We have seen a few issues, where user accounts gets locked on Windows Azure Cloud Services (PaaS) instances. When user login to their Windows Azure Cloud Service instances they see the following errormessage:
“The user account has been disabled, please contact your system administrator”
Windows Azure security policy by default set the Maximum password age, when users creates a new role. The security policy Maximum password age is set to 42 days, which disables the accounthttp://technet.microsoft.com/en-us/library/cc736566(v=ws.10).aspx
To re-enable the disabled user account, you can do the following:
For Windows Azure Cloud Services (PaaS) Role instances
Step 1: Login to Windows Azure Management Portal
Step 2: Click on the Cloud Service. Choose the Service.
Step 3: Choose Configure
Step 4: Now click on Remote
Step 5: In Configure Cloud Service
Step 6: Select a New User Name and Password
Step 7: It will reconfigure the role and add this new user to the instances
Step 8: You will now be able to login using the new user name and enable the disabled user account.
Note: It is a security best practice to have passwords expire every 30 to 90 days, depending on your environment. This way, an attacker has a limited amount of time in which to crack a user's password and have access to your network resources. While we are working hard to have notification system built in the platform so use can get proper notification from instances however we are not there yet. And because of it please make sure to keep your password updated every 30-90 days or depend on your initial password expiry setting.
Keyword: Windows Azure, Remote Desktop, RDP, Password,