Describe the bug
Current situation:
az network bastion rdp connects with the azure resource name of the virtual machine.
If the system name is different then this will result in an error when using the azure ad enabled / web authentication flow:

In the screenshot you see that it tried to connect with vm-redacted-eudev-qyhx whereas the system name is redacted-eudev-qyhx.
Desired situation:
az cli should pull the system name from the virtual machine and provide that to mstsc.exe. Additionally I think the configured domain suffix is relevant. Easiest would just be to provide a parameter the the user must provide.
Existing work around:
I used az network bastion rdp --configure --enable-mfa, saved the resulting file, changed the system name, reloaded the file and connected successfully.
I was also able to use the tunnel feature:
az network bastion tunnel --resource-port 3389 --port 50000
and then use local hosts file spoofing of the target vm and use mstsc.exe to connect to port machinename:50000.
It is unfortunate that mstsc.exe does not allow for setting the target system name separate from the target ip. Maybe this is a limitation of the bastion / rdp gateway api as well.
Related command
az network bastion rdp --configure --enable-mfa
Errors

In the screenshot you see that it tried to connect with vm-redacted-eudev-qyhx whereas the system name is redacted-eudev-qyhx.
Issue script & Debug output
N/A
Expected behavior
az cli should pull the system name from the virtual machine and provide that to mstsc.exe.
Environment Summary
{
"azure-cli": "2.51.0",
"azure-cli-core": "2.51.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
"azure-devops": "0.25.0",
"bastion": "0.2.5",
"devcenter": "0.1.0",
"init": "0.1.0",
"ip-group": "0.1.2",
"resource-graph": "2.1.0",
"ssh": "2.0.1",
"storage-preview": "0.8.3",
"vm-repair": "0.5.4"
}
}
Additional context
No response
Describe the bug
Current situation:
az network bastion rdp connects with the azure resource name of the virtual machine.
If the system name is different then this will result in an error when using the azure ad enabled / web authentication flow:
In the screenshot you see that it tried to connect with vm-redacted-eudev-qyhx whereas the system name is redacted-eudev-qyhx.
Desired situation:
az cli should pull the system name from the virtual machine and provide that to mstsc.exe. Additionally I think the configured domain suffix is relevant. Easiest would just be to provide a parameter the the user must provide.
Existing work around:
I used
az network bastion rdp --configure --enable-mfa, saved the resulting file, changed the system name, reloaded the file and connected successfully.I was also able to use the tunnel feature:
az network bastion tunnel --resource-port 3389 --port 50000
and then use local hosts file spoofing of the target vm and use mstsc.exe to connect to port machinename:50000.
It is unfortunate that mstsc.exe does not allow for setting the target system name separate from the target ip. Maybe this is a limitation of the bastion / rdp gateway api as well.
Related command
az network bastion rdp --configure --enable-mfa
Errors
In the screenshot you see that it tried to connect with vm-redacted-eudev-qyhx whereas the system name is redacted-eudev-qyhx.
Issue script & Debug output
N/A
Expected behavior
az cli should pull the system name from the virtual machine and provide that to mstsc.exe.
Environment Summary
{
"azure-cli": "2.51.0",
"azure-cli-core": "2.51.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {
"azure-devops": "0.25.0",
"bastion": "0.2.5",
"devcenter": "0.1.0",
"init": "0.1.0",
"ip-group": "0.1.2",
"resource-graph": "2.1.0",
"ssh": "2.0.1",
"storage-preview": "0.8.3",
"vm-repair": "0.5.4"
}
}
Additional context
No response