Concurrent Azure Bastion Sessions - azure-virtual-network

I am not able to use more than 2 concurrent connection for RDP through Azure Bastion service. By default it should be 25 [ https://learn.microsoft.com/en-us/azure/bastion/bastion-overview#limits ]. Azure servers only support 2 concurrent RDP sessions in reality, and these MUST be from two different user profiles, so I was unable to have more than 1 Bastion session per user profile on the Virtual Machine.
Any way I can achieve multiple concurrent connection like we used to have back then in Win Server 2003 remote terminals?

Although it is true that with the Azure Bastion can support up to 25 concurrent RDP, this is still dependent on the Azure Virtual Machines.
Azure servers only support 2 concurrent RDP sessions by default, and these MUST be from two different user profiles, hence the reason you will be unable to have more than 1 Bastion session per user profile on the Virtual Machine.
This behavior I believe is by design and is exclusive to Azure Servers from Windows 2012 R2 and above.
A Remote Desktop Service (RDS) license for your virtual machine server would need to be acquired for multiple concurrent sessions on the server, however, a workaround exists but this would last for about 120 days.
You would need to take the following steps:
Open up your Server Manager and select the Add roles and features option.
Select next and then select the Remote Desktop Services installation option.
Go ahead to select the Multipoint Services option.
Click on next and ensure you select the Restart the destination server automatically if required option and then Deploy.
This should restart your virtual machine server.
After the restart, on the Server Manager dashboard, select the Tools option, Remote Desktop Services and then the Remote Desktop Licensing Manager.
Right-click on your server name and Activate Server.
Let your Connection method be the Automatic connection.
Fill out the Company Information.
On the License Program, select the Services Provider License Agreement
Supply your license number, it could be any 7 digit number of your choice.
For your product Version and License Type, select your Server version and select the RDS Per User CAL as your license type.
Under Quantity, provide the number of licenses ( users) you need.
Once this is completed and you have set up the required number of user profiles, you should be able to have concurrent Bastion sessions on par with the number of user profiles set up on your server.

Yes, we are only able to create one session per user. As far as I know, we only have one live RDP connection per one user at a simultaneous time.
Also, because we cannot interact with the Bastion host directly, we are currently unable to configure RDP session policies as we do with Group Policy on-premises. Also, from Sam's answer here, this is the limit imposed by Windows Server on remote administration, you can only have 2 administrators connecting to a server to manage it at once. If you have interested in it, you may have a look at Azure RemoteApp like his answer.

Related

How to authenticate users in a commercial environment without on-premises Windows Server equipment?

So what I need is a remote/cloud Windows Server that I can connect to using RDP (or another remote connection program) where I can create users, groups, basically everything I could do with an on-premises Server instance. What I need though is to be able to setup all the office computers to authenticate through the cloud AD. I have no clue how to do this. I cannot have a Server running on-premises, period. Just need something where I can connect each computer to the remote domain/forest, hopefully using an IP to the server, and then have the employees be able to logon to any domain-connected PC using their credentials. Thank you for any and all answers! -Scott
You need Azure Active Directory. You can control everything with remote management in the way you have described. Per the provided link, "Azure Active Directory (Azure AD) provides an easy way for businesses to manage identity and access, both in the cloud and on-premises."

Concurrent Remote Desktop Connection on VM in Server 2012

I am new to Server and VM things. I recently have the following scenario:
I have 1 physical server that has server 2012 R2 installed on it.
My task is to setup two windows 7 VM environment by hyper-v for testing.
Since there are more than two people accessing the VMs in the future. I know the existing user is kicked when another user login to the VM. Is there any ways to configure this such that both users can access without being kicked? (without violating the terms)
I heard about remote desktop service and did some research on it. However, I do not know if it would fit on this scenario. If it fits, can you explain how it will work?
If none of that work, I am thinking my last plan will be setting up more VMs for the group to use.
Thanks
You will have to first add Hyper-v role in your server from server manager.
Since you are planning to add two virtual machines, you must assign 2 static IPs to each of the VMs.
To run concurrent two RDPs in windows 7, you can install this patch in your VM that has windows 7 OS. Once you have added the patch restart the VM and you will be able to access VM with 2 different user concurrently.

Can't connect to sql server from lan computer using windows authentication

This is the thing, I have a server working perfectly allowing LAN connections, now im setting up a second one for maintenance purposes, but for some reasons I can't connect to him using windows authenticacion, but I still can to the first one, or using sql server login but I dont what to, I want to use Windows Authenticacion... I keep getting error message:
login failed for user "the user is not associated with a trusted SQL connection. (microsoft sql server, error:18452)
UPDATE: Both servers are running under Windows 7 (they are not for buissness use) they both are configure exactly equal.
UPDATE 2: I can connect from the same computer but not from a network one.
After few time, I realize the problem was at the layer eight (me), the best way to use windows authentication for SQL server is configuring a domain server, then add those domains users to sql and give them the desired privileges to connect to a database, and that' all it's that simple (at least for me it was) so after that, I created a System DSN Connection using windows authentication.

Running VB.Net Windows forms app as 2 different Windows authenticated users to connect to local and remote SQL server

I've inherited a VB.Net Windows forms application that is used across several hundred remote sites. On the remote sites the application connects locally to a local SQL server instance using the currently logged in Windows user at the workstation - this all works fine.
The application however also needs to connect to a remote SQL server - currently this is done using a set of connection strings and sql authentication. The DBA wants to move away from using SQL server authentication and make everything Windows authentication.
Clearly, adding hundreds of users to the remote DB is not an option. Therefore I need to be able to use the currently logged in user if connecting locally to a local SQL server and a different Windows users (which will have permissions to the db server) if I am connecting remotely.
Does anyone have any suggestions of how this can be done or can suggest an approach.
Thanks
Since both servers are on the same domain, create Active Directory Groups for the application, put the users' Windows logins into the groups, and then give the 2, 3 or 10 or whatever app-specific AD groups permissions in the databases. If you're using stored procedures, create a database role for each AD group, grant the DB role execute permissions, and add the AD groups to the DB roles.

How to add local account of another computer to sql server?

I need to add a user (\network_service) to a different computer's sql server logins.
How can I do this? I am attempting to search for the account, but it is not finding it.
In SQL Server:
Security >
Right-Click Logins >
Click "Search" >
attempt to find \\<computername>\network_service
attempt to find \\<computername.domainname>\network_service
attempt to find <computername>\network_service
...nothing is working. I am searching under "all locations".
This is to get a dotnetnuke website running with using a separate server for its sql database. Supposedly, I need to add the NETWORK_SERVICE account as a sql server login.
Any ideas?
http://msdn.microsoft.com/en-us/library/ff647402.aspx
Network Service on one computer is Network Service on all; It is a limited-privilege, authenticatable user account common to all Windows NT machines. So, you should be able to simply grant the DB server's Network Service user access to the DB, and then applications, whether local or remote, that are authenticating themselves as Network Services should get the same access.