How to RDP into a Azure AD-joined VM in Azure
Actually this post was not planned in any way, but one day when I was creating a Windows 10 VM in Azure and Azure AD-joined it I couldn’t login to it via RDP with my Azure AD-account.
The error I was faced with said ”The user name or password is incorrect. Try again”.
I promise you, I tried it again, a couple of times, I even had to login to the web mail to ensure myself that I used the correct credentials, and I did.
To be on the safe side I created a second VM but I ran into the same issue with that one.
So this was the window I was presented with every time I tried to login with USERNAME@DOMAIN.onmicrosoft.com.
I was able to login with a local account, in that way I managed to Azure AD-join it.
The steps below describe how I managed to solve this issue.
- Login to your Windows 10 VM in Azure.
Open Control Panel (the old one, not Settings) and go to System then Remote settings.
Untick the Allow connections only from computers running Remote Desktop with Network Level Authentication.
This is not recommended but if the situation requires it please continue from here on.
Read more about Network Level Authentication here.
- Now you need to create an RDP-file that you edit in a text editor such as Notepad.
In the boxes below you can see how my RDP-file looks like and a description what the different commands do to make this possible.
RDP123456full address:s:IPADDRESS:3389prompt for credentials:i:0authentication level:i:2enablecredsspsupport:i:0username:s:USERNAME@DOMAIN.onmicrosoft.comdomain:s:AzureADRDP - Description123456full address:s:IPADDRESS:3389 # Set your IP address here to your VMprompt for credentials:i:0 # Defines if you should enter credentials before you enter your session - 0: Will not prompt for credentialsauthentication level:i:2 # Defines the server authentication level settings. - 2: If server authentication fails, show a warning and allow me to connect or refuse the connection (Warn me)enablecredsspsupport:i:0 # This setting determines whether RDP will use the Credential Security Support Provider (CredSSP) for authentication if it is available. - 0: RDP will not use CredSSP, even if the operating system supports CredSSPusername:s:USERNAME@DOMAIN.onmicrosoft.com # Defines what username you should logon withdomain:s:AzureAD # Should define what domain you should logon to but I didn't manage to get this to work but it doesn't hurt to try it.
- Now use your RDP-file to connect to your VM.
You should end up at the Windows login screen.
As you can see in the picture below the username field should look like this AzureAD\USERNAME@DOMAIN.onmicrosoft.com
Earlier we typed the domain as AzureAD in the RDP-file but that doesn’t seem to work for me, and to be honest I didn’t do any troubleshooting around that so I just typed in AzureAD\ into the username field.
- You should now be logged in with your Azure AD-account on your VM created in Azure.
To Azure AD-join your computer please follow this guide here.
If you have any questions regarding this please feel free to leave a comment down below or contact me on LinkedIn.