Share via

Azure VM - The logon attempt failed

Raymond de Jong 76 Reputation points
2023-10-17T09:46:21.46+00:00

We have multiple Azure Virtual Machines, each with their own network, that are Azure Joined. Users assigned "Virtual Machine Administrator Login" or "Virtual Machine User Login" cannot connect to any of them as of today. Including myself. Nothing changed as far as I can see as Global Admin.

I even created a new Virtual Machine with AzureAD joined on. The AADLoginForWindows extension is provisioned.

I can connect as local user account

Looking at the event viewer It tells me that usernames are unknown

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon Account: .....

Source Workstation: ....

Error Code: 0xC0000064

Did anything chance by Microsoft as of today? Does anyone has any information on how to resolve our issues?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,585 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alistair Ross 7,106 Reputation points Microsoft Employee
    2023-10-17T13:36:00.7366667+00:00

    Hello

    Sorry to hear you are having difficulty, I am assuming the virtual machines have been set up as per the instructions found here https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#troubleshoot-deployment-problems

    Further down the page is a whole host of troubleshooting which I would suggest you take a look at first. https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#troubleshoot-deployment-problems

    kind regards

    Alistair

    0 comments
  2. Raymond de Jong 76 Reputation points
    2023-10-17T13:42:56.3766667+00:00

    I found so many issues and blogtopics about this. It took me several hours to find a workaround. Turning NLA off on all the virtual machines and inside the .rdp files at the client side so at least employers can connect to the Virtual Machines. I do not enjoy having to turn NLA off. It worked for nearly 4 years without issues and suddenly as of today not anymore.

    No clue in why it suddenly fails and I cannot find any other way to get it working other than disabling NLA

    0 comments
  3. kobulloc-MSFT 26,131 Reputation points Microsoft Employee
    2023-10-18T23:22:21.2+00:00

    Hello, @Raymond de Jong !

    Why is Network Level Authentication (NLA) blocking RDP access to my VM?

    There are a variety of reasons why Network Level Authentication (NLA) may suddenly block RDP access to a VM, all stemming from communication issues between the domain controller and the VM. This is especially true if you are able to log on as a Local Administrator:

    • The Active Directory Security Channel between this VM and the DC is broken.
    • The VM has an old copy of the account password and the DC has a newer copy.
    • The DC that this VM is connecting to is unhealthy.

    You can read more here, including other possible causes, workarounds, and troubleshooting:

    https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/cannot-connect-rdp-azure-vm

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image