Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Access Azure Virtual Machines Using the Serial Console Recovery Tool

toolbox

In this Ask the Admin, I’ll show you how to access an Azure Windows Server virtual machine using the serial console, independently of the OS and network.

One of the disadvantages of using virtual machines (VMs) in the Azure cloud has been that if something goes wrong, for instance, a Windows Firewall rule is configured that blocks RDP access or the Remote Desktop service is stopped, it might be impossible to regain access to the VM. Unlike an on-premises Hyper-V Server, you don’t have physical access to the Azure cloud fabric.

Microsoft recently launched a preview of the Serial Console Recovery Tool, which provides text-based console access to Linux and Windows Server VMs via the COM1 serial port. A connection to the COM port can be established regardless of the operating system state or if the VM loses network connectivity.

Using Serial Console Access

There are a couple of prerequisites that must be fulfilled before you can connect to a VM’s COM port. The VM must have boot diagnostics enabled and the account using the serial console must have Contributor role for the VM and the boot diagnostics storage account. Linux VMs have support for serial console access (SAC) enabled by default but Windows Server is a more complex story.

SAC has been included in all versions of Windows since Windows Server 2003 but it is disabled by default. Serial console access is enabled by default in new Windows Server VMs that are deployed using the Azure marketplace. If you want to use SAC with Windows Server VMs that were deployed before the SAC preview launched, you must manually enable SAC in Windows. To do this, log in to the server using RDP, open a command prompt with administrative privileges, and run the following two commands to modify the Boot Configuration Data (BCD).

bcdedit /ems {current} on 
bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200

Once SAC is enabled in the VM, open the VM’s panel in the Azure management portal and select Serial console (Preview) under SUPPORT + TROUBLESHOOTING.

Serial console preview in Microsoft Azure (Image Credit: Russell Smith) — *Serial Console Preview in Microsoft Azure (Image Credit: Russell Smith)*

Before you can do anything with SAC, you’ll need to open a new command prompt channel. Type cmd at the SAC prompt to open a new channel to the command line. Make a note of the channel name. The first channel is usually called Cmd0001. Once the new channel is open, switch to it using the ch command:

ch -sn Cmd0001

Now provide a username and password that has local administrator access on the VM.

Connecting to Windows Server using the serial console preview in Microsoft Azure (Image Credit: Russell Smith) — *Connecting to Windows Server Using the Serial Console Preview in Microsoft Azure (Image Credit: Russell Smith)*

SAC gives the same access as you would get if you opened a command prompt in a Remote Desktop session. You can also launch PowerShell from the command line. Once you have access to the command line, just type powershell at the prompt and press ENTER.

Running commands on Windows Server using the serial console preview in Microsoft Azure (Image Credit: Russell Smith) — *Running Commands on Windows Server Using the Serial Console Preview in Microsoft Azure (Image Credit: Russell Smith)*

Using the serial console to access Linux VMs doesn’t involve jumping through as many hoops. You just click Serial console (Preview) in the VM’s panel, wait a few seconds for the connection to be established, and then enter a root username and password.

Regardless of the server operating system you need to access, the serial console is a useful tool in the absence of physical access to the Hyper-V cluster. It can be painfully slow and while it does support copy and paste, the results of pasting text can be messy. But then SAC isn’t intended for regular use and it might just save your bacon if emergency access to a VM is required

For a complete guide to using SAC, see the documentation at Microsoft’s website here.

Follow Russell on Twitter @smithrussell.

by Russell Smith
Apr 26, 2018

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.