I've recently started transferring my development workstation from Windows Server 2012 running on Amazon to Windows Server 2012R2 running on Azure and I've started with the "Visual Studio Ultimate 2015 Preview on Windows Server 2012 R2" image.
After creating the machine I bring up a VPN to my on-premises network and join the cloud VM to my on-premises domain. I then logon with a domain user account that I will use for everything from that point on.
After the initial setup, joining the domain, and first logon with domain user account, I seldom bring up the VPN again and on the Amazon instance I can happily restart the machine and just logon with the domain user account using stored credentials on the RDP client (Windows 8.1) and the cloud VM happily validates against cached credentials since it cannot contact the domain controller without the VPN started.
Works fine on Amazon but not on Azure !
The Azure 2012R2 instance refuses to accept the stored credentials for the domain user; I have to re-enter the password each time. I usually logon with fingerprint reader but this fails with a different error message though I suspect this is due to the same root cause. It will, however, accept the stored credentials for the local user account.
In order to determine if this was an Azure issue or a Windows 2012R2 issue, I created a similar VM based on the "Windows 2012 Data Center" image so it would be closer to the Amazon scenario. This turned out to be even worse! Even with specifying the password each time, the domain user is not allowed to logon until the VPN is brought up. After that it can logon freely until the VM is restarted even if the VPN is dropped.
There are so many scenarios to look at but it definitely appears that the Azure images (or in some way the environment) are different from Amazon. I'm not that concerned about fixing the Server 2012 scenario though it would be nice to understand what is going on. What I would ideally like to resolve is why Server 2012R2 won't allow the RDP stored credentials, forcing the password to be entered on each logon?
Are there perhaps some security policy settings configured differently in the Azure images?
Any help or sharing of common experience would be much appreciated.