When the cloud dies - getting into your windows VM



Now the cloud never fails right....?

Well just assume for a minute that's it's not this magical thing that never breaks and is fallible, and then take in one step further and imagine some kind of really nasty scenario where the managed domain controller is toasted and you see a horrible message like the screenshot below:



Game over right?

How do you ever get on to the machine to fix that - even if we restore from backup we still have the NLA issue and we can never talk to the domain again (even when the domain is fixed this machine was somehow linked to the previous life of the domain in some mysterious way).

Well it turns out there is a way - you just have to be a bit creative and persistent to sort this out - so this is how i did it....

First up navigate to the serial console of the VM - see the picture below - in most cases though this is not enabled and you initially can't use it.



The first stage to enable that is then to switch on boot diagnostics - by going to this screen:


Then switch to on:


After that we have to make sure the EMC is enabled - to do that navigate to the run command screen of the VM and choose that option - then click run:



After a couple of minutes you should see this:


Now for me i had to reboot the server before moving on - this may or may not be necessary for you.

Now when i go back to the console screen i see this output - and it's as if we are sat in a freezing computer room in front of a slide out screen and KVM setup....


At this prompt we then need to launch a dos command window - to do that we run the following set of commands:

cmd

(that creates a channel that we then need to connect to)

ch -sn Cmd0001

That attached to the named channel i just created (this is likely to be Cmd0001 in most cases - but the previous cmd command will output the name to you)


Once i do that i get a login prompt


Now i just need to login as a local account (now if you don;t have a local account password saved away - you may be able to reset it using the VM agent - which is generally always on and working for windows VM's).

Just type the username followed by . for domain (i.e. local account) followed by the password.


Then you should magically be at a dos prompt!


Now we can type powershell to get to a powershell prompt and run a nifty bit of powershell to disable NLA


(Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -ComputerName localhost -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)

(note here is that cut and paste into the serial console seems to add rnanom extra characters so you may need to edit the command line after pasting)


After that if we go back to remote desktop connection we now get past the NLA warning and instead see this.


Now if i explicitly type .\username and then password at the login prompt we can get in - job done (note in my case the keyboard was confused as @ was typing as " - so click on the little icon to confirm what you are typing is actually what the machine is receiving!)


Neat huh - snatched victory from the jaws of defeat!

Comments