question

AmandaMulryan-8928 avatar image
0 Votes"
AmandaMulryan-8928 asked kobulloc-MSFT edited

RDP Connection Issues

Whenever I try connecting to my VM, it allows me to download the file and click connect, but then pops up with the attached error. I ran connectivity diagnostics on the VM and it said, “This check has been completed without reporting any problems.” When I test my connection with my IP address it says, “Network connectivity blocked by security group rule: DefaultRule_DenyAllInBound.” However, it works successfully on the outbound connection test. Does anyone know what I should do to fix this? I'm new to VMs and need to figure out how to connect ASAP.

Thanks,



140344-2021-10-13-7.png


azure-virtual-machines
2021-10-13-7.png (43.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

kobulloc-MSFT avatar image
0 Votes"
kobulloc-MSFT answered kobulloc-MSFT edited

Hello, @AmandaMulryan-8928!

If you aren't able to connect to a VM that is running (and perhaps recently restarted for good measure) due to a security group rule that is blocking your inbound traffic, you'll want to check a couple things:

Enable Just In Time (JIT) access
Enabling JIT access only takes a minute, adds security, and creates rules that may allow you to skip the other steps below. This is often my first step with a new VM (there are time saving links in the portal on the page you download the RDP file from):
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-request-asc

Check Inbound Security Rules in your NSG (Network Security Group)
When you create a VM there are a set of default inbound security rules designed to give some protection to your VM from the less upstanding corners of the internet. If you go to your NSG resource, on the left you will see "Inbound security rules" under "Settings". This will show you what ports and protocols are allowed (which may be further limited to a specific source, like Internet or VirtualNetwork). The lower the number of the priority, the higher priority that rule has (100 will run instead of 200 if there is a conflict).

You want to make sure that whatever port you have RDP set to is not blocked by these security rules (and it is a good idea to change from the default port of 3389).

Check your Virtual Network
In your VM resource group, go to your virtual network resource. Under "Settings", click on "Subnets" to see if there is a security group listed. If there is a security group, click on the security group link (not the name link, as that will just bring up edit options). This will bring up another set of inbound and outbound security rules which you can check.

Go through the RDP troubleshooting checklist
If none of that works, there is an official RDP troubleshooting checklist (as well as other more specific RDP troubleshooting pages) in our documentation:

https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-rdp-connection

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.