I have a Windows 2008R2 server in GCE that is behaving oddly (may be compromised). I can no longer access it via RDP. When I reboot the machine and look at the serial console, I see at the very bottom after the boot sequence, that something called Credentials Manager runs and appears to delete or change some username/password. I suspect that this is what is changing the RDP password. (see image attached). On a normally running Windows VM, I do not see this in the trace.
GCE Agent started.
Starting AddressManager
Starting CredentialsManager
Credentials have changed. Updating...
Changing username...
Deleting old user...
Username or password was updated successfully.```
I have tried resetting or adding a new password using the metadata windows-startup-script-cmd = net user but that does not seem to do anything.
What I get is an error message of the form:
Booting on date 05/05/2015 10:22:49
WARNING: Computer Name windows does not match Compute Engine Instance Name XXXXX.
Did you forget to run gcesysprep?
attributes/windows-startup-script-bat value is not set or metadata server is not reachable.
attributes/windows-startup-script-ps1 value is not set or metadata server is not reachable.
So the question is, how can I get into the machine to see what is happening? Is there a way that the GCE startup sequence could be changed to not call the credential manager to change the password or username?
What you could do is if you have a Gcloud SDK (https://cloud.google.com/compute/docs/gcloud-compute/) installed, you can run the following command while that instance is running:
gcloud compute instances decribe instance_name
This will provide all the information about the instance and you will see a section called MetaData which will display the users and the passwords. Then you can try to remote in and remove any credentials setup in the Credentials Manager located in Control Panel -> User Accounts.
I hope this give you access to your VM
Related
I'm new to AWS EC2 and I'm trying to access to a windows instance (it's an image created from another instance),
But when I click on Get password in RDP section, i got this message:
The instance was running since yesterday so why I still have this message? is this something related to missing configuration?
Thanks for your help!
Check the console output for the instance to see whether the AMI that you used to launch it was created with password generation disabled. If password generation is disabled, the console output contains the following:
Ec2SetPassword: Disabled
If password generation is disabled and you don't remember the password for the original instance, you can reset the password for this instance. For more information, see .Reset a lost or expired Windows administrator password
I installed a custom windows service on a new VM in a new environment and I am unable to ge tit to start using the domain service account. The service in question has been installed successfully on numerous other VMs (using Win server 2008, and recently, Win Server 2012 R2). In all cases, after installing successfully using the default Local System Account, and verifying that the service starts up successfully using that account, I modify the start up account to use a specified domain account as this service needs to be able to communicate with a SQL server as well as read and write from t/from various network shares.
This time, after setting up the new Win Server 2012 R2 VM, installing the service, checking that it starts ok using Local system account, and then changing the start up to use my designated service account, when I try to start the service it fails with an error:
"Error 1069: The service did not start due to a logon failure."
I checked the credentials by using them to RDP into this VM. It was successful, so I have the correct account and password.
I checked the event log, and saw an error in the Windows Application Log:
"Could not write to AD. Error 0x80070032."
When I googled this, it took me to this page Error Page, which seems to be describing a scenario where there was failure saving a changed password, but no one has changed the password on this account as it is a service account it is set to never expire...
Any ideas??
I have a shared folder on a windows 10 host machine. I could access it from a windows 10 client machine, where I had set "remember credentials" when first accessing the share. I changed the password on the host. Now the client cannot access the shared folder. That was expected. But I could not find a way on the client to allow the user to re-establish access to the shared folder.
I expected it would ask for credentials again. However I got a network error saying that windows cannot access the host machine.
Based on a number of entries on various forums, I tried a few things. The credentials manager on the client does not show the host. I stopped and restarted file and printer sharing on the client, without any change in the result. Network diagnosis and the windows troubleshooter gave no help.
The problem was due to some previous connections remaining in the network table, even though disconnected, as presented by the "net use" command from the command prompt.
>net use
Status Local Remote Network
--------------------------------------------------------------------------
Disconnected \\192.168.1.71\IPC$ Microsoft Windows Network
Disconnected \\HOST\IPC$ Microsoft Windows Network
After deleting them (via "net use /delete") the next attempt to access the host asked for credentials. Yay!
I began the path to the solution when I tried
net use z: \\host\shared /user:admin password
which gave system error 1219 stating multiple connections to a server are not allowed. Disconnect all previous connections and try again. Obviously, even though known to be disconnected, the entries prevented reconnection.
I'm trying to connect my machine (MacOS) to a remote. I went on AWS and create a windows instance, I use the default security groups and downloaded the rdp file.
I open it with Microsoft Remote Destock and ends up with an error message:
Unable to connect to remote PC. Please verify Remote Desktop is enabled, the remote PC is turned on and available on the network, and then try again.
I tried to run the rdp file on a windows machine, I got the same error.
My question is: How do we set the security groups to open windows remotely.
Thanks
check your security group and make sure you have open RDP(3389)port.
Then you can generate your password by.
EC2 console --> Connect To Your Instance --> Get Password --> Choose Browse and navigate to the private key file --> Decrypt Password.
The console displays the default administrator password for the instance in the Connect To Your Instance dialog box.
If you want to generate Remote Desktop File or details information you can go throught below link. https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2_GetStarted.html
How can I configure Visual Studio remote debugging when:
My developer machine is a member of an AD domain, and my username is "DevelopersName".
The "remote" machine is on the same Ethernet segment, but is not part of the domain.
The "remote" machine must run software under "RemoteUserName".
Most documentation I can find suggests that you need have both machines in the same domain and with identical usernames. That's not possible here.
I could possibly add my username to "remote", but the software still needs to run under "RemoteUserName.
If it helps, I could add 2nd network card to my developer machine and directly connect the "remote" machine.
Using VS2008, but will be moving soon to VS2010.
Thank you.
Sorry, but I've just spent the last 10 hours trying to debug your exact problem. My findings are not good.
You need to get your accounts synced, especially if you are using your remote app to connect to other systems in your SOA environment, ie: Sharepoint, AD.
You can to some extent get remote debugging to work, if you create an account on your local machine with the same name as that of your remote machine (lets do it like this rather rather than working with the domain account).
You then need to make sure the remote service is running under this account, and its a member of the administrators group. And by this I mean hold down control, and right click run as - with the remote debugger, and select the user (not required if remote server is logged in as the required user).
Run the wizard it will open the required ports, use Authentication, because non authentication won't debug managed code. Breakpoints are never met, and there is nothing you can do about this.
On your local dev machine, log off your domain account, and log onto the local account with matching name as the account on server thats running the remote service.
Now you stand a change of remote debugging. If you can't do any of the above, sorry there is no workaround, its entirely dependent on the user account and having the right permissions.
If you don't want to create a local account, try starting our debugger via command prompt using the following command:
runas /user:[user#machinename] /netonly [debugger.exe]
E.g.:
runas /user:john#mypc123 /netonly devenv.exe
I assume it's managed debugging you're talking about (for native debugging there's a remote debugging solution with no authentication). In this case, I would suggest that you use a local user to launch the debugger on your machine. If this local user's name and password match "RemoteUserName"'s name and password, it should work.
(Note that this does not preclude you from using the AD account to log in to your workstation, you just need to set up another account and use runas to launch Visual Studio.)