm_windows_virtual_machine" "virtual_machine_hub" {
  name                = "vm-hub"
  resource_group_name = azurerm_resource_group.ipz12-dat-np-connection-rg.name
  location            = azurerm_resource_group.ipz12-dat-np-connection-rg.location
  size                = "Standard_B8ms"
  admin_username      = "xxxxx"
  admin_password      = "xxxxx"
  network_interface_ids = [
    azurerm_network_interface.virtual_machine_hub_nic.id
  ]

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "MicrosoftWindowsDesktop"
    offer     = "Windows-10"
    sku       = "21h1-pro"
    version   = "latest"
  }

  depends_on = [
    azurerm_network_interface.virtual_machine_hub_nic
  ]    
}

and enabled the AADLoginForWindows extension

resource "azurerm_virtual_machine_extension" "virtual_machine_hub_ext" {
  name                 = "AADLoginForWindows"
  virtual_machine_id   = azurerm_windows_virtual_machine.virtual_machine_hub.id
  type                       = "AADLoginForWindows"
  type_handler_version       = "1.0"
  auto_upgrade_minor_version = true
  publisher                  = "Microsoft.Azure.ActiveDirectory"

  depends_on = [
    azurerm_windows_virtual_machine.virtual_machine_hub
  ] 
}

and it is AzureADConnected

enter image description here

My Azure user account is given access on the VM using RBAC

enter image description here

Now, the client machine (laptop) is connected to another domain in Azure AD (say, demo.com) as well as DomainJoined.

enter image description here

I am using the Azure VPN client to connect to the Azure Network using Point-to-Site.

While trying to RDP into the VM, it is falling with the below error message

enter image description here

What am I missing?

CodePudding user response:

I tried to reproduce the same in my environment I also get the same error like below

enter image description here

To resolve this issue:

Try to allow system properties like below:

enter image description here

Try to add the user to rdp group via cmd like below:

net localgroup "Remote Desktop Users" /add "AzureAD\[email protected]"
Get-LocalGroupMember -Name "Remote Desktop users"

enter image description here

In your local machine try to modify the rdp file in order to authenticate with different user:

Right click on downloaded Rdp file -> Open with note pad try to add bottom line like below:

enablecredsspsupport:i:0
authentication level:i:2

enter image description here

Now double click on rdp file try to connect like below:

use .\AzureAD\[email protected] or AzureAD\[email protected]

enter image description here

Orelse, In your virtual machine -> run command under operation -> disable NLA -> Run

enter image description here

Reference:

Remote Desktop to Azure AD Joined Computer – Bradley Schacht By Bradley Schacht

  • Related