因 VM 启动到安全模式而无法通过 RDP 连接到该 VMCannot RDP to a VM because the VM boots into Safe Mode

本文展示了如何解决由于将 Azure Windows 虚拟机 (VM) 配置为启动到安全模式而导致无法连接到该 VM 的问题。This article shows how to resolve a problem in which you cannot connect to Azure Windows Virtual Machines (VMs) because the VM is configured to boot into Safe Mode.

症状Symptoms

不能与 Azure 中的 VM 建立 RDP 连接或其他连接(如 HTTP),因为已将该 VM 配置为启动到安全模式。You cannot make an RDP connection or other connections (such as HTTP) to a VM in Azure because the VM is configured to boot into Safe Mode. 在 Azure 门户的启动诊断中检查屏幕截图时,可能会看到 VM 启动正常,但网络接口不可用:When you check the screenshot in the Boot diagnostics in the Azure portal, you might see that the VM boots normally, but the network interface is not available:

安全模式下网络接口的图像

原因Cause

RDP 服务在安全模式下不可用。The RDP service is not available in Safe Mode. VM 启动到安全模式时,只会加载必要的系统程序和服务。Only essential system programs and services are loaded when the VM boots into Safe Mode. 这适用于两种不同版本的安全模式,即“最小化安全启动”和“连接安全启动”。This applies for the two different versions of Safe Mode which are "Safe Boot minimal" and "Safe Boot with connectivity".

解决方案Solution

在执行这些步骤之前,请创建受影响 VM 的 OS 磁盘的快照作为备份。Before you follow these steps, take a snapshot of the OS disk of the affected VM as a backup. 有关详细信息,请参阅拍摄磁盘快照For more information, see Snapshot a disk.

若要解决此问题,请使用恢复 VM 修复 VM 脱机To resolve this issue, repair the VM offline by using a recovery VM.

修复 VM 脱机Repair the VM offline

将 OS 磁盘附加到恢复 VMAttach the OS disk to a recovery VM

  1. 将 OS 磁盘附加到恢复 VMAttach the OS disk to a recovery VM.
  2. 开始与恢复 VM 建立远程桌面连接。Start a Remote Desktop connection to the recovery VM.
  3. 确保磁盘在磁盘管理控制台中标记为“联机”。 Make sure that the disk is flagged as Online in the Disk Management console. 请注意分配给附加的 OS 磁盘的驱动器号。Note the drive letter that is assigned to the attached OS disk.

启用转储日志和串行控制台(可选)Enable dump log and Serial Console (optional)

如果本文中的解决方案无法解决问题,转储日志和串行控制台可帮助我们执行进一步的故障排除。The dump log and Serial Console will help us to do further troubleshooting if the problem cannot be resolved by the solution in this article.

若要启用转储日志和串行控制台,请运行以下脚本。To enable dump log and Serial Console, run the following script.

  1. 打开权限提升的命令提示符会话(“以管理员身份运行”)。 Open an elevated command prompt session (Run as administrator).

  2. 运行以下脚本:Run the following script:

    对于此脚本,我们假设分配给附加 OS 磁盘的驱动器号为 F。请将此驱动器号替换为 VM 中的相应值。In this script, we assume that the drive letter that is assigned to the attached OS disk is F. Replace this drive letter with the appropriate value for your VM.

    reg load HKLM\BROKENSYSTEM F:\windows\system32\config\SYSTEM
    
    REM Enable Serial Console
    bcdedit /store F:\boot\bcd /set {bootmgr} displaybootmenu yes
    bcdedit /store F:\boot\bcd /set {bootmgr} timeout 5
    bcdedit /store F:\boot\bcd /set {bootmgr} bootems yes
    bcdedit /store F:\boot\bcd /ems {<BOOT LOADER IDENTIFIER>} ON
    bcdedit /store F:\boot\bcd /emssettings EMSPORT:1 EMSBAUDRATE:115200
    
    REM Suggested configuration to enable OS Dump
    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 1 /f
    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "%SystemRoot%\MEMORY.DMP" /f
    REG ADD "HKLM\BROKENSYSTEM\ControlSet001\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f
    
    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 1 /f
    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "%SystemRoot%\MEMORY.DMP" /f
    REG ADD "HKLM\BROKENSYSTEM\ControlSet002\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f
    
    reg unload HKLM\BROKENSYSTEM
    

配置 Windows 以启动到正常模式Configure the Windows to boot into normal mode

  1. 打开权限提升的命令提示符会话(“以管理员身份运行”)。 Open an elevated command prompt session (Run as administrator).

  2. 检查启动配置数据。Check the boot configuration data. 在以下命令中,我们假设分配给附加 OS 磁盘的驱动器号为 F。请将此驱动器号替换为 VM 的相应值。In the following commands, we assume that the drive letter that is assigned to the attached OS disk is F. Replace this drive letter with the appropriate value for your VM.

    bcdedit /store F:\boot\bcd /enum
    

    记下具有 \windows 文件夹的分区的标识符名称。Take note of the Identifier name of the partition that has the \windows folder. 默认情况下,该标识符名称为“Default”。By default, the Identifier name is "Default".

    如果 VM 配置为启动到安全模式,则可在“Windows 启动加载程序”部分下看到一个名为 safeboot 的额外标志 。If the VM is configured to boot into Safe Mode, you will see an extra flag under the Windows Boot Loader section called safeboot. 如果未看到“安全启动” 标志,则本文不适用于你的方案。If you do not see the safeboot flag, this article does not apply to your scenario.

    有关启动标识符的图像

  3. 删除“安全启动”标志,使 VM 启动到正常模式 :Remove the safeboot flag, so the VM will boot into normal mode:

    bcdedit /store F:\boot\bcd /deletevalue {Default} safeboot
    
  4. 检查启动配置数据,确保删除“安全启动”标志 :Check the boot configuration data to make sure that the safeboot flag is removed:

    bcdedit /store F:\boot\bcd /enum
    
  5. 分离 OS 磁盘并重新创建 VMDetach the OS disk and recreate the VM. 然后检查是否解决了问题。Then check whether the issue is resolved.