How do I resolve authentication errors against an Azure VM via Azure Bastion using local native RDP client?

Question

I have an Azure VM that I can access through Bastion in the Azure Portal without issue, but I would like to access this through my local native RDP client (in Windows). I have the following config:

1. Local account (un/pw) setup to access
2. Setup a NSG rule to restrict source and destination IP and port 3389 (for RDP).
3. Selected "Standard" Bastion (required for Native client RDP support)

I have tried the following:

1. Followed this guide to kick off from PowerShell/Azure CLI: https://jeffbrown.tech/azure-bastion-rdp-native-client/. However I am getting this error (BiFrostVMUnAvailableCredentialsException) :
2. Tried using RDP client directly w/IP:Port - I assume this doesnt work b/c some Azure account/tunneling magic needs to happen.

3. Temporarily opened up the NSG rule to allow traffic from any sources (not restricted to my VPN IP), and it prompts me for un/pw and I get a slightly different auth error. So this option seems to get further along than the others.

So what am I missing?

Also, relates to this question, but I think my scenario is slightly different.

Answer 1

Did you configure a subnet for Bastion?

I don't see anything about that in that guide you mentioned. I'm not an expert by any means, but I remember the subnet was something important when I deployed my test.

Apparently, it was necessary to add an RDP rule for the 3389 port in the nsg and allow the bastion subnet otherwise bastion would not connect at all, not even the browser version.

Is the VM domain joined? try adding the FQDN

I hope you got this solved by now.

nsg rule example