So, I get a case escalated to me that no one can RDP to some newly created Azure Virtual Machines. However, some VMs can be RDP’d to that are in the same VHub/VNet and even in the same resource group.
Bruh…. WHAT?
These are Server 2019 virtual machines. So I tested with TNC
tnc -computername $CompName -Port $Port
And the command in poweshell came back with 3389 as open. Then I tried to remote poweshell in. I was able to get in and verify that RDP was indeed enabled:
if ($rdpStatus.fDenyTSConnections -eq 0) {
Write-Host “Remote Desktop is ENABLED.”
} else {
Write-Host “Remote Desktop is DISABLED.”
}
Now this is very perplexing, there was some errors in the event viewer.
Upon further research I found the keys for the RDP Certificates were corrupted. I was able to fix those:
First you will need to remove the existing keys and then reboot:
Open up Powershell as admin or in my case as I couldn’t get to it a remote session
enter-PSSession -computername $CompName -credential Domain\Admin
Rename-Item -Path “C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys” -NewName “MachineKeys_old”
shutdown /i /r /t 0
Once the machine is rebooted and you are logged in though remote powershell then take ownership of the folder rand subfolder/files:
takeown /f “C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys” /a /r
Then apply the proper permissions to each key:
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant “NT AUTHORITY\System:(F)”
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant “NT AUTHORITY\NETWORK SERVICE:(R)”
icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant “BUILTIN\Administrators:(F)”
Finally restart the TermService sevice
Restart-Service TermService -Force
After the sevrice is restarted you can RDP into the severs.
