Re-connecting to a failed Azure Windows VM

We’ve recently had a couple of issues connecting to Azure Windows VM’s after a reboot, boot diagnostics was showing that VM’s has booted and Windows was waiting at the login screen.
However, the VM wasn’t responding to pings and we couldn’t connect to with RDP or WinRM.
We tried using the Azure (IaaS) diagnostics, but that was trying to use WinRM to connect to the VM so it also failed.
Suspecting the issue was Windows Firewall, we carried out the following:

  1. Deleted the VM (keeping the disks!!!)
  2. Attached the OS disk to another VM running the same OS
  3. Used regedit to load the system hive from the failed VM
  4. Set the following registry keys
    1. CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall=0 (DWORD data type)
    2. CurrentControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall=0 (DWORD data type)
  5. Detach the disk from the second VM
  6. Re-create the original failed VM, using the existing disks
Once the VM booted up, we were able to connect again.
I believe the issue relates to Windows not applying our GPO for disabling the firewall, to get around this we’ll use GPP to set these registry values rather than relying on the GPO settings.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: