The Cloud Management Gateway provides a simple way to manage ConfigMgr clients on the internet. And once you’ve set it up, you’ll probably want to get a closer look, and look at logs on the virtual machine in Azure. The virtual machine itself seems to be running a flavour of hyperv virtualization as revealed in the device manager of the vm.
To look at the logs you’ll need to enable remote desktop protocol (RDP) so that you can remote in and look under the hood.
Enabling RDP on the CMG
By default, once your CMG is fully setup, configured and running, the RDP ability is not enabled (for security reasons). To temporarily enable it, in Azure search for Cloud Services (Classic) and select your CMG service.
The encryption certificate is used to encrypt the password to the role service. Click on Save when done.
Note: Don’t be too quick however, as the Connect button may be greyed out and when you try to enable it you’ll be informed that the service was not enabled when you just enabled it. The service needs some time in the back end to get ready I guess…
this will download an RDP file customized for your CMG cloud service, you can save it or open it immediately using the Microsoft Terminal Services Client (MSTSC,EXE).
RDP connection problems
I saw three issues initially when using RDP to my CMG.
- Securing remote connection
- Authentication error
- User account disabled
The first issue appeared after clicking OK to the RDP file downloaded, and then clicking on Connect,
Remote Desktop Connection Connecting to: cmgnoob.cloudapp.net Securing remote connection...
I was just about to open an Azure Support ticket when I decided to try removing the ability to RDP and add it back again (aka turning it off and on again ;-)), that solved this issue.
The second issue occurred after entering credentials for the configured user.
Remote Desktop Connection. An authentication error has occurred (Code: 0x80004005). Remote computer: cmgnoob.cloudapp.net
This then prompted me to connect (this is expected as the certificate is from the VM itself)
and once connected I can see the type of account I have in my RDP session.
If you look at the screenshot above you can see a disabled ‘niall’ account, that was the account I initially created.
Remote Desktop Connection The user account is currently disabled and cannot be used. For assistance, contact your administrator or technical support.
The solution was to edit the downloaded RDP file in notepad or notepad++ and modify the username field to use the actual username configured in Remote Desktop.
Show me the logs
Once you have successfully connected to the CMG you can browse E:\approot\logs… to see how things are progressing. Actually I saw my approot change drive letter, from E: to F: and then back to E: again.
To verify where the logs are stored you can check the registry HKLM\SOFTWARE\Microsoft
The following logs are present:
that’s all for now, thanks for reading