Connect to Azure Stack

To manage resources, you must connect to the Azure Stack POC computer. This topic details the steps required to connect to the Azure Stack POC. You can use either of the following connection options:

  • Remote Desktop: lets a single concurrent user quickly connect from the POC computer.
  • Virtual Private Network (VPN): lets multiple concurrent users connect from clients outside of the Azure Stack infrastructure (requires configuration).

Connect with Remote Desktop

With a Remote Desktop connection, a single concurrent user can work with the portal to manage resources. You can also use tools on the MAS-CON01 virtual machine.

  1. Log in to the Azure Stack POC physical machine.
  2. Open a Remote Desktop Connection and connect to MAS-CON01. Enter AzureStack\AzureStackAdmin as the username, and the administrative password you provided during Azure Stack setup.
  3. On the MAS-CON01 desktop, open Server Manager, click Local Server, turn off Internet Explorer Enhanced Security, and then close Server Manager.
  4. To open the user portal, navigate to (https://portal.local.azurestack.external/) and sign in using user credentials. To open the administrator portal, navigate to (https://adminportal.local.azurestack.external/) and sign in using the Azure Active Directory credentials specified during installation.

Connect with VPN

In an Azure Stack Proof of Concept (POC) environment, you can use a Virtual Private Network (VPN) to connect your local Windows-based computer to Azure Stack. VPN connectivity is supported in both Azure Active Directory(AAD) and Active Directory Federation Services(AD FS) based deployments. VPN connections enable multiple clients to connect to Azure Stack at the same time.

Through the VPN connection, you can access the administrator portal, user portal, and locally installed tools such as Visual Studio and PowerShell to manage Azure Stack resources.


This VPN connection does not provide connectivity to Azure Stack infrastructure VMs.

The following sections describe the steps that are required to establish VPN connectivity to Azure Stack.


Import the Connect PowerShell module

After you download the tools, navigate to the downloaded folder and import the Connect PowerShell module onto your local Windows-based computer by using the following command:

Set-ExecutionPolicy RemoteSigned
Import-Module .\Connect\AzureStack.Connect.psm1 

Configure VPN to Azure Stack PoC computer

To create a VPN connection to the Azure Stack PoC computer, run the following steps on your local Windows-based computer:

  1. Add the Azure Stack PoC computer’s host IP address & certificate authority (CA) to the list of trusted hosts on your client computer by running the following script in an elevated PowerShell session:

    #Change the IP address in the following command to match your Azure Stack host IP address
    $hostIP = "<Azure Stack host IP address>"
    # Change the password in the following command to administrator password that is provided when deploying Azure Stack. 
    $Password = ConvertTo-SecureString `
      "<Administrator password provided when deploying Azure Stack>" `
      -AsPlainText `
    #Add host IP and certificate authority to the to trusted hosts
    Set-Item wsman:\localhost\Client\TrustedHosts `
      -Value $hostIP `
    Set-Item wsman:\localhost\Client\TrustedHosts `
      -Value mas-ca01.azurestack.local `
  2. Get the Azure Stack host computer’s NAT IP address. If you do not remember the NAT IP address of the Azure Stack PoC instance you are trying to connect to, you can get it by using the Get-AzureStackNatServerAddress command:

    # Get host computer's NAT IP address
    $natIp = Get-AzureStackNatServerAddress `
      -HostComputer $hostIP `
      -Password $Password

    get NAT IP

    This command remotes into the MAS-BGPNAT01 infrastructure VM and gets the NAT IP address.

  3. Create a VPN connection entry for your local user by using the Add-AzureStackVpnConnection command:

    Add-AzureStackVpnConnection `
      -ServerAddress $natIp `
      -Password $Password

    get VPN connection

    If the connection succeeds, you should see azurestack in your list of VPN connections.

    Network connections

  4. Connect to the Azure Stack instance by using either of the following methods:

    a. Connect-AzureStackVpn command:

    Connect-AzureStackVpn `
      -Password $Password

    connect with cmd

    When prompted, trust the Azure Stack host and install the certificate from AzureStackCertificateAuthority into your local computer’s certificate store. (the prompt might appear behind the PowerShell session window).

    b. Open your local computer’s Network Settings > VPN >click azurestack > connect

    connect with UI

    At the sign-in prompt, enter the username (AzureStack\AzureStackAdmin) and the password. If the connection succeeds, the azurestack VPN should be in a connected state.

Test the VPN connectivity

To test the portal connection, open an Internet browser and navigate to either the user portal (https://portal.local.azurestack.external/) or the administrator portal (https://adminportal.local.azurestack.external/), sign in and create resources.

Next steps

Make virtual machines available to your Azure Stack users