Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Get Azure VM and VM Scale Set recommendations based on workload, performance, and budget needs.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
workflows/vm-troubleshooter/references/cannot-connect-to-vm.md
1# Cannot Connect to VM2Index of VM connectivity troubleshooting references. Route to the appropriate file based on the user's symptom category.4> ⚠️ **Determine OS first.** If the user hasn't stated their OS, check via CLI (`az vm get-instance-view`) or ask. OS matters because:6> - **Windows** → RDP (port 3389), Windows Firewall, TermService, PowerShell Run Commands7> - **Linux** → SSH (port 22), iptables/firewalld/UFW, sshd, Shell Run Commands8> - **Other images** (FreeBSD, Flatcar, etc.) → SSH; firewall and init systems vary — fetch the latest docs9## Routing11| Signal in User Message | Category | Reference |13| ------------------------------------------------------------------------------ | ------------------------- | ---------------------------------------------------------- |14| "can't RDP", timeout, black screen, RDP error, internal error | Unable to RDP | [rdp-connectivity.md](rdp-connectivity.md) |15| "can't SSH", refused, permission denied, publickey | Unable to SSH | [ssh-connectivity.md](ssh-connectivity.md) |16| NSG, no public IP, NIC disabled, routing, effective rules | Network Issues | [network-connectivity.md](network-connectivity.md) |17| Guest firewall, Windows Firewall, iptables, firewalld, BlockInboundAlways | Firewall Blocking | [firewall-blocking.md](firewall-blocking.md) |18| VM agent down, Run Command timeout, Serial Console, boot diagnostics, BSOD | VM Agent Not Responding | [vm-agent-not-responding.md](vm-agent-not-responding.md) |19| Wrong password, credentials, access denied, CredSSP, account expired | Credential / Auth Errors | [credential-auth-errors.md](credential-auth-errors.md) |20| TermService stopped, RDP disabled, port changed, TLS cert, NLA, GPO, licensing | RDP Service / Config | [rdp-service-config.md](rdp-service-config.md) |21## Workflow231. Identify the symptom category from the routing table above252. Open the matching reference file for the Symptoms → Solutions table and Quick Commands263. Narrow to the specific solution row matching the user's symptom274. **Before any extension-backed operation, run [Pre-Flight Safety Checks](#pre-flight-safety-checks)**285. Fetch the linked documentation URL for the latest guidance296. Summarize diagnostic steps and resolution, referencing the official docs30---32## Pre-Flight Safety Checks34> ⚠️ **Warning:** Always run these checks before any command that depends on the VM agent or extensions (`az vm user update`, `az vm user reset-ssh`, `az vm user reset-remote-desktop`, `az vm run-command invoke`). Running extension-backed operations on a VM with an unhealthy agent or stuck extensions can **deadlock the VM** and require manual portal recovery.36```bash38# 1. Check VM power state, provisioning state, and agent status39az vm get-instance-view --name <vm-name> -g <resource-group> \40--query "instanceView.{powerState:[statuses[?starts_with(code,'PowerState/')]][0][0].code, provisioningState:[statuses[?starts_with(code,'ProvisioningState/')]][0][0].code, vmAgentStatus:vmAgent.statuses[0].displayStatus}" -o json41# 2. Check existing extension states43az vm extension list --vm-name <vm-name> -g <resource-group> \44--query "[].{name:name, provisioningState:provisioningState}" -o table45```46| Check | Safe Value | Unsafe — Do NOT proceed |48| ----- | ---------- | ----------------------- |49| Power state | `PowerState/running` | Any other value, missing, or query error |50| Provisioning state | `ProvisioningState/succeeded` | `Updating`, `Creating`, `Failed`, `Deleting`, missing, or query error |51| VM agent status | `Ready` | `Not Ready`, `null`, missing, or query error |52| Extension states | All `Succeeded` or no extensions | Any extension in `Creating`, `Updating`, `Deleting`, or `Failed` |53> 💡 **Tip:** If a check returns `null`, empty, or the CLI command itself errors, treat the result as **unsafe**.55**If any check is unsafe:**571. **Stop.** Do NOT run any extension-backed command.582. Inform the user which check(s) failed and what the current state is.593. Use non-agent alternatives: **Serial Console**, **offline repair VM**, or **Portal-based actions**.604. If the state appears transient (e.g., VM just started, provisioning briefly not `succeeded`), wait 30–60 seconds and **re-run the checks only** — do not run the extension command until all checks pass.61---63## Escalation65If the issue doesn't match any symptom above, or if the documented solutions don't resolve it:671. **Check Azure Resource Health** — Portal > VM > Resource health (checks for platform-level issues)692. **Offer to restart the VM** (requires user approval) — `az vm restart --name <vm-name> -g <resource-group>`703. **Offer to redeploy the VM** (requires user approval — moves to new host) — `az vm redeploy --name <vm-name> -g <resource-group>`714. **Comprehensive troubleshooting:**72- Windows: [Troubleshoot RDP connections](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/troubleshoot-rdp-connection)73- Linux: [Troubleshoot SSH connections](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/troubleshoot-ssh-connection)74- Windows hub: [All Windows VM troubleshooting docs](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/windows/welcome-virtual-machines-windows)75- Linux hub: [All Linux VM troubleshooting docs](https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/linux/welcome-virtual-machines-linux)