How to enable Remote Desktop on Azure Cloud Service

-

Azure Cloud Service is one of the very useful PAAS (Platform-As-A-Service) offerings that Azure provides to deploy your Worker Role or Web Role into the cloud VM(s). So you can control the scalability, reliability, and cost anticipated for your application. 

You can access your service remotely if you expose your Web Role endpoints. However, this post is about how you enable remote desktop access to your cloud service VM(s) secured manner. 

There are two ways of enabling the Remote Desktop feature on your cloud service.

- Azure Portal configuration (UI)

- Cloud Definition and Configuration (code deployment)

This is the link to enable RDP using the Azure Portal. Here in this post, we are more focused on how to enable RDP from the code.

Pre-requisites:

- Azure SDK

- Azure Portal Access

- Cloud Service Solution for testing 

Steps:

Open your cloud solution and locate the below files

- ServiceConfiguration.cscfg 

- ServiceDefinition.csdef

In your ServiceDefinition file, you need to define the modules that need to import in order to support remote desktop support.

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="YourCloudServiceName" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WorkerRole name="YourCloudServiceRoleName" vmsize="Standard_D2_v2">
<Runtime executionContext="elevated">
<Environment>
<Variable name="COR_ENABLE_PROFILING" value="1" />
<Variable name="COR_PROFILER" value="{324F817A-7420-4E6D-B3C1-143FBED6D855}" />
<Variable name="MicrosoftInstrumentationEngine_Host" value="{CA487940-57D2-10BF-11B2-A3AD5A13CBC0}" />
</Environment>
</Runtime>
<LocalResources>
<LocalStorage name="NETFXInstall" sizeInMB="1024" cleanOnRoleRecycle="false" />
</LocalResources>
<ConfigurationSettings>
<!-- <Setting name="AdditionalSettings" value="ConfigValue" /> -->
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="WebEndpoint" protocol="https" port="443" localPort="443" certificate="myservice.cloudservice.com" />
<InternalEndpoint name="InterroleMessaging" protocol="tcp" />
</Endpoints>
<Certificates>
<Certificate name="myservice.cloudservice.com" storeLocation="LocalMachine" storeName="My" />
</Certificates>
<Startup>
<Task commandLine="AppInsightsAgent\InstallAgent.bat" executionContext="elevated" taskType="simple">
<Environment>
<Variable name="ApplicationInsightsAgent.DownloadLink" value="http://go.microsoft.com/fwlink/?LinkID=522371" />
<Variable name="RoleEnvironment.IsEmulated">
<RoleInstanceValue xpath="/RoleEnvironment/Deployment/@emulated" />
</Variable>
</Environment>
</Task>
<Task commandLine="install.cmd" executionContext="elevated" taskType="simple">
<Environment>
<Variable name="PathToNETFXInstall">
<RoleInstanceValue xpath="/RoleEnvironment/CurrentInstance/LocalResources/LocalResource[@name='NETFXInstall']/@path" />
</Variable>
<Variable name="ComputeEmulatorRunning">
<RoleInstanceValue xpath="/RoleEnvironment/Deployment/@emulated" />
</Variable>
</Environment>
</Task>
</Startup>
<Imports>
<Import moduleName="Diagnostics" />
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
</WorkerRole>
</ServiceDefinition>

Once you have the import definitions in place you need to generate a password by encrypting using a certificate. 

Before encrypting your password you need to check if you have a valid certificate that can be used for this purpose. 

When you installed the Azure SDK on your development environment you will see the CSEncrypt.exe tool in the below location. C:\Program Files\Microsoft SDKs\Azure\.NET SDK\<<Version you installed>>\bin>CSEncrypt.exe

When you execute the below command you can see the certificates available in your local for encryption. 

>CSEncrypt Get-PasswordEncryptionCertificate

If you want a custom certificate you can create a new certificate and upload it to the cloud service. Here is how you can create a new certificate. 

>CSEncrypt New-PasswordEncryptionCertificate -FriendlyName myservice.cloudservice.com

So this command will generate the certificate so you can get the certificate thumbprint for password encryption. 

You can encrypt the password by using the below command. 

>CSEncrypt Encrypt-Password -Output C:\RemoteDesktopPassword.txt -Thumbprint 39B87E114AA34777E4C24E4BBDC2CB094C6716CD

You can provide your password and confirm so it will write the encrypted password into C:\RemoteDesktopPassword.txt file. Or you can execute the same command without the -Output parameter so you can see the encrypted password on the command prompt. 

Once you have done the above steps you can proceed with the cloud service configurations on the ServiceConfiguration.cscfg file. 

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="YourCloudServiceName" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2015-04.2.6">
<Role name="YourCloudServiceRoleName">
<Instances count="1" />
<ConfigurationSettings>
<!-- <Setting name="AdditionalSettings" value="ConfigValue" /> -->
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.Enabled" value="true" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountUsername" value="remoteadminsuer" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword"
value="MIIBvgYJKoZIhvcNAQcDoIIBrzCCAasCAQAxggFvMIIBawIBADBTMD8xPTA7BgNVBAMMNFdpbmRv
d3MoUikgQXp1cmUoVE0pIEVuY3J5cHRpb24gVG9vbCB2ZXJzaW9uIDIuOC4wLjACEDE664Bp43mg
SVXfEgck/9YwDQYJKoZIhvcNAQEBBQAEggEAex8KvAIXbS5AXdNYSzX0NdTHsH0uee4STkQ4IaMP
+9B/+xXlWuXPEEOsvX4z2TFEuz0uZJJe9pc2VtO+jMGqPjTckvb4L1g5HpOa5kWBuT9hl3yC45xY
Xw1iIYIyMHiPTz/2ZOIc88ccTKhpSKe6tL0Rdab383vuUasqVGtgwx9GW6w3Rm5d/QjJ7pkb6ypw
vKpvSWROSIDctNrYBwfiV3iaGKad30J0QYo04Ozj1Vt6LWTfa3CvW6yhPxpPxJMW8ebiBEfFJYeA
Z/35YXvcOyOucHt9ICBHXSOUuSLe+rJ53Xf/GpL21lZYhK/nFG4WfuwF/oAmhFYejgAJWht0QzAz
BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECAuH2qprQsnGgBBmeRxru2d0cY666dZ5FQDy" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountExpiration" value="2020-10-20T23:59:59.0000000-05:00" />
<Setting name="Microsoft.WindowsAzure.Plugins.RemoteForwarder.Enabled" value="true" />
</ConfigurationSettings>
<Certificates>
<Certificate name="myservice.cloudservice.com" thumbprint="39B87E114AA34777E4C24E4BBDC2CB094C6716CD" thumbprintAlgorithm="sha1" />
<Certificate name="Microsoft.WindowsAzure.Plugins.RemoteAccess.PasswordEncryption" thumbprint="39B87E114AA34777E4C24E4BBDC2CB094C6716CD" thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
</ServiceConfiguration>

Note: You need to use the encrypted password for the Microsoft.WindowsAzure.Plugins.RemoteAccess.AccountEncryptedPassword key. 

You can specify the expiration date for the RDP account if needed or you can provide the certificate expiration date as well.

That's all. Once you have the certificate uploaded to the service you can deploy the service. Once the cloud service is deployed successfully you can remote into the VM.

Moreover, you can create an RDP file by saving the below content as *.rdp extension. 

full address:s:yourservicename.cloudapp.net
username:s:remoteadminuser
LoadBalanceInfo:s:Cookie: mstshash=YourCloudServiceRoleName#YourCloudServiceRoleName_IN_0

That's all. Hope this helps. 

Cheers!!  

Comments

Post a Comment

Popular posts from this blog

Dependency Injection for Azure Function

-
Enabling dependency injection on your Azure Function a little bit different than the usual process like you do on the .Net Core applications. Here I'm planning to share some tips and steps you should follow if you need to enable DI on Azure Functions with C#. I'm focusing on a function application created for HTTP Trigger. When you create a new project you will see a static class and method to run your function end-point.  1 2 3 4 5 6 7 8 9 10 11 public static class FunctionWithDI { [FunctionName("function-with-di")] public static async Task<IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log) { log.LogInformation( "C# HTTP trigger function processed
Read more

C# Interactive

-
Image
Think... You have a solution with multiple C# projects and include maybe 1000 classes which are so hard to debug and test. But you have a task to validate the output of certain functions when certain parameters have specific values assigned. Especially, you don't have unit tests added or difficult to implement unit tests.  Idea... You can use C# Interactive to cater to everything above and there are many benefits. C# Interactive is a feature that comes with Visual Studio 2015 update 1 and later versions. It is a REPL Editor for C# (Read-Evaluate-Print-Loop). If you are interested in learning how to code you can use the online version of this C# Interactive to write and execute codes.  You can use Microsoft's C# learning site if you don't have Visual Studio installed on your PC.  If you have Visual Studio installed in your machine you can go to View > Other Windows > C# Interactive to open the C# Interactive window. If you want to execute any method in C# Interacti
Read more