Regaining Access to Azure VMs With Expired Passwords


Trending / Trending 30 Views 0

Lately I’ve been doing some experiments with Active Directory and, of course, I’m running my lab environment in Azure. It works great, until after 42 days. That's when the password of the one and only user account (mine) in the domain expires. Azure only provides remote desktop access to virtual machines, and in a default setup, it’s impossible to change the password over Rdp once the password has expired.

In all modern incarnations of remote desktop, the user authentication is done during the connection phase. This is called NLA: Network Level Authentication. It means the username and password are entered in the Rdp client, as part of the connection setup. Not like in the old days, where the remote desktop would show up and present the same username and password prompt as if one were actually sitting at the physical console. In the old days, the remote server could show a password expired message and force a password reset before the login was accepted. With NLA, that just doesn’t work. So what we need to do is to disable NLA without logging onto the remote machine.