Share via

Azure Bastion login failed with a Windows 10 Pro, Version 20H2 VM

So Yon Lee 20 Reputation points
2024-07-01T13:53:42.5833333+00:00

Hello all,

I'm seeking help to solve 'login failed' issue while using Azure Bastion.

My current topology is:

  • vm1(domain controller) which image is Windows Server 2019 Datacenter, sits in vnet1; vnet1 has two subnets: vnet1-subnet1, AzureBastionSubnet

vm2(client) which image is Windows 10 Pro, Version 20H2, sits in vnet2; vnet2 has one subnet: vnet2-subnet1.

vnet1 and vnet2 are peered bidirectionally.

vm1 is domain controller; I created Domain admin and Domain users respectively.

So far, I connected to vm1 via Bastion with Domain admin credential. However, when I try to connect to vm2 via Bastion with Domain users credential, it says login failed. When I tried, both vm are running. Both Domain admin and Domain users' password are set never expired, never changed.

I've done:

Removed Bastion and re-deployed

Changed username from 'user' to 'user@mydomain.com'

Made vm2 using vm1's private IP as DNS server address but I had no luck.

I'd much appreciated if you would give an explanations based on Azure portal. I'm new to Azure, not much familiar with its CLI. Thank you for reading.Hello all,

I'm seeking help to solve 'login failed' issue while using Azure Bastion.

My current topology is:

vm1(domain controller) which image is Windows Server 2019 Datacenter, sits in vnet1; vnet1 has two subnets: vnet1-subnet1, AzureBastionSubnet

vm2(client) which image is Windows 10 Pro, Version 20H2, sits in vnet2; vnet2 has one subnet: vnet2-subnet1.

vnet1 and vnet2 are peered bidirectionally.

vm1 is domain controller; I created Domain admin and Domain users respectively.

So far, I connected to vm1 via Bastion with Domain admin credential. However, when I try to connect to vm2 via Bastion with Domain users credential, it says login failed. When I tried, both vm are running. Both Domain admin and Domain users' password are set never expired, never changed.

I've done:

Removed Bastion and re-deployed

Changed username from 'user' to 'user@mydomain.com'

Made vm2 using vm1's private IP as DNS server address but I had no luck.

I'd much appreciated if you would give an explanations based on Azure portal. I'm new to Azure, not much familiar with its CLI. Thank you for reading.

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
249 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,287 questions
0 comments
Accepted answer
  1. KapilAnanth-MSFT 40,911 Reputation points Microsoft Employee
    2024-07-03T04:13:08.0766667+00:00

    @So Yon Lee ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to RDP to a VM which is domain joined via Azure Bastion

    I see,

    Remote connection to VMs that are joined to Microsoft Entra ID is allowed only from Windows 10 or later PCs that are either Microsoft Entra registered (minimum required build is 20H1) or Microsoft Entra joined or Microsoft Entra hybrid joined to the same directory as the VM. Additionally, to RDP by using Microsoft Entra credentials, users must belong to one of the two Azure roles, Virtual Machine Administrator Login or Virtual Machine User Login.

    Refer : Log in using password authentication with Microsoft Entra ID

    Can you confirm if the VM2 is either

    • Microsoft Entra registered or
    • Microsoft Entra joined or
    • Microsoft Entra hybrid joined ?

    Also, can you please check if you are able to login to VM1 using DomainUser Credential (not DomainAdmin) and let us know?

    Cheers,

    Kapil

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest