Task 02: Enable RDP
DOCUMENT CATEGORY: Runbook SCOPE: Remote desktop enablement PURPOSE: Enable RDP on all cluster nodes for graphical remote access from the management server and delivery engineer workstation MASTER REFERENCE: Phase 03: OS Configuration
Status: Active
Overview
Enable Remote Desktop Protocol (RDP) on all Azure Local nodes. This provides graphical remote access for configuration and troubleshooting throughout the deployment engagement.
WinRM is already enabled from Task 01, so this task can be run either directly on each node via iDRAC Virtual Console or remotely from the management server.
Prerequisites
| Requirement | Description | Source |
|---|---|---|
| Task 01 Complete | WinRM enabled on all nodes | Task 01: Enable WinRM |
| iDRAC console access | Virtual Console accessible for each node (if using SConfig or Direct tab) | variables.yml: nodes.<name>.idrac_ip |
| Administrator credentials | Local admin password set during OS installation | Key Vault: node-<hostname>-local-admin |
Variables from variables.yml
| Path | Type | Description |
|---|---|---|
nodes.<name>.management_ip | string | Node IP for RDP connection after enabling |
cluster_nodes[].hostname | string | Node hostname for connection verification |
Execution
- SConfig Utility
- Direct Script (On Node)
- Orchestrated Script (Mgmt Server)
- Standalone Script
Run on each node via iDRAC Virtual Console.
- Open
https://<idrac-ip>→ Virtual Console → Launch - Log in as
Administrator - Type
SConfigand press Enter - Select option 7 — Remote Desktop
- Enter E to enable
- Select 1 — Allow connections from any version
- Verify status shows Enabled
- Repeat for every node
Run on each node via iDRAC Virtual Console.
# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections" -Value 0
# Enable Remote Desktop firewall rule
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
# Verify
$rdp = Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections"
if ($rdp.fDenyTSConnections -eq 0) {
Write-Host "RDP enabled successfully" -ForegroundColor Green
} else {
Write-Host "RDP not enabled" -ForegroundColor Red
}
Run from the management server. Reads node names from variables.yml.
$ConfigPath = ".\config\variables.yml"
$config = ConvertFrom-Yaml (Get-Content $ConfigPath -Raw)
$NodeNames = $config.cluster.nodes | ForEach-Object { $_.name }
$Credential = Get-Credential -Message "Enter local Administrator credentials"
foreach ($node in $NodeNames) {
Write-Host "Enabling RDP on $node..." -ForegroundColor Cyan
Invoke-Command -ComputerName $node -Credential $Credential -ScriptBlock {
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
$rdp = Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections"
[PSCustomObject]@{
Node = $env:COMPUTERNAME
RDPEnabled = ($rdp.fDenyTSConnections -eq 0)
}
} | ForEach-Object {
$status = if ($_.RDPEnabled) { "Green" } else { "Red" }
Write-Host " $($_.Node): $(if ($_.RDPEnabled) { 'Enabled' } else { 'Not enabled' })" -ForegroundColor $status
}
}
Self-contained script. Update $NodeNames and $Credential before running.
#region CONFIGURATION
$NodeNames = @("node01", "node02", "node03", "node04")
$Credential = Get-Credential -Message "Enter local Administrator credentials"
#endregion CONFIGURATION
foreach ($node in $NodeNames) {
Write-Host "Enabling RDP on $node..." -ForegroundColor Cyan
Invoke-Command -ComputerName $node -Credential $Credential -ScriptBlock {
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
$rdp = Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections"
[PSCustomObject]@{
Node = $env:COMPUTERNAME
RDPEnabled = ($rdp.fDenyTSConnections -eq 0)
}
} | ForEach-Object {
$status = if ($_.RDPEnabled) { "Green" } else { "Red" }
Write-Host " $($_.Node): $(if ($_.RDPEnabled) { 'Enabled' } else { 'Not enabled' })" -ForegroundColor $status
}
}
Validation Checklist
- RDP enabled on all nodes
- RDP port 3389 accessible from management server
- Can connect via Remote Desktop Client to each node
- Firewall rules enabled for Remote Desktop group
# Test RDP port from management server
Test-NetConnection -ComputerName <node-ip> -Port 3389
# Expected: TcpTestSucceeded : True
Troubleshooting
| Issue | Cause | Resolution |
|---|---|---|
| Connection refused on port 3389 | RDP not enabled | Re-run enable script on the node |
| Port blocked | Firewall rule not enabled | Enable-NetFirewallRule -DisplayGroup "Remote Desktop" on the node |
| Authentication failure | Wrong credentials | Verify local Administrator password from Key Vault |
Navigation
| ← Task 01: Enable WinRM | ↑ Phase 03: OS Configuration | Task 03: Configure Static IP → |
Version Control
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | 2026-01-31 | Azure Local Cloud Azure Local Cloudnology | Initial document |
| 2.0 | 2026-03-04 | Azure Local Cloud Azure Local Cloudnology | Full rewrite to standards — complete frontmatter, 4-tab structure, orchestrated reads variables.yml, standalone with config region, Navigation and Version Control |