Nobus Cloud Computing Services - Connecting to your Windows instance

Remote Desktop is disabled on Nobus FCS instances created from Windows images available on the management console by default. You can enable Remote Desktop through the powershell or command prompt after you ssh to your windows instance by public key authentication. Remote Desktop uses the Remote Desktop Protocol (RDP) and enables you to connect to and use your instance in the same way you use a computer sitting in front of you. It is available on most editions of Windows and available for Mac OS.

For information about connecting to a Linux instance, see Connect to Your Linux Instance in the Nobus FCS User Guide for Linux Instances.

Contents

Connect to your Windows instance
Transfer files to Windows instances

Connect to your Windows instance

To connect to a Windows instance, you must:
(i) ssh into your instance using the saved .pem private key.

Prerequisites

Check the ID of the instance.

Your instance ID can be retrieved using the Nobus FCS management console (click on the name of the instance > click the overview tab > Instance ID).
Check the public DNS name or IP of the instance.

You can check the public DNS for your instance using the Nobus FCS console. Check the Public DNS (IPv4) column.
Locate the private key

Check the path to the location of .pem file for the key pair that you specified when you launched the instance. For more information about how you created your key pair, see Creating a Key Pair Using Nobus FCS.

ssh into the Windows instance using the private key just like you would for Linux or MacOS

Logon with any user you'd like to set SSH private key on Client Host and run PowerShell or Command prompt. Next, create [.ssh] folder under the Home Folder of the user, and next, transfer secret key under [.ssh] folder like follows.

                            PS > mkdir .ssh
                            PS > cd .ssh
                            PS > cp private_key .ssh 

                            OR:

                            PS > sftp (username)@(SSH server's Hostname or IP address)
                            sftp > cd .ssh
                            sftp > get your .pem private key saved earlier on the local system.
                            sftp > exit

                        Make sure possible login with key-pair authentication.
                         PS > ssh -i  ~/.ssh/private_key_file (username)@(SSH server's Hostname or IP address)

If you transfer the private key to a Linux Host, it's also possbile to connect from Linux Host to Windows Host with SSH key-pair authentication.

 $ ssh -i ~/.ssh/private_key_file Admin@Windows_Server_URL or IP address

For more information about how to ssh using your key pair on Linux, see Connecting to your instance using a Key Pair on linux.

(ii) from command prompt or powershell, set administrator username and password.

                    [ Command prompt]
                    net user USERNAME NEWPASS

                    [ Powershell ]
                    echo "Connecting to server_ip"
                    $Server="server_ip"
                    $User="Administrator"
                    $Password="AdminPassword"
                    cmdkey /generic:TERMSRV/$Server /user:$User /pass:$Password
                    mstsc /v:$Server

Note

RDP is a secure network communication protocol designed for remote management. By default, the Remote Desktop Port is 3389, changing the default port always provides a more secure environment. Also, ensure you set a strong password for RDP user.

(iii) Enable Remote Desktop Protocol.

Important: It’s recommended that you do a full backup of your computer before proceeding, as modifying the registry incorrectly can cause irreversible damage to your system

                    [ Command prompt]
                    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

                    (Optional) through the Windows Firewall:
                    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

you can switch to powershell terminal by executing the powershell.exe command.

                    [ Powershell ]
                    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
                    
                    (Optional) through the Windows Firewall:
                    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

(iv) Check that RDP is enabled

                     [ Powershell ]
                     Test-NetConnection Server_IP -CommonTCPPort rdp

(v) You can now specify this password when you connect to your instance using Remote Desktop.

Prerequisites

Install an RDP client
- RDP client is available on Windows by default. To verify, type mstsc at a Command Prompt window. If your computer doesn't recognize this command, you can dowload the Microsoft Remote Desktop app via Windows home page
- On Linux see Remmina.
Check the ID of the instance.

Your instance ID can be retrieved using the Nobus FCS management console (click on the name of the instance > click the overview tab > Instance ID).
Check the public DNS name or IP of the instance.

You can check the public DNS for your instance using the Nobus FCS console. Check the Public DNS (IPv4) column.
Enable ingress RDP traffic from your IP address to your instance

Ensure that the security group associated with your instance allows incoming RDP traffic (port 3389) from your IP address. The default security group does not allow incoming RDP traffic by default. For more information, see Permitting ingress traffic for your Windows instances.

Use these steps to disable the remote desktop protocol with PowerShell:

Open Start.
Search for PowerShell, right-click the top result, and select the Run as administrator option.

Type the following command to disable the remote desktop protocol and press Enter:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1

(Optional) Type the following command to disable remote desktop through the Windows Firewall and press Enter:
```
Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
```

The name of the administrator account depends on the language of the operating system. As an example, English; Administrator, French; Administrateur, and Portuguese; Administrador. See Localized Names for Administrator Account in Windows in the Microsoft TechNet Wiki for more information.

If your instance is attached to a domain, you can connect to your instance using the domain credentials defined in Nobus Management console. On the Remote Desktop login screen, instead of using the local computer name and the password you created earlier, use the fully-qualified user name for the administrator (for example, test.example.com\Admin) and the password created earlier for the account.

To connect to your Windows instance using an RDP client

You may get a warning that the publisher of the remote connection is unknown. You can continue to connect to your instance.
If your Remote Desktop Connection already has an administrator account set up, you might have to use another account by creating the user name and password as described earlier above.
Due to the nature of self-signed certificates, you may get a warning that the security certificate could not be authenticated. Use the following steps to verify the identity of the remote computer, or simply choose Yes or Continue to continue if you trust the certificate.
1. If you are using Remote Desktop Connection from a Windows PC, choose View certificate. If you are using Microsoft Remote Desktop on a Mac, choose Show Certificate.
2. Choose the Details tab, and scroll down to the Thumbprint entry on a Windows PC, or the SHA1 Fingerprints entry on a Mac. This is the unique identifier for the remote computer's security certificate.
3. In the Nobus FCS console, select the instance, choose Actions > View full log.
4. In the log output, search RDPCERTIFICATE-THUMBPRINT. If this value matches the thumbprint or fingerprint of the certificate, you have verified the identity of the remote computer.
5. If you are using Remote Desktop Connection from a Windows PC, return to the Certificate dialog box and choose OK. If you are using Microsoft Remote Desktop on a Mac, return to the Verify Certificate and choose Continue.
6. On Windows choose Yes in the Remote Desktop Connection window to connect to your instance.
  
  On Mac OS Log in as prompted, using the default administrator account and the default administrator password that you created previously. Note that you might need to switch spaces to see the login screen. For more information about spaces, see support.apple.com/en-us/HT204100 .
7. If you receive an error while trying to connect to your instance, see Remote Desktop can't connect to the remote computer.

After you connect, you can do the following:

Change the administrator password like you would on any other Windows Server.
Create another user account with administrator privileges on the instance. Another account with administrator privileges is a safeguard if you forget the administrator password or have a problem with the administrator account. The user account must have permission to access the instance remotely. Open System Properties by right-clicking on the This PC icon on your Windows desktop or File Explorer and selecting Properties. Choose Remote settings, and choose Select Users to add the user to the Remote Desktop Users group.

The license for the Windows Server operating system (OS) allows two simultaneous remote connections for administrative purposes. The license for Windows Server is included in the price of your Windows instance. If you need more than two simultaneous remote connections, you must purchase a Remote Desktop Services (RDS) license. If you attempt a third connection, an error occurs. See Configure the Number of Simultaneous Remote Connections Allowed for a Connection for more information.

Transfer files to Windows instances

You can work with your Windows instance the same way that you would work with any Windows server. For example, you can transfer files between a Windows instance and your local computer using the local file sharing feature of the Microsoft Remote Desktop Connection software. If you enable this option, you can access your local files from your Windows instances. You can access local files on hard disk drives, DVD drives, portable media drives, and mapped network drives.

To make local devices and resources available to a remote session on Windows, map the remote session drive to your local drive.

To map the remote session drive to your local drive

Open the Remote Desktop Connection client.
Choose Show Options.
Choose the Local Resources tab.
Under Local Devices and resources, choose More...
Open Drives and select the local drive to map to your Windows instance.
Choose OK.
Choose Connect to connect to your Windows instance.

For more information on making local devices available to a remote session on a Mac computer, see Get Started with Remote Desktop on Mac .