Share via

How do I fix this port issue?

Hao Sun 21 Reputation points
2024-03-10T20:58:28.23+00:00

AzureTroubleshooting

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,587 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Suwarna S Kale 306 Reputation points
    2024-03-10T21:29:08.4866667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    As error stated “Standard JIT policy is not configured on this virtual machine”, follow below configurations :

    Navigate to your Azure VM resource in the Azure portal -> Open the “Configuration” pane -> Click the “Enable just-in-time” button.

    Download the RDP file and use it to connect from your local machine. However, it seems that your local computer cannot access the VM. To resolve this:

    • Add a temporary network security group (NSG) rule for your local computer’s IP address.
    • The error message also indicates that port 3389 is not accessible and the Just-in-time policy is unsupported.

    Remember to verify your network configurations, including NSG rules, public IP settings, and JIT policies. If you need further assistance, please let me know 🙂

    1 person found this answer helpful.
  2. kobulloc-MSFT 26,131 Reputation points Microsoft Employee
    2024-03-19T19:29:39.27+00:00

    Hello, @Hao Sun !

    Why am I getting a Just In Time (JIT) access error when attempting to RDP to my VM? Does JIT VM access require a subscription?

    Azure will perform some prerequisite checks when you attempt to connect to a VM using RDP. If Just In Time (JIT) access is configured for the subscription, then that will be added to the check. It's not uncommon for this to take a couple seconds and it will show as red until the verification has been completed. If you need to enable JIT, you can click on the Configure for this port link or navigate to the VM Configuration pane. @Suwarna S Kale has provided excellent instructions:

    Navigate to your Azure VM resource in the Azure portal -> Open the “Configuration” pane -> Click the “Enable just-in-time” button.

    JIT does require Microsoft Defender for Servers Plan 2 to be enabled on the subscription. Below you can see an example of a VM deployed on a subscription with JIT enabled and a subscription where JIT has not been enabled.

    Example 1: JIT is enabled for the subscription, but the VM prerequisite configurations are not yet complete:

    User's image

    A few moments later the VM prerequisite configurations have completed (however JIT is still not configured, you would need to click on the link on the left):

    User's image

    Example 2: JIT is not enabled for the subscription (unsupported by plan):

    User's image

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments