In the Azure world, your project, service, or application is generally deployed as one of three types: Azure Websites, Virtual Machines, or a Cloud Service. Cloud Services host one or multiple roles, each one being either being what’s known as a “Web Role” – an application that runs through IIS, or a “Worker Role” – an application that runs as a Windows service. Each role can be run over several instances, each of these run on a separate virtual machine, and these instances put together are load balancing to serve as a single application. Generally, you shouldn’t need to RDP into the servers hosting them, but on occasions you’ll need to do so. If you’re using Windows or (recently) Mac OS X, there’s no problem in connecting to these machines using the .rdp files you can download from the Windows Azure portal and use Microsoft’s own Remote Desktop client. But if you’re on Linux, or use a 3rd party program, then things get a little more complicated.
I ran into this problem, not because I’m using Linux, but because I’m using a remote connection manager called RoyalTSX (which I highly recommend by the way). It uses FreeRDP to connect to Windows systems using the RDP protocol. The developer says support for the following should be arriving some time next week, but for now I’m going to show you how to connect to one of these boxes with FreeRDP itself running on Linux.
First thing we need to do is get a very recent copy of FreeRDP, as the one in your distro’s repository is most likely going to be from the stable branch, which won’t support the command we need to pass to allow the authentication cookie through, so we’re going to have to compile the source code.
Make sure you have the development tools and git installed on your system – refer to your distribution’s documentation on how to do this as each distribution is different – then launch your command line and grab the following repo from github:
git clone https://github.com/FreeRDP/FreeRDP.git
Next we enter the folder and create a make file:
cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON .
At this point we should be able to install this in the usual way:
sudo make install
Check you’re running the new version of FreeRDP by running the following command:
This is FreeRDP version 1.1.0-beta1 (git 1.1.0-beta+2013071101-966-g7cf6)
Now, you’ll need to log onto the Azure portal, navigate to the cloud service you want to look at, and the instance you want to connect to and click “Connect” at the bottom of the screen. A .rdp file will be downloaded.
Open this up and you’ll find the following inside:
Using the information from above, you can now pass the following to FreeRDP:
xfreerdp /u:YourAdminAccount /p:Y0ur@dm1nP@$$w0rd /load-balance-info:"Cookie: mstshash=The.Name.Of.Your.App#The.Name.Of.Your.Instance_IN_0" /v:yourcloudservice.cloudapp.net
At this point you may get a warning saying the certificate can’t be trusted, allow the connection anyway, and you should be the presented with your RDP session.
The down side to this is when switching to a different instance (by changing the load-balance-info flag, your system will block the connection because it thinks the machine’s fingerprint had been changed. This makes perfect sense as you’re calling on the same machine (the load balancer) to serve up a different connection. Adding “–ignore-certificate” may get round this issue, but I haven’t tried it myself.
Hopefully RoyalTSX will be updated next week to include the “/load-balance-info” flag, which will let us integrate our cloud services into our remote session manager. But at least there is now a solution that works cross all platforms.
Note: Big thanks to my line manager who helped me rewrite the introduction to this post to make it more accurate.
Almost 24 hours after posting this guide, the feature has been added into RoyalTSX allowing us to add these Cloud Service machines into our remote desktop management software.