无法将RDP传输到Azure VM-发生内部错误 [英] Unable to RDP to Azure VM - An Internal Error has occured
问题描述
嗨
自圣诞节和纽约假期回来以来,我们一直无法在Azure VM中进行远程管理,我们怀疑它已安装了某些Windows更新,并且RDP设置对此进行了更改.
我已遵循以下文章
尽管所有命令都成功执行,但是我仍然无法访问虚拟机
我已经在这些论坛上使用了搜索功能,并且尝试了以下建议:
打开Powershell或记事本实例,并创建脚本脚本Restore_RSA_MachineKeys_Folder_Access.ps1,其中包含以下内容: icacls C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys/t/c> c:\ temp \ BeforeScript_permissions.txt takeown/f"C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys" /a/r icacls C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys/t/c/grant"NT AUTHORITY \ System:(F)" icacls C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys/t/c/grant"NT AUTHORITY \ NETWORK SERVICE:(R)" icacls C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys/t/c/grant"BUILTIN \ Administrators:(F)" icacls C:\ ProgramData \ Microsoft \ Crypto \ RSA \ MachineKeys/t/c> c:\ temp \ AfterScript_permissions.txt 重新启动服务TermService-强制 通过受影响的VM上门户中提供的自定义脚本扩展"运行脚本. 重试访问权限
但这失败了:
解决方案
您尝试的步骤是您需要执行的正确步骤,以便重新获得对虚拟机.
如果无法使用自定义脚本扩展"执行步骤,则表明VM代理未响应. VM代理需要响应才能使用自定义脚本扩展.
您可以尝试以下操作:
使用远程PowerShell会话执行相同的命令
https://blogs. technet.microsoft.com/mckittrick/how-to-remote-powershell-to-azure-vm-dip-to-dip/
您也可以登录与问题所在的虚拟机位于同一Vnet上的另一个虚拟机,然后使用远程注册表进行连接.从那里可以找到键并手动进行更改.
如果以上两种方法均不起作用,则最后的方法是删除VM,将OS磁盘安装到恢复VM上,然后手动对其键进行更改.更改后,您可以从固定的OS磁盘进行重建.这条路线比较耗时,但可以选择 如果其他所有方法都失败了.
However despite all the commands executing successfully I still cannot access the VM
I've used the search functionality on these forums and I've tried the suggestion:
Open a Powershell or notepad instance and create the scripted named Restore_RSA_MachineKeys_Folder_Access.ps1 with the following content: icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c > c:\temp\BeforeScript_permissions.txt takeown /f "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" /a /r icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant "NT AUTHORITY\System:(F)" icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant "NT AUTHORITY\NETWORK SERVICE:(R)" icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c /grant "BUILTIN\Administrators:(F)" icacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys /t /c > c:\temp\AfterScript_permissions.txt Restart-Service TermService -Force Run the script through the Custom Script Extension available in the portal on the impacted VM. Retry the accessBut this fails with:
VM has reported a failure when processing extension 'CustomScriptExtension'. Error message: \"Failed to decode, decrypt, and deserialize the protected settings string. Error Message: Keyset does not exist
So I'm unable to execute remote scripts too, not sure if this is causing the original problem too.
Any suggestions?
解决方案The steps you tried are the correct ones you need to do in order to get access back into the VM.
If you are unable to perform the steps using Custom Script Extension it means the VM agent is not responding. The VM agent needs to be responding in order to use the Custom Script Extension.
You could try the following:
Perform the same commands using a Remote PowerShell session
https://blogs.technet.microsoft.com/mckittrick/how-to-remote-powershell-to-azure-vm-dip-to-dip/
You could also login to another VM located on on the same Vnet as the VM with the issue and connect using Remote Registry. From there you can locate the keys and manually make the changes.
If both of the above does not work, the last resort is to delete the VM, mount the OS disk to a recovery VM and make the changes manually to they keys. Once changed, you can rebuild from the fixed OS disk. This route is more time consuming but is an option if all else fails.
这篇关于无法将RDP传输到Azure VM-发生内部错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
