az-serial-console

Connect to a serial console

$ az serial-console connect [[-g|--resource-group]] [Resource_Group_Name] [[-n|--name]] [Virtual_Machine_Name]

$ <Ctrl ]>

az vm serial-console --name VM_NAME --resource-group RESOURCE_GROUP
az vm serial-console -n VM_NAME -g RESOURCE_GROUP
Note: This command is a sub-command of `az vm` within the Azure CLI, providing access to the serial console functionality.

--name / -n
    The name of the virtual machine.

--resource-group / -g
    The name of the resource group containing the VM.

--subscription
    Optional. The name or ID of the subscription to use if not default.

The `az vm serial-console` command is part of the Azure Command-Line Interface (Azure CLI) and provides a secure, interactive way to connect to the serial console of an Azure Virtual Machine (VM). This out-of-band management capability is invaluable for troubleshooting scenarios where traditional network connectivity (like SSH or RDP) is unavailable or compromised, such as a misconfigured firewall, boot issues, or network stack problems. It allows administrators to interact with the VM's guest operating system directly, similar to connecting a physical console cable to a server. The connection uses HTTPS, ensuring security. To utilize this feature, the VM must have boot diagnostics enabled, which captures serial console output and enables interactive access.

Requires Azure CLI to be installed and configured.
User must be logged into Azure with sufficient permissions (e.g., Virtual Machine Contributor role or higher) to access the VM and its boot diagnostics.
The target Azure VM must have "Boot diagnostics" enabled in its configuration.
The serial console connection is established over HTTPS and is supported for both Linux and Windows VMs (though interactive access might be limited on older Windows versions).
No file transfer capabilities are available directly through the serial console.
The console session may time out after a period of inactivity.

For `az vm serial-console` to function, boot diagnostics must be enabled on the target VM. This can be done via the Azure portal, ARM templates, or Azure CLI using `az vm boot-diagnostics enable --name VM_NAME --resource-group RESOURCE_GROUP`. It requires a storage account to store serial logs and screenshots.

The serial console is commonly used for:
Resetting forgotten VM passwords.
Debugging boot failures or kernel panics.
Modifying network configurations that have locked out remote access.
Accessing the GRUB menu on Linux VMs to change boot options or enter single-user mode.
Running recovery scripts when the OS is unresponsive.

The Azure Serial Console feature was introduced by Microsoft Azure to provide an out-of-band management solution for virtual machines, addressing critical troubleshooting scenarios that cannot be resolved via network-based access. The `az vm serial-console` command emerged as part of the evolving Azure CLI, offering a consistent and programmatic way to interact with Azure resources. Its development reflects the increasing need for robust recovery and debugging tools within cloud environments.

az login, az vm boot-diagnostics, ssh(1), tmux(1), screen(1)