问题
I've created a VM (non-classic, using Resource Manager) in new Azure portal but I need to connect from behind a firewall.
I've found a bunch of articles explaining how to solve it by editing an Endpoint settings for RDP, but in the new portal there is nothing like this!
Inbound and Outbound rules are just firewall rules as I understand and it gives nothing.
I've connected to it from home and tried to change RDP listening port to something not blocked by firewall with following power shell script:
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value 443
Rebooted VM, changed default-allow-rdp inbound rule on the portal but still unable to connect.
回答1:
If you created VM using Resource Manager (non-classic), you don't have Endpoints configuration and you can't configure ports as described in answer by Matias (to get to your azure VM via allowed ports in firewall). Unfortunately not all VM templates are available for VM Classic interface. I'd really like to know what is the limitation here in azure.
In fact even with classic VM solution from Matias didn't work - I deployed another VM with classic interface, configured Endpoints as described and still can't connect from behind a firewall. But it works fine from anywhere else, I don't even need to change rdp listener port, it's changed automatically when I changed it in Endpoint.
The only working solution I found was using putty and SSH tunneling from my computer behind corporate firewall to 443 port on my azure non-classic VM. Here are the steps:
In putty you create connection to your_azurevm_ip:443 then go to Connection -> SSH -> Tunnels, map ports for instance as L49999 -> localhost:3389
You need to install any free SSH server to azure VM (I used freeSSHd), and add authorized account for tunneling
After you establish connection from putty and enter SSH credentials you connect using rdp to localhost:49999 and it's being forwarded through SSH tunnel to 3389 local VM port It's quite ugly but at least it works.
回答2:
It looks like your corporate network doesn't allow outbound connections for RDP to originate from within the corporate firewall. This itself doesn't have anything to do with the Azure VM. However, changing the RDP listening port on the Azure VM should work fine to get around this. Perhaps, instead of changing it to use port 443, which is normally for SSL/TLS connections, you could try changing the RDP port to something non-standard.
回答3:
You can always configure the EndPoint to make an external port XXXX map to an internal 3389.
In the new Portal, open the Cloud Service / VM, go to Settings and pick Endpoints. You can Add one and set the Public and Private ports (the Public being the one you want to connect to from your computer and the private the one that is exposed by the VM).
In case you created the VM using the Resource Manager model, the way to access it is, use the Search box with your VM name. You should find a group of items, one of them has a small blue shield (Network Security Group). Once you select it, in the Settings pane, select Inbound Security Rules:
You should be able to customize it there.
回答4:
Had same problem and resolved it as follows:
- On azure dashbord, VM related security interface, add security inbound rule which opens 443 port.
- On the VM change RDP port to 443 via registry editor: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
- On the VM firewall, add inbound rule which opens 443 port
- Restart the VM and connect to IP:443
- In order not to loose connection to the VM, I recommend to install Ultra VNC, that way you have alternative control point to your VM.
来源:https://stackoverflow.com/questions/36031980/new-azure-portal-no-end-points-how-to-connect-to-vm-with-rdp-from-behind-a-fir