This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I have created and configured my Windows VM (Windows Server 2019 Datacenter) for Azure AD login along with the Virtual Machine Administrator Login role
Role Assignment
My bastion host is also native client enabled and are connecting the Linux machines very well. But when it comes to connecting Windows VM with AAD credentials it not getting connected saying "Your credentials did not work" (whereas i am able to connect with the VMs admin credentials generated at the time of VM creation)
az network bastion rdp --name "<bastion host name>" --resource-group "<resource group name>" --target-resource-id "<windows vm resource id>"
Any help will be highly appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hello @Atanu Gupta ,
Apologies for the delayed response here.
Based on this troubleshooting documentation here. Can you please validate few things below?
Allow connections only from computers running Remote Desktop with Network Level Authentication option is enabled. Hope this helps! Please let us know if you the issue still persists. Thank you!
Please check the below screenshots. Its seems to me that everything has been configured correctly. What am I missing?
System Properties
AD Joined
AAD-VM Extension
Hello @Atanu Gupta ,
Thank you for providing additional details. The configuration looks good, I could not locate any specific issue there. If it is possible, can you please deploy another test VM in the same virtual network which has its own public IP and has AAD authentication enabled? You can then try to RDP into this VM itself. This will help us understand if Bastion is out of the picture, then if are you able to RDP into the machine. You can follow this guide to achieve the scenario above.
Please let me know if you have any additional questions here. Thank you!
Hi,
Please note that I can login into the VM using the VM's credentials (given at the time of VM creation) through bastion native client. The problem is with the AD logins which is not working at all. May be some small configuration is getting missed. Can you please check and advise. I am stuck.
AzureAD\local credential is working but not AzureAD\AD credential
Hello @Atanu Gupta , thank you for providing additional details here, I think to troubleshoot the exact issue here it will be better if you can create a support ticket for this case as a support engineer can take a look at the backend logs and help troubleshoot. If you have a support plan you can file a support ticket. If you do not have a support plan, you can refer to my private message below. Thank you!
Email send as advised. Please check
Hello @Atanu Gupta , thank you for reaching out. I have replied to your email just now.
Hi,
did you try logging in using your UPN instead of domain\username ?
Reference : https://learn.microsoft.com/en-us/azure/bastion/troubleshoot#domain
Regards,
Karthik Srinivas
Yes... using full AAD login credentials. Linux boxes logs in quite comfortable (ssh) but the problem is with windows boxes (rdp) -Windows (Windows Server 2019 Datacenter). What am I missing here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 53%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
I believe Azure bastion doesn't support for AAD credentials login. Correct me if i'm wrong