Not able to RDP to Azure Windows VM from Outside of Company Network even the I connect to VPN to get into Company Network?

Shivendoo Kumar 736 Reputation points
2020-07-01T04:27:19.157+00:00

Hi All,
Recently, I have spun-up VM on Azure and installed OS Windows 2016 and SQL Server 2016 from Market Place.

Below have been configured and every thing (RDP, SQL) works fine If I access from my Company Network. But If I am outside of Company Network then Not able to RDP or connect to SQL Using SSMS. Any clue..?

10956-capture20.png

SQL Server on Azure Virtual Machines
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,130 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,256 Reputation points Microsoft Employee
    2020-07-01T07:29:01.117+00:00

    Hi,

    It looks like a routing issue from your On-Premises, I believe.

    When you connect to your Corpnet via VPN, its all about how you are routed to Azure VPN gateway. So, I believe, you can work with your On-Prem network team to sort this out.

    As a workaround, you can RDP to your corpnet machine and from that machine you can again RDP to Azure VM. Else configure P2S in Azure VPN gateway and connect your laptop/workPC to Azure VM directly via P2S.

    Regards,
    Msrini

    1 person found this answer helpful.
    0 comments
  2. Ronen Ariely 15,096 Reputation points
    2020-07-01T09:51:45.73+00:00

    Good day Shivendoo,

    Let's start from the most common scenario which actually suggest a good management: Open the Azure Portal -> go to the Virtual Machine -> on the left menu click on "networking" -> confirm that the rule in the firewall which is related to port 3389 is configure to any IP

    I highly recommend NOT to open it to any IP and as mentioned above , this is very common issue since this is the right way to configure the rule.

    My guess is that the person who manage your VM know what he is doing and he only opened the RDP for the company IP which is why you cannot connect from your home.

    If this is the case then you should ask him to add another rule that grand your home IP permission top connect.

    Note: same configuration should be done in the OS of the VM as well, but it is less common that people configure the local FW to specific IP.

    To configure the OS firewall for specific IP (on windows): login using RDP -> Start >> Administrative tools >> Windows Firewall with Advanced Security -> Inbound Rule

    Check if there is a rule for the RDP port which allow only specific IP

    ...

    If these are not your case, then please check with your network manager in the company what configuration he use to connect the VM. There is no reason to guess if you have someone who expert in networking. Try to provide more information if it is still not working.

    Important! If you want to avoid such issues then instead of using client EDP application to connect the VM, you can use Azure Bastion. This will provide better functionality for such scenario and much better security.

    https://azure.microsoft.com/en-us/services/azure-bastion/#get-started

    "Azure Bastion is a new fully platform-managed PaaS service you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address."

    1 person found this answer helpful.
    0 comments