Forum Discussion

iandoyle345's avatar
iandoyle345
Copper Contributor
May 20, 2025

Cannot RDP to azure VM from local domain joined PC

I have an Azure VM behind an Azure VPN that I cannot connect to from certain PCs.

  1. This is an azure government instance at the free tier.
  2. The VM only has a Private IP, and can only be accessed when connected to the VPN.
  3. The VM doesn't have a DNS name/FQDN. I looked into giving it one, but the instructions call for a public IP so I couldn't complete the process.
  4. I am using the private IP address of the VM, and an Entra ID credential to connect through RDP
  5. I can reach the VM from my laptop, which is azure AD joined to a different tenant.
  6. I can reach the VM from a non-domain joined PC from the network I am working in.
  7. I CANNOT reach the VM from a local domain joined PC on the same network, even before applying policies.
  8. I get a "user logon failed" message from the PC
  9. I don't see the logon attempts in Entra ID Admin Center under "Sign-in Logs"

I'm all out of things I know to try to get this to work. Any insight or guiding questions would be greatly appreciated.

Thank you!

4 Replies

  • Jamony's avatar
    Jamony
    MCT
    Jun 26, 2026

    Since one laptop can RDP and the other PC cannot, I would not change the Azure VM first. I would compare the two client machines.

    On both clients, check the VPN-assigned IP, routes, and DNS:

    route print nslookup <vm-name-or-domain> Test-NetConnection <private-ip> -Port 3389

    If the failing PC cannot reach TCP 3389 but the laptop can, check whether the VPN pool address for that PC is covered by the NSG/firewall rules. I have seen cases where only part of the VPN client pool was allowed.

    If TCP 3389 is reachable, then I would look at local Windows firewall/EDR policy, NLA, credential format, or RDP policy on the domain-joined PC. Ping working does not prove RDP is allowed.

    Docs:
    https://learn.microsoft.com/azure/network-watcher/connection-troubleshoot-overview
    https://learn.microsoft.com/troubleshoot/azure/virtual-network/virtual-network-troubleshoot-connectivity-problem-between-vms
    https://learn.microsoft.com/azure/virtual-machines/windows/connect-rdp

  • iandoyle345's avatar
    iandoyle345
    Copper Contributor
    May 20, 2025

    Thanks for the reply!

    I did make sure that no policies were applied, but just in case, do you know specific controls that would prohibit remote connection to another computer? I dug through GPs earlier but everything seemed to relate to remote connections to the local machine

    • Mahmoud_Yaseen_AZHero's avatar
      Mahmoud_Yaseen_AZHero
      MCT
      May 21, 2025

      May be the cause that prevent you is windows F.W 

      # Restricting RDP Access via Firewall Rules #

      Open Windows Defender Firewall with Advanced Security.
      Go to Outbound Rules.
      Create a new rule:
      Select "Port" and specify TCP 3389 (RDP default port).
      Choose "Block the connection".
      Apply the rule to Domain Profile.
      Save and enforce the rule.

      @ may it is applied to your computer as an outbound rule !!

  • Mahmoud_Yaseen_AZHero's avatar
    Mahmoud_Yaseen_AZHero
    MCT
    May 20, 2025

    on the local domain joined PC you should check policies applied to that machine because it may prevent you from RDP to other servers 

    Note : you should have local admin privilege to that machine so it can show computers policies 

    From Run ----  Type -- rsop.msc  

    Check User rights assignment section !!