I hit an interesting problem today while trying to RDP to my Windows Azure VM using active directory credentials where I was getting an error message stating “An authentication error has occurred. The local security authority cannot be contacted.”.
This VM was connected to a domain, my domain controller also being an Azure VM. At some point I must have set the DNS settings on my VM to obtain the DNS server address automatically rather than explicitly point at my domain controller and this was the cause of my problem. The problem didn’t present itself till I rebooted the VM in question, and since a bit of time had passed in between the two actions it wasn’t immediately obvious what the cause of the problem was.
To fix the issue I had to swap the credentials I was using to remote into my VM to a local account (when you provisioned the VM you would have created a local account, if you don’t remember these credentials or any other local account details that have RDP access then you might be in some trouble) which allowed me to successfully remote into the VM, and then had to set the DNS server address to explicitly point at the IP address of my domain controller. Props to Kevin P. Sullivan who mentioned this solution on this discussion board.
My colleague Mark Brimble has also pointed out to me that he has seen the exact same error for a newly provisioned local user on an on premise VM for which the password had to be reset upon the first login, so take note that there might be other causes for this error message.
For those of you who aren’t very familiar with network settings hopefully the below screenshots should guide you (the highlights denote what you need to click/change).
Having spun up a few new Windows Azure VMs at home I was surprised to find that I was unable to RDP to them when I got to the office. The only explanation had to be that my organization’s firewall was blocking the RDP access. However I know that RDPing to other external VMs does work from the office so it had to be something specific in the way the azure VMs had been setup.
It turned out that the RDP ports (the port number doesn’t always appear to be exactly the same) that Azure VMs are configured to use by default are in a range that is typically blocked by many corporate networks. You have a few options here… You might want to talk to your network administrator about unblocking certain ports if they agree to do so or override the port number chosen by Azure with one suggested by them (I would definitely recommend one of these options if the Azure VMs in question are used to host enterprise application components). In my case I was using the Azure VM as a personal training sandbox machine only and I wasn’t too concerned about using the default RDP port for external RDP connections as well so I decided to change my Azure VMs external RDP port to the default RDP port number.
If you want to change the port associated with external RDP connections then you will need to log into the Azure management portal, browse to virtual machines and click on the name of the VM in question (don’t just click anywhere on the row, you specifically want to click on the name). Next you will want to browse to the Endpoints tab, highlight the RemoteDesktop option and click edit at the bottom of the screen.
You will want to change the value for the public port appropriately and apply the change by clicking on the tick icon. You will have to wait until the change has completed applying, this might take a minute.
Once that is done you will need to re-download your RDP connection file or edit your existing one to use the new port number (if you used port 3389 then you won’t need to specify the port number).