question

DaveK-9647 avatar image
1 Vote"
DaveK-9647 asked BillWang-6629 answered

Azure Bastion fails to connect over RDP - Black Screen

I'm hoping somebody can help. I have tried to setup Bastion in my subscription and am hitting the following error on any VM I try to connect to. When I try to connect it opens a new browser window with black screen and to in the lower right corner I get a dialogue box saying...

'The network connection to the Bastion Host appears unstable.'

Then a dialogue box saying...

'The connection has been closed because the target machine is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your system administrator.'

Bastion appears to be setup correctly, has its own dedicated /27 subnet within the same vnet as the VM's I'm trying to connect to. There is no NSG applied on either the VM or on the Bastion subnet. Presumably if no NSG is applied there should be nothing internally within Azure blocking it. Yet I cannot seem to establish a connection to any of my VM's.

Worth a mention I tried looking this up before posting and seen some people mentioning they had set their RDP port to something other than 3389, and resetting this back fixed the issue. I have not changed the RDP port on any VM and confirmed all are still set to 3389.

Any help would be appreciated.

azure-virtual-machinesazure-bastion
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Azure Bastion is managed service, the troubleshooting for this one is hard.

The troubleshooting document is not good enought (https://docs.microsoft.com/en-gb/azure/bastion/troubleshoot?WT.mc_id=Portal-Microsoft_Azure_Health)

my case is,

I deleted the Azure Bastion service at weekend, and created it this morning, then I can't connect to my Windows VM.

The Bastion service is at "available" status, but I can't connect with error 'The network connection to the Bastion Host appears unstable.'

Finally i fixed it by stop and start the Windows VM.

2 Votes 2 ·
pituach avatar image
0 Votes"
pituach answered pituach edited

Hi,

The issue regarding changing the port of the RDP is known. Can you confirm that you can connect to the machine using RDP with the default port 3389. If you do not succeed then maybe this configuration was changed and we will need to fix it first

Basically all the information can be found in the following thread:

https://github.com/MicrosoftDocs/azure-docs/issues/33632


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Pituach, yes RDP over the default 3389 works perfectly from any other internal VM. It's only when trying to connect through Bastion I'm seeing this. Worth mentioning it's the same with any VM so I dont think it's going to be something unique to the VM. Tried on 4 VMs, and none of them have NSG associated with their NIC or subnet.

0 Votes 0 ·

Hi,

Since you say that this happens in all your Virtual Machine, then I have to assume that you do not configure the service well.

Please go over the following tutorial step-by-step and check if this solve your needs:

https://docs.microsoft.com/en-us/azure/bastion/bastion-create-host-portal


0 Votes 0 ·

Pituach, its a single page setup, what element do you suggest is not setup correctly?

Everything was done exactly according to that guide (its not exactly difficult), and yet I still have this issue.

1 Vote 1 ·
Show more comments
DaveK-9647 avatar image
0 Votes"
DaveK-9647 answered

Any other suggestions folks?

I'd really like to get Bastion working.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveK-9647 avatar image
0 Votes"
DaveK-9647 answered

Just to add, I have created a new Bastion host in a separate vnet, also created the required dedicated subnet for Bastion. I then created a test VM and Bastion works perfectly within this vnet.

This seems to isolate the problem within my other vnet. Keeping in mind there is no NSG applied to the Bastion subnet or VM nic. What else in the vnet config would cause this? Is there any particular routing requirements? Anything in the Route Table I should look out for?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DaveK-9647 avatar image
3 Votes"
DaveK-9647 answered RamiJamous-5170 commented

I got it sorted. In case this is helpful to anyone else. We have a firewall deployed in Azure and had added a UDR for 0.0.0.0/0 with next hop going to the FW. This was on the route table associated with our VM subnet, not the Bastion subnet. Basically this meant unless another route was explicitly defined then all traffic from our VM's would route through the FW. I added another UDR for the Bastion subnet and this resolved the issue.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Lucky, we have not been able to get VM to work on any type of connection regardless of how we have set up FW or no firewall

0 Votes 0 ·

can you give a screenshot of something for this udr to make it more specific or with clear details, please?

0 Votes 0 ·
EmmaBeejayB-8256 avatar image
3 Votes"
EmmaBeejayB-8256 answered

Just in case anyone is still having this issue. Also make certain your VM is running while attempting to initiate a remote connection. I was getting similar error until I realized intended VM was set to stop. Starting up the VM and initiating a Bastion connection fixed my error.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SauravDas-8985 avatar image
1 Vote"
SauravDas-8985 answered

what I noticed today that when I create initial connection via the bastion, the first time connection is seamless.
Its the subsequent access is where it is going all wrong and getting network connectivity issue

Anyone else faced and solved such an issue ? it will be helpful

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DevSharma-2714 avatar image
2 Votes"
DevSharma-2714 answered JoelA-0123 commented

I fixed it by clicking on the VM=>Run command=>SetRDPPort then "Run Command Script" window comes where you give the RDP Port number and Hit run. after the commend is run successfully, go back to the VM and connect via Bastian.....it works

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you so much, this fixed the issue for me

0 Votes 0 ·

Thanks - this resolved the issue for me too.
My issue turned out to be that after I migrated my VM to a new Vnet in Azure, the OS was using the 'Public' network profile and was blocking RDP connectivity from the bastion service (via the Public profile windows firewall rule). The Run command above not only reset the RDP port but also adjusts the Windows FW rules to allow the traffic.

0 Votes 0 ·
BillWang-6629 avatar image
0 Votes"
BillWang-6629 answered

Azure Bastion is managed service, the troubleshooting for this one is hard.

The troubleshooting document is not good enought (https://docs.microsoft.com/en-gb/azure/bastion/troubleshoot?WT.mc_id=Portal-Microsoft_Azure_Health)

my case is,

I deleted the Azure Bastion service at weekend, and created it this morning, then I can't connect to my Windows VM.

The Bastion service is at "available" status, but I can't connect with error 'The network connection to the Bastion Host appears unstable.'

Finally i fixed it by stop and start the Windows VM.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.