Oh no! I accidentally blocked the RDP port on an Azure virtual machine which resulted in not being able to log into the VM anymore. I did this recently because I was setting up Azure Bastion as there were a LOT of attempts to RDP into the public IP on the VM.
The Bastion service installation automatically adds a VNET firewall rule to allow Azure to RDP into the VM. I tested this and it worked gloriously, thus I removed the open RDP port on the VM. That was the mistake! Bastion still needs the RDP port open...on the VM itself. My mistake was I should have blocked (or not allowed) the RDP port on the VNET firewall, not the VM itself.
If you find yourself in the same situation, unable to log back into a VM because the port is not open, you can log into the Azure portal, select your VM, then choose Run Command from the left-side. This will prompt you for a command type, choose Powershell.
The command to fully disable the firewall, temporarily, is:
Run Command > RunPowershellScript and then run -
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Bingo, quickly RDP back into your VM (or now use Bastion since it can also access the VM now), open your RDP port. Once that is done, add a Deny rule to your VM's network; this should be done AFTER the priority rule for Bastion itself. Finally, re-enable your VM's firewall.
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
I hope this helps if you find yourself in this unfortunate position.
No comments:
Post a Comment