Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to verify an Azure virtual machine RDP certificate?

My VM's RDP certificate fingerprint changed for some reason. Is there a way for me to verify the new certificate fingerprint in Azure?

Type: Virtual Machine (classic), Machine: Basic_A3, OS: Windows Server

like image 918
Simon Warta Avatar asked Jan 12 '16 13:01

Simon Warta


3 Answers

There are boot diagnostic logs available in Azure, enabled by default, when you boot a virtual machine. You can find them by selecting the virtual machine in the Azure portal; in the menu section 'Support + troubleshooting', select 'Boot diagnostics' and then the tabpage 'Serial log'. These logs list various system parameters as a JSON object, which contains the remoteAccess object seen below.

"remoteAccess": {
    "windows": {
        "rdpPort": 3389,
        "rdpEnabled": true,
        "rdpTcpListenerSecurityConfiguration": {
            "nlaUserAuthenticationRequired": true,
            "authenticationSecurityLayer": "TLS",
            "protocolNegotiationAllowed": true
        },
        "rdpTcpListenerMaxConnections": 2,
        "rdpFirewallAccess": "Allowed",
        "rdpAllowedUsers": [
            "TestUser"
        ],
        "rdpCertificateDetails": {
            "subject": "CN=RDPTest",
            "thumbprint": "9AD7CB3493790BCAB6FBF543EBBBE68883E9EE89",
            "validFrom": "2018-02-17T10:58:42Z",
            "validTo": "2018-08-19T10:58:42Z"
        },
        "rdsLicensingStatus": null
    }
}

As you can see, there is an rdpCertificateDetails object that lists the SHA thumbprint of the RDP server certificate. Unlike the Linux boot diagnostics log, it will list the thumbprint every time, so there is no need to worry if it was not recorded on first boot.

When you first connect, there will be an "unknown publisher" warning.

Unknown publisher

Click through, and enter your credentials. After entering your credentials, it will show an "identity could not be verified" warning. The name of the computer will be the name of the VM in Azure.

Identity could not be verified

Click view certificate, and go to details. Here you can find the thumbprint to verify against the one from the boot diagnostics.

Certificate thumbprint

For more detailed instructions on finding the boot diagnostics in the Azure portal, and obtaining the SSH keys for a Linux VM, see my answer on this StackOverflow question.

like image 134
lordcheeto Avatar answered Nov 01 '22 16:11

lordcheeto


If your using a Classic VM (ASM), chances are the legacy Azure Portal can assist you here (manage.windowsazure.com). I know for Linux VMs it displays SSH thumbprints, not sure if it will show auto-enrolled RDP certs. If you have VM extensions enabled then you should be able to deploy the password reset extension on classic VM if needed to reset an RDP configuration.. the portal has it built in though. If you put some more info on the OS and VM model yoru in we'll be able to help you better here.

like image 44
ericgol Avatar answered Nov 01 '22 15:11

ericgol


This solved the problem for me.

  1. Log into the VM using PowerShell. (If you do not know how, follow this guide. The certificate for secure login is found here in the new portal: Cloud services (classic) > (vm name) > Settings > Certificates)

  2. Execute the following commands remotely:

    set-location cert
    set-location localmachine
    set-location "remote desktop"
    dir
    
  3. This gives you the certificate thumbprint. Use it to verify the one given when you try to connect using Remote Desktop.

like image 37
Martin Johansen Avatar answered Nov 01 '22 16:11

Martin Johansen