Determine the RDP User for Web/Worker Role

  • Article

It is widely known that it is possible to add Remote Desktop (RDP) to a Cloud Service (web/worker role). Adding RDP is often done as a support mechanism - enabling the desire to see what is happening with the virtual machine and how the deployed code is working, or not.

Options to Enable Remote Desktop

There are two ways to add Remote Desktop support to a Cloud Service deployment:

1. Using Visual Studio, Remote Desktop can be added when the service is deployed by clicking the "Enable Remote Desktop for all roles" option in the publishing wizard. This approach will add two modules, RemoteAccess and RemoteForwarder, into the service model. You can read more on MSDN about setting up the connection in the service model

 

2. Using the Azure Management Portal, for the desired Cloud Service, first navigate to the CONFIGURE section and then select the REMOTE option in the bottom command bar. You can read more about this approach at https://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-configure/#remoteaccess.

 

 

Determine the Username

There are scenarios in which Remote Desktop is disabled when the Cloud Service is deployed, and only enabled in the event of a support incident when it is deemed RDP is the best support option. In this case, a co-administrator can enable RDP via the Azure Management Portal (as mentioned previously).  When first enabling RDP you set the username and password for the local machine account to be created on the role instance.  But what about after RDP is enabled - how do you know the local username that was created?  Is this information logged?

Enabling Remote Desktop in a Cloud Service is done via an extension. To learn more about extensions with Cloud Services and using them to enable Remote Desktop, I would encourage you to read Azure MVP Gaurav Mantri's excellent blog post on the topic. Gaurav's post shows how to add the Remote Desktop extension via the Service Management API. This information can be also useful when needing to retrieve details about a previously added Remote Desktop extension.

When Remote Desktop is enabled by using the extension model (e.g. enabling Remote Desktop via the portal), the operation logs in the Azure Management Portal (in the Management Services section) will show a new operation - AddHostedServiceExtension. If you were to look at the details for this extension, you would see something similar to the following:

 <SubscriptionOperation xmlns="https://schemas.microsoft.com/windowsazure" xmlns:i="https://www.w3.org/2001/XMLSchema-instance">
 <OperationId>ae0fcdb1-xxxxxxxxxxxxxx</OperationId>
 <OperationObjectId>/0bbbc191-xxxxxxxxxxxxxxxxx/services/hostedservices/rdpdemo01</OperationObjectId>
 <OperationName>AddHostedServiceExtension</OperationName>
 <OperationParameters xmlns:d2p1="https://schemas.datacontract.org/2004/07/Microsoft.WindowsAzure.ServiceManagement">
 <OperationParameter>
 <d2p1:Name>subscriptionID</d2p1:Name>
 <d2p1:Value>0bbbc191-xxxxxxxxxxxxxxxxx</d2p1:Value>
 </OperationParameter>
 <OperationParameter>
 <d2p1:Name>serviceName</d2p1:Name>
 <d2p1:Value>rdpdemo1</d2p1:Value>
 </OperationParameter>
 <OperationParameter>
 <d2p1:Name>input</d2p1:Name>
 <d2p1:Value><?xml version="1.0" encoding="utf-16"?><Extension xmlns:i="https://www.w3.org/2001/XMLSchema-instance" xmlns="https://schemas.microsoft.com/windowsazure"><ProviderNameSpace>Microsoft.Windows.Azure.Extensions</ProviderNameSpace><Type>RDP</Type><Id>RDP-a2d56066-1a78-40a9-98f3-e0a941a55a59</Id><Version>1.*</Version></Extension></d2p1:Value>
 </OperationParameter>
 </OperationParameters>
 <OperationCaller>
 <UsedServiceManagementApi>true</UsedServiceManagementApi>
 <UserEmailAddress>xxxxxxxxxx</UserEmailAddress>
 <SubscriptionCertificateThumbprint />
 <ClientIP>70.xx.xx.xx</ClientIP>
 </OperationCaller>
 <OperationStatus>
 <ID>ae0fcdb1-xxxxxxxxxxx</ID>
 <Status>Succeeded</Status>
 <HttpStatusCode>200</HttpStatusCode>
 </OperationStatus>
 <OperationStartedTime>2015-01-23T20:55:48Z</OperationStartedTime>
 <OperationCompletedTime>2015-01-23T20:55:55Z</OperationCompletedTime>
 <OperationKind>AddHostedServiceExtensionOperation</OperationKind>
</SubscriptionOperation>

A key piece of information in the above XML is the "input" OperationParameter. There are two key pieces of data here - the Type of the extension is "RDP" and the ID.  The type of "RDP" lets us know that we are looking at the correct extension - the extension which added Remote Desktop support to the Cloud Service. The ID provides a unique identifier for the specific extension's configuration information. With that ID, we can use the Get Extension operation in the Azure Service Management  API to retrieve public configuration, which will then provide the username created when enabling Remote Desktop.

In order to retrieve the public configuration, there are three steps you will need to perform:

  1. Set up authentication with the Azure Service Management API. See the Authenticating Service Management Requests topic in MSDN for more information. 
  2. Make a request to the Get Extension operation, providing the RDP extension ID retrieved from the Azure Management Portal. For example, *https://management.core.windows.net/0bbbc191-xxxxxxxxxxxxxxxx/services/hostedservices/rdpdemo1/extensions/RDP-a2d56066-1a78-40a9-98f3-e0a941a55a59*. This can be done using a tool such as Fiddler, or by writing code against the Service Management API.The response should contain the base64 encoded public configuration data.
  3. Decode the public configuration. Once decoded, you will be able to find the username used when enabling RDP.
 <PublicConfig xmlns:i="https://www.w3.org/2001/XMLSchema-instance">
 <UserName>mcollier</UserName>
 <Expiration>2015-02-04 05:00:00Z</Expiration>
</PublicConfig>