Azure 中 Windows VM 特定 RDP 错误消息故障排除Troubleshooting specific RDP error messages to a Windows VM in Azure

在使用远程桌面与 Azure 中 Windows 虚拟机 (VM) 的连接时,可能会收到特定错误消息。You may receive a specific error message when using Remote Desktop connection to a Windows virtual machine (VM) in Azure. 本文详细介绍了一些遇到的更常见错误消息以及解决错误的故障排除步骤。This article details some of the more common error messages encountered, along with troubleshooting steps to resolve them. 如果在使用 RDP 连接到 VM 时出现问题,但没有收到特定错误消息,请参阅远程桌面故障排除指南If you are having issues connecting to your VM using RDP but do not encounter a specific error message, see the troubleshooting guide for Remote Desktop.

有关特定错误消息的信息,请参阅以下内容:For information on specific error messages, see the following:

由于没有可用于提供许可证的远程桌面许可证服务器,远程会话已断开连接。The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.

原因:用于远程桌面服务器角色的 120 天许可宽限期已过期,需要安装许可证。Cause: The 120-day licensing grace period for the Remote Desktop Server role has expired and you need to install licenses.

解决方法是,从门户保存 RDP 文件的本地副本,并在 PowerShell 命令提示符下运行此命令以进行连接。As a workaround, save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. 此步骤仅禁用该连接的许可:This step disables licensing for just that connection:

mstsc <File name>.RDP /admin

如果实际上不需要两个以上同时与 VM 的远程桌面连接,可以使用服务器管理器删除远程桌面服务器角色。If you don't actually need more than two simultaneous Remote Desktop connections to the VM, you can use Server Manager to remove the Remote Desktop Server role.

有关详细信息,请参阅博客文章 Azure VM 失败并出现“没有可用的远程桌面许可证服务器”For more information, see the blog post Azure VM fails with "No Remote Desktop License Servers available".

远程桌面找不到计算机“名称”。Remote Desktop can't find the computer "name".

原因:计算机的远程桌面客户端无法解析 RDP 文件设置中的计算机名称。Cause: The Remote Desktop client on your computer can't resolve the name of the computer in the settings of the RDP file.

可能的解决方法:Possible solutions:

  • 如果使用组织的 Intranet,请确保计算机可以访问代理服务器,并可以向其发送 HTTPS 流量。If you're on an organization's intranet, make sure that your computer has access to the proxy server and can send HTTPS traffic to it.

  • 如果使用本地存储的 RDP 文件,请尝试使用门户生成的 RDP 文件。If you're using a locally stored RDP file, try using the one that's generated by the portal. 此步骤确保使用虚拟机或云服务的正确 DNS 名称和 VM 的终结点端口。This step ensures that you have the correct DNS name for the virtual machine, or the cloud service and the endpoint port of the VM. 以下是门户生成的 RDP 文件示例:Here is a sample RDP file generated by the portal:

    full address:s:tailspin-azdatatier.chinacloudapp.cn:55919
    prompt for credentials:i:1
    

此 RDP 文件的地址部分包含:The address portion of this RDP file has:

  • 包含 VM 的云服务的完全限定域名(在本例中为“tailspin-azdatatier.chinacloudapp.cn”)。The fully qualified domain name of the cloud service that contains the VM ("tailspin-azdatatier.chinacloudapp.cn" in this example).

  • 远程桌面流量终结点的外部 TCP 端口 (55919)。The external TCP port of the endpoint for Remote Desktop traffic (55919).

发生身份验证错误。An authentication error has occurred. 无法联系本地安全机构。The Local Security Authority cannot be contacted.

原因:目标 VM 在凭据的用户名部分找不到安全机构。Cause: The target VM can't locate the security authority in the user name portion of your credentials.

如果用户名格式为 SecurityAuthority\UserName (例如:CORP\User1),则 SecurityAuthority 部分是 VM 的计算机名(表示本地安全机构)或 Active Directory 域名。When your user name is in the form SecurityAuthority\UserName (example: CORP\User1), the SecurityAuthority portion is either the VM's computer name (for the local security authority) or an Active Directory domain name.

可能的解决方法:Possible solutions:

  • 如果帐户在本地 VM 上,请确保 VM 名称拼写正确。If the account is local to the VM, make sure that the VM name is spelled correctly.
  • 如果帐户在 Active Directory 域上,请检查域名拼写是否正确。If the account is on an Active Directory domain, check the spelling of the domain name.
  • 如果帐户是 Active Directory 域帐户且域名拼写正确,请验证域控制器在该域中是否可用。If it is an Active Directory domain account and the domain name is spelled correctly, verify that a domain controller is available in that domain. 此问题在包含域控制器的 Azure 虚拟网络中很常见,域控制器由于未启动而无法使用。It's a common issue in Azure virtual networks that contain domain controllers that a domain controller is unavailable because it hasn't been started. 解决方法是,可以使用本地管理员帐户而不是域帐户。As a workaround, you can use a local administrator account instead of a domain account.

Windows 安全性错误:凭据无效。Windows Security error: Your credentials did not work.

原因:目标 VM 无法验证帐户名和密码。Cause: The target VM can't validate your account name and password.

基于 Windows 的计算机可以验证本地帐户或域帐户的凭据。A Windows-based computer can validate the credentials of either a local account or a domain account.

  • 对于本地帐户,请使用 ComputerName\UserName 语法(例如:SQL1\Admin4798)。For local accounts, use the ComputerName\UserName syntax (example: SQL1\Admin4798).
  • 对于域帐户,请使用 DomainName\UserName 语法(例如:CONTOSO\peterodmane)。For domain accounts, use the DomainName\UserName syntax (example: CONTOSO\peterodman).

如果已将 VM 提升为新的 Active Directory 林中的域控制器,则会将用于登录的本地管理员帐户转换为新的林和域中具有相同密码的等效帐户。If you have promoted your VM to a domain controller in a new Active Directory forest, the local administrator account that you signed in with is converted to an equivalent account with the same password in the new forest and domain. 然后,将删除本地帐户。The local account is then deleted.

例如,如果使用本地帐户 DC1\DCAdmin 登录并将虚拟机提升为 corp.contoso.com 域的新林中的域控制器,则将删除 DC1\DCAdmin 本地帐户,并使用同一密码创建新的域帐户 (CORP\DCAdmin)。For example, if you signed in with the local account DC1\DCAdmin, and then promoted the virtual machine as a domain controller in a new forest for the corp.contoso.com domain, the DC1\DCAdmin local account gets deleted and a new domain account (CORP\DCAdmin) is created with the same password.

请确保帐户名称是虚拟机可以验证为有效帐户的名称,并且密码正确。Make sure that the account name is a name that the virtual machine can verify as a valid account, and that the password is correct.

如果需要更改本地管理员帐户的密码,请参阅如何为 Windows 虚拟机重置密码或远程桌面服务If you need to change the password of the local administrator account, see How to reset a password or the Remote Desktop service for Windows virtual machines.

此计算机无法连接到远程计算机。This computer can't connect to the remote computer.

原因:用于连接的帐户没有远程桌面登录权限。Cause: The account that's used to connect does not have Remote Desktop sign-in rights.

每台 Windows 计算机都具有远程桌面用户本地组,包含可以远程登录的帐户和组。Every Windows computer has a Remote Desktop users local group, which contains the accounts and groups that can sign into it remotely. 本地 Administrators 组的成员也具有访问权限,即使在远程桌面用户本地组中未列出这些帐户。Members of the local administrators group also have access, even though those accounts are not listed in the Remote Desktop users local group. 对于已加入域的计算机,本地 Administrators 组还包含该域的域管理员。For domain-joined machines, the local administrators group also contains the domain administrators for the domain.

确保用于连接的帐户具有远程桌面登录权限。Make sure that the account you're using to connect with has Remote Desktop sign-in rights. 解决方法是使用域管理员或本地管理员帐户通过远程桌面建立连接。As a workaround, use a domain or local administrator account to connect over Remote Desktop. 若要将所需帐户添加到远程桌面用户本地组,请使用 Microsoft 管理控制台管理单元(“系统工具”>“本地用户和组”>“组”>“远程桌面用户” )。To add the desired account to the Remote Desktop users local group, use the Microsoft Management Console snap-in ( System Tools > Local Users and Groups > Groups > Remote Desktop Users ).

后续步骤Next steps

如果没有发生这些错误,但在使用 RDP 连接时出现未知问题,请参阅远程桌面故障排除指南If none of these errors occurred and you have an unknown issue with connecting using RDP, see the troubleshooting guide for Remote Desktop.