Serial Console Access

Although it’s only been out a few weeks (in limited preview) serial console access has already proven useful for troubleshooting both Windows and Linux VMs during boot.

Accessing the console

To open the serial console scroll down to the “Support + Troubleshooting” section and click on serial console (Preview) option. The serial console will open and start the connection (I have come across problems with Proxies and firewalls preventing access. If the console does not open check you’re not blocking ports etc.)

You must have enabled Boot Diagnostics for the VM before you can use the serial console access.

Who can access the console?

People with VM Contributors and above access to the virtual machine can access the console.

Is it secure?

Data flowing back and forth is encrypted and no access passwords for the console are logged. It is important to note though that if commands run contain or output passwords, or any other secure information, those will be written to the virtual machine boot diagnostics logs and will be visible.

Linux

The operating system must be configured to read and write console messages to the serial port. The majority of Distributions available in the Azure marketplace have this enabled by default e.g. RedHat, SUSE & CentOS.

Windows

Access to the serial console for Windows is available for Server versions of the OS but unfortunately is not available for the client versions (Windows 10, 8. 7 😦 ) this is because the console connects through to the Special Administrative Console (SAC).

If the SAC is not enabled within the Windows VM (SAC has been included in all versions of Windows since Windows Server 2003 but is disabled by default) you can enable it by opening an Administrative command prompt on the VM and then running the following commands:

  1. bcdedit /ems {current} on
  2. bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200
  3. Reboot the system for the SAC console to be enabled

Once the console has been opened and you have authenticated (it will ask for you username, domain and password) you will be presented with the SAC. From here you can open a command prompt and run your usual CMD or PowerShell commands.

  1. Type CMD to create a new channel (If you open an RDP connection to the server you’ll see a new cmd process is spun up).
  2. Connect to the channel with the command (1 being the channel number):
  3. ch -si 1

Serial Connection

 

Easy to setup and a great help when you need it! Microsoft are taking feedback as part of the preview and have commented to say they’ll be improving the feature regularly.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s