How to: Re-enable Remote Desktop with PowerShell after you’ve blocked it with your own firewall rule
How to: Re-enable Remote Desktop with PowerShell after you’ve blocked it with your own firewall rule
Obtained from: http://www.hanselman.com/blog/CSIReenablingRemoteDesktopWithPowerShellAfterYouveBlockedItWithYourOwnFirewallRule.aspx
The Big Problem:
I set up an Azure virtual machine running Windows Server 2012.
I accidentally disabled the Remote Desktop Windows firewall rule (while I was remotely connected). The connection dropped as you would expect.
I have been pulling my hair out ever since trying to re-enable this rule.
Doh. Ouch. I didn’t ask how this happened, but you know, one gets to clicking and typing and you can feel the mistake about to happen as your hand drops towards the keyboard, but by then it’s too late. Gravity has screwed you.
I suggested that Seán use Remote Powershell to get in and add the enabling Firewall Rule for RDC. Remote PowerShell is like “SSH” in *nix. You get a remote terminal and can pretty much do whatever you want from there.
TL;DR VERSION OF SEÁN’S EXPERIENCE.
- Make sure PowerShell is enabled in the Endpoints section of the Azure portal.
- Get the server’s certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains’ URL:
https://yourdomain.cloudapp.net:12345
(where :12345 is the port that PowerShell uses). - Export the SSL certificate of the site as a .CER file and install it on your local machine.
- Save it to the “Trusted Root Certification Authorities” store on your machine.
- Open PowerShell with administrative privileges on your local machine and type:
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
- A login popup will appear, enter your VM’s login credentials here.
- You will now be able to execute commands against the Azure VM. In Seán’s case, he ran
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
and exited the PowerShell session and was able to remotely connect to my machine.
LONG DETAILED VERSION WITH SCREENSHOTS
Long version with screenshots:
Make sure PowerShell is publically accessible in the ‘endpoints’ section of the Azure portal.
Get the server’s certificate (PowerShell needs this for establishing a remote session). You can get the server certificate by going to your domains’ URL: https://yourdomain.cloudapp.net:5986 (where :5986 is the port that PowerShell uses).
Go to the Details tab and click Copy to File…
Leave the first option selected and save the file to a local drive.
Once the file is generated and saved locally, install the certificate by double clicking on the certificate-name.cer file.
Install the certificate in the following store:
Open up PowerShell with administrative privileges and execute the following command (replacing the domain name and username with your own one):
A logon credential popup should appear where you will need to enter your VM’s username and password:
If successful, it should be pretty obvious that you have successfully initiated a remote session with the VM.
Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
To open re-enable the firewall rule you issue the command:
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
The final step was to quit the PowerShell session and RDC to the VM. Success!
I hope this write-up helps other people as well. Thanks Seán for a great question and for sharing the screenshot of your experience!
Love
Can we use Let's Encrypt, the free and open certificate authority?
Hola! gracias por la info, me sirvió el comando sacandole el nombre del server. En mi caso, fue una migración…
Yes 3rd option helped me too. I removed the WC key Values from config file then started working.
I know this is from 2014. But really, thank you!