Devolutions ForumDevolutions Forum

Azure Bastion RDP to Virtual Machine Scale Set (vmss) instance

Azure Bastion RDP to Virtual Machine Scale Set (vmss) instance

avatar
Jay

Can Devolutions RDM be configured to connect RDP session via Azure Bastion to Azure Virtual Machine Scale Set (vmss) instance(s)? Devolutions RDM can access 'regular' Azure VM via Bastion (RDP native client) just fine; it is not clear how to configure connection for RDP to vmss instance(s).

some details:

-Azure cli to vmss instance(s) works fine, so it seems this should work with Devolutions RDM as well. (azure cli az network bastion rdp command)

-a 'regular' Azure VM has a resource ID like '/subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/virtualMachines/<vmName>'

-a vmss instance has a resource ID like '/subscriptions/<subscriptionID>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/virtualMachineScaleSets/<scaleSetName>/virtualMachines/<instanceID>' where the <instanceID> is 0,1,2, etc. (note, a vmss instance also has a machine/hostname)

-when connecting to a vmss instance via the azure cli (az network bastion rdp command), the generated .rdp file has content/parameters like:

full address:s:<scaleSetName>_<instanceID>:3389
alternate full address:s:<scaleSetName>_<instanceID>:3389
use multimon:i:1
gatewaycredentialssource:i:5
gatewayusagemethod:i:1
gatewayprofileusagemethod:i:1
gatewayhostname:s:bst-<guid>.bastion.azure.com

for example, if the vmss name is 'MyVMSS', the full address value is MyVMSS_0 (MyVMSS_1, etc). see attached screenshot for reference.
vmss.jpg

vmss.jpg

All Comments (4)

avatar
Tommy Sanders

Hello,

Thank you for contacting us regarding this matter.

Could you please review the following document for guidance on configuring Bastion:
https://docs.devolutions.net/rdm/kb/how-to-articles/configure-azure-bastion-entry/

Please let us know if this helps.

Best regards,

Tommy Sanders

avatar
Jay

yes, i already have Bastion working for 'regular' Azure VMs as indicated, but RDM fails to connect to Azure vmss instances.

avatar
Richard Markiewicz

Hello

I have to check this on my side. The underlying mechanics are not really different between `az` CLI and RDM; but the problem is likely the difference in the resource ID. IIRC we build the resource ID based on what you have configured in RDM for Host, resource group and subscription ID (which may be inherited from the Bastion entry).

So - there is not a mapping from the RDP options in RDM to a resource ID that would resolve to a vmss.

If that's all correct, and I think it is, this might be tricky to add in the middle of a major release cycle (adding new fields to the sessions also involves coordination with several teams like Devolutions Server and Hub). I also need to figure out how we'd leet this be configured in RDM, because we likely don't want to clutter the RDP sessions with a lot of Azure Bastion specific options (scale set name, instance ID). Perhaps the best scenario is just to allow a single override where the full resource ID can be configured explicitly.

So, it's an integration problem rather than a deep technical one, but it does mean it's unlikely that we can have this before 2026.2. I'll make a ticket here and talk to the team about what can be done, but I'd say that's the earliest timeline we can add this.

If you're really blocked on this in the meantime, I might be able to propose a PowerShell pre connect script that could make this work for you. Let me know if that's interesting.

Hope it makes sense; please don't hesitate if you have other questions or comments

Kind regards

Richard Markievicz

avatar
Jay
Hello

I have to check this on my side. The underlying mechanics are not really different between `az` CLI and RDM; but the problem is likely the difference in the resource ID. IIRC we build the resource ID based on what you have configured in RDM for Host, resource group and subscription ID (which may be inherited from the Bastion entry).

So - there is not a mapping from the RDP options in RDM to a resource ID that would resolve to a vmss.

If that's all correct, and I think it is, this might be tricky to add in the middle of a major release cycle (adding new fields to the sessions also involves coordination with several teams like Devolutions Server and Hub). I also need to figure out how we'd leet this be configured in RDM, because we likely don't want to clutter the RDP sessions with a lot of Azure Bastion specific options (scale set name, instance ID). Perhaps the best scenario is just to allow a single override where the full resource ID can be configured explicitly.

So, it's an integration problem rather than a deep technical one, but it does mean it's unlikely that we can have this before 2026.2. I'll make a ticket here and talk to the team about what can be done, but I'd say that's the earliest timeline we can add this.

If you're really blocked on this in the meantime, I might be able to propose a PowerShell pre connect script that could make this work for you. Let me know if that's interesting.

Hope it makes sense; please don't hesitate if you have other questions or comments

Kind regards


@Richard Markiewicz
thanks, really appreciated!