Unable to RDP to Virtual Machine: CredSSP Encryption Oracle Remediation

Overview With the release of the March 2018 Security bulletin, there was a fix that addressed a CredSSP, “Remote Code Execution” vulnerability (CVE-2018-0886) which could impact RDP connections. The vulnerability was discovered to which the exploits observed were: Targets receive a malicious RTF Microsoft Office document After being opened, the malicious document causes the second…

13

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported. Also note that as of right now, Nested Virtualization is only available in the following geographic locations: US -West 2 -East Europe -West Asia Pacific -Southeast Reference Links: Nested Virtualization in Azure New DV3 and EV3…

4

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (RDFE)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported. Also note that as of right now, Nested Virtualization is only available in the following geographic locations: US -West 2 -East Europe -West Asia Pacific -Southeast Reference Links: Nested Virtualization in Azure New DV3 and EV3…

0

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (ARM)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported. Delete the Broken Virtual machine Create a new Recovery VM OS: Windows Server 2016 Datacenter Size: Any V3 series with at least 2 cores Same Location, Storage Account and Resource Group as the Broken VM Select…

2

How to Remote PowerShell to Azure VM (DIP to DIP)

Enter a PowerShell session from inside another VM located inside the same Vnet and run the following: $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName “HOSTNAME” -port 5986 -Credential (Get-Credential) -useSSL -SessionOption $Skip If the above does not work try the following instead: $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName “HOSTNAME” -port 5985 -Credential (Get-Credential) -SessionOption…

0

Disable NLA via Custom Script Extension

Symptoms: When attempting to RDP to your virtual machine you receive an error regarding Network Level Authentication (NLA): Resolution:  Note: The below steps are using Custom Script Extension in the Azure Portal. If that is not an option as the Guest Agent is not responding you can also run the same commands via Remote PowerShell,…

3

Azure VM stuck in Failed State (ARM)

Symptom: VM is stuck in a “Failed” state Resolution: You can attempt to clear this state by updating the VM via PowerShell. This causes no additional downtime and only takes a moment. To do this, open a PowerShell session as an Administrator and run the following modifying as needed # To view all subscriptions for…

2

How to Reset Password for VMSS (Scale Set) Instances

Symptom: Unable to RDP to a Virtual Machine Scale Set Instance (VMSS) due to an incorrect password Resolution: If Azure PowerShell is not installed, install it from http://azure.microsoft.com/en-us/downloads/ Open up PowerShell ISE as an Administrator Paste the following script into the Window modifying each of the red portions accordingly: Login-AzureRmAccount Get-AzureRmSubscription -SubscriptionId ‘SUBSCRIPTIONID’ | Select-AzureRmSubscription…

2

How to Disable the Guest OS Firewall of an Azure VM (ARM)

Mitigation 1: Custom Script Extension 1) Open up a Blank Notepad and paste the following into it: Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile’ -name “EnableFirewall” -Value 0 Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile’ -name “EnableFirewall” -Value 0 Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Standardprofile’ -name “EnableFirewall” -Value 0 2) Save the file as disablefirewall.ps1 3) Navigate to the Azure Portal 4) Select the impacted VM…

0