Enabling user account in a Windows Azure Cloud Service (PaaS) instances which is disabled

Symptom

We have seen a few issues, where user accounts gets locked on Windows Azure Cloud Services (PaaS) instances. When user login to their Windows Azure Cloud Service instances they see the following error
message:

 “The user account has been disabled, please contact your system administrator”

Potential Cause:

Windows Azure security policy by default set the Maximum password age, when users creates a new role. The security policy Maximum password age is set to 42 days, which disables the account
https://technet.microsoft.com/en-us/library/cc736566(v=ws.10).aspx

Resolution

To re-enable the disabled user account, you can do the following:

 For Windows Azure Cloud Services (PaaS) Role instances

 

Step 1: Login to Windows Azure Management Portal

Step 2: Click on the Cloud Service. Choose the Service.

Step 3: Choose Configure

Step 4: Now click on Remote

Step 5: In Configure Cloud Service

Step 6: Select a New User Name and Password

Step 7: It will reconfigure the role and add this new user to the instances

Step 8: You will now be able to login using the new user name and enable the disabled user account.

 

Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user's password and have access to your network resources. While we are working hard to have notification system built in the platform so use can get proper notification from instances however we are not there yet. And because of it please make sure to keep your password updated every 30-90 days or depend on your initial password expiry setting.

Keyword: Windows Azure, Remote Desktop, RDP, Password,