Step-By-Step: Recovering a Lost Azure VM Admin Password
Last week Microsoft Canada, with help from Pierre Roman and the team at CANITPRO.NET, delivered Canada's first Azure camp attended by 120+ Toronto based IT professionals. The event was warmly received and is currently being packaged to be delivered at a Canadian city near you. Attendees at the event were instructed to bring their own laptops and setup their own Azure trials at the camp to partake in the many labs made available through the camp. We were delighted to see that many attendees had already started testing Microsoft Azure and had existing VMs already reporting as available amidst their portal. The challenged they faced however, is that most had forgotten their admin passwords and were unable to access said Azure VM. This Step-By-Step post will address this issue and will enable those locked out to access their VMs once again.
Prerequisites
- Ensure you have an active Microsoft Azure subscription. View Step-By-Step: Creating a Windows 2012 R2 Lab on Windows Azure should you require to setup your lab.
- Clear your web browser history/cookies/cache and then close/re-open your web browser.
- Download and install the latest version of Microsoft Azure PowerShell.
- Install Microsoft Azure Cross Platform Command Line tools after the installation of Microsoft Azure PowerShell.
Step 1: Connecting to your Microsoft Azure Account through PowerShell ISE
- Run Windows PowerShell ISE in administrator mode.
- Enter and run the following PowerShell cmdlets hitting enter after each line:
Set-ExecutionPolicy RemoteSigned
Import-Module Azure
Add-AzureAccount
- Once the login prompt appears, enter the same username and password used to activate your Microsoft Azure account.
Step 2: Changing your Local Admin VM Password or Resetting your Local Admin VM account
Enter and run the following cmdlet to confirming the name of your Microsoft Azure subscription needed for the next step:
Get-AzureSubscription | Format-Table -Property SubscriptionName
Enter the following cmdlets to select the required Microsoft Azure subscription. Be sure to replace CANITPRO with the name of your Azure subscription:
$subscription = “CANITPRO”
Select-AzureSubscription –Default $subscriptionRun the following prompting for the credentials you’d like to reset the existing built-in local Admin user account to:
$adminCredentials = Get-Credential -Message "Enter new Admin credentials"
You are then prompted with the following:
Note: You can enter your existing username in this scenario. The next step will replace the passcode for an existing username or replace both the username and password attached to the existing local Admin account.
Note: The password provided must meet password complexity requirements and so must include 1 lower case letter, 1 UPPER case letter, and 1 number and/or 1 symbol. The step below will still achieve success however once the VM restarts your will be prompted for a compliant password.
Enter and run the following cmdlet to reset the built-in local Admin credentials with the ones provided in the previous step:
Get-AzureVM |
Where-Object -Property Status -EQ "ReadyRole" |
Out-GridView -Title "Select a VM …" -PassThru |
ForEach-Object {
$VM = Get-AzureVM -Name $_.Name -ServiceName $_.ServiceName
If ($VM.VM.ProvisionGuestAgent) {
Set-AzureVMAccessExtension -VM $VM `
-UserName $adminCredentials.UserName `
-Password $adminCredentials.GetNetworkCredential().Password `
-ReferenceName "VMAccessAgent" |
Update-AzureVM
Restart-AzureVM -ServiceName $VM.ServiceName -Name $VM.Name
} else {
Write-Output "$($VM.Name): VM Agent Not Installed"
}
}Login into your Azure VM using your newly set local admin username and password.
As you can see, PowerShell can be a powerful tool in the management of your infrastructure. Be sure to take advantage of Microsoft Virtual Academy's Getting Started with PowerShell 3.0 Jump Start to further your learning as to how PowerShell can further enable your career.