I recently discovered a special feature of Azure Endpoints that effectively controls the routing of RDP traffic from an Azure VM running Windows.
I have to admit that once I understood how this feature effected the routing of RDP traffic it solved a long running issue I have had accessing Azure VMs via RDP.
For far too long I have been unable to RDP to my Azure VMs via my site to site VPN. My work around was to simply continue accessing the Azure VMs via RDP over the Internet through the Azure Endpoint for RDP.
Initially I had suspected I had broken the Windows firewall on my original Azure VMs, so I just ignored the issue and continued my work around. Much later on when I still had the problem with VMs that had very clean firewall configurations, I suspected it was a routing issue caused by my VPN router.
So after triple checking my VPN configuration, the Azure virtual network configuration and trying various static routes all to no avail, I had to step back and look a little wider for the problem.
I then wondered if the Azure endpoint configuration could make a difference.
So after all else failed I removed the Azure RDP Endpoint and bingo, B-I-N-G-O, BINGO! I could suddenly RDP through my VPN tunnel.
As I'm sure there are others who will experience this issue, I have created the below diagram showing the two possible paths to RDP to your Azure Windows VM. Note that you can either take the black path or the red path and can never have both paths available at the same time.
Essentially if you want to RDP over the Internet, configure an Azure Endpoint for RDP. And if you want to RDP over a site to site VPN, ensure that you do not have an Azure Endpoint for RDP.
If you want to add comments or look at old blogs look in the Blog Summary Page.