From yeyo @BitterMale via Twitter,
i need support for my VM in Azure, i need to configure the VPN service to provide the access to the apps located in the main server (VM in Azure).
aka.ms/d1145579
I need to know how to define my CIDR with my current VM. There is no information about that in the documentation.
Thanks,
@AzureSupport
From Vic Perdana @vperdana via Twitter,
getting an issue with setting up ExpressRoute connection on a separate subscription. "long running operation failed"
Thanks,
@AzureSupport
With the help of Cisco we finally managed to get the ipsec tunnel between our corporate office to Azure up and running. Traffic is routing bidirectionally between nodes behind the VPN nodes. We can ping for hours on end. If we stop the ping and the circuit goes idle, the VPN will drop. After that, ping all you want from the azure side (8000 retries in my case), the tunnel will not come back up. If we initiate the tunnel from our corporate office it's back up in under 60 seconds.
So, the question is, why? Cisco said something about NAT on the Azure side and the new web admin has zero settings for anything than a simple point and click setup. No timeout settings, no keep alive, etc.
What are we missing?
Using the classic our tunnel works fine (different network segment entirely), but since we can only use that VPN for classic nodes we're kind of stuck.
Thoughts?
I want to have multiple instances in multiple regions, based on what I've read Traffic manager would be used to connect
regions while load balancer is used to connect VMs within a region
From @mrdenny via Twitter:
"Is there any way to get more info from site to site VPN as to why my S2S connection is failing?
This is CM, not RM and the CM version doesn't show much info.
Getting a phase 2 proposal mismatch error."
Thank you,
@AzureSupport
Hi,
I am struggling with the design of our hybrid Azure network.
Currently I have the following networks:
ONPREM
VNet1 in Subscription 1
VNet2 in Subscription 2
What I would like to do is just have one S2S VPN between ONPREM and "Azure". Then, somehow route traffic to and from VNet1 and VNet2 trough that S2S VPN.
So far I have managed to create a S2S VPN between ONPREM and VNet1 and VMs on those two network can access each other.
I have also connected VNet1 and VNet2 and VMs on those two networks can access each other.
But what I have not managed to do is make VMs on VNet2 access VMs on ONPREM.
How would I go on an build something like that in Azure?
Regards
Hello,
I have been trying for several days to edit an existing Load Balancer rule in the Azure Portal (ARM) but the opening blade doesn't load, showing the error "LoadBalancerRulesEditPart" and right under "MICROSOFT_AZURE_NETWORK" and the icon of a dark cloud with a drop of rain (I made a screenshot but I can't upload it until my account is verified).
I read in an unrelated thread that it was due to a "bad browser configuration", although it doesn't specify if at the user's or Microsoft's end. It sometimes happens in other blades and reloading them works, but not with this one.
I tried the latest versions of Chrome, Safari and Firefox on Mac OS X and they all have the same problem. I don't have access to a Windows PC.
Thank you.
https://azure.microsoft.com/en-us/documentation/articles/load-balancer-get-started-internet-arm-ps/
From the article above, we know that there are two web servers, however we created the NAT rule below, so my question is if there is a request on port 3441 on load balancer , it would forward the request to which web server on port 3389? web1 or web2? As the following command doesn't specify the web server name. so how do we known the request would be forward to which web servers?
“a NAT rule to translate all incoming traffic on port 3441 to port 3389
$inboundNATRule1= New-AzureRmLoadBalancerInboundNatRuleConfig -Name RDP1 -FrontendIpConfiguration $frontendIP -Protocol TCP -FrontendPort 3441 -BackendPort 3389”
I'm trying to setup a S2S VPN. I created my network using the Resource Manager. My network team is asking for a configuration script that we were able to download when we setup the network using Classic mode, but that script doesn't seem to be available in the new portal. Can anyone help point me in the right direction.
Thanks
So I have my website set up, call it www.mywebsite.com. I have my Traffic Manager set up so that www.mywebsite.com points to mytrafficmanager.trafficmanager.com.
The Traffic Manager then points to my two on-premise web front-ends web1.mywebsite.com and web2.mywebsite.com. It also has an endpoint of a Azure Web App.
It is set up to do a Priority fail over: web1, then if that fails to web2, and if they are both down, to fail over to the Azure Web App.
My question is this: If I get a DDoS attack on www.mywebsite.com, what would happen? Would the on-premise servers go down, and then it would fail over to the Azure Web App (which is set up to scale appropriately to hopefully mitigate a DDoS attack). Or would it not be able to route the traffic properly?
Upon configuration of a Traffic Manager setup with two external endpoints in a weighted configuration, I navigated to the trafficmanager.net URL. It displayed an IIS splash page.
I navigated to each of the endpoints directly, and they both displayed the site, so I believe the problem isn't with the web server. Upon conversation with the webmaster, he says there isn't even an IIS splash page available on either server.
So then I did a traceroute on the trafficmanager.net URL. It returned the endpoint's IP, which seems to me that the traffic is getting to the web server. A ping returns the same.
In the Configuration tab, I've set the Path as both / and /default.aspx (upon consultation with the webmaster).
Is there something else I'm missing here? My gut tells me that this is a Traffic Manager issue, but there aren't any other configuration changes that I can see that might help.
Thanks!
Hi there,
I'm trying to login via azure powershell to my subscription, but Login-AzureRmAccount isn't finding my tenantid or subscriptionid from within my organization. Outside it's fine - we can login correctly, but when logging in within the log I can't login at all:
PS I:\> Login-AzureRmAccount Environment : AzureCloud Account : <AccountName> TenantId : SubscriptionId : CurrentStorageAccount : PS I:\> Get-AzureRmSubscription WARNING: Unable to acquire token for tenant 'Common' PS I:\>
If I do the same commands from outside the organisation it works fine.
This also happens even if I login as a non-corporate windows live Id account (i.e. I use a personal account that has nothing to do with my company).
I'm guessing it's authenticating against my domain account somehow, but it's very odd. Curiously, Add-AzureAccount works fine:
PS I:\> Add-AzureAccount Id Type Subscriptions Tenants -- ---- ------------- -------<AccountName> User <blah> <blah> PS I:\> Get-AzureSubscription SubscriptionId : <blah> SubscriptionName : Microsoft Azure Enterprise Environment : AzureCloud DefaultAccount : <AzzountName> IsDefault : True IsCurrent : True TenantId : <blah> CurrentStorageAccountName :
I'm at a bit of a loss why I can't login to AzureRm, especially as all of our services are in Resource Manager mode. :(
Thanks!
Hi,
I would like to bring up the following setup
Client (172.31.2.10) ----> Virtual Appliance (172.31.2.122) and if client has to reach any other subnet then I forward it to virtual appliance and the VA take care of routing
if I have to bring the same in AWS then I have to do the following
[1] route add default gw 172.31.2.122 on Client VM
[2] Disable source/dest check on VA interfaces
but, In case of Azure, I have to do the following
[a] route add default gw 172.31.2.122
[b] Enable IPForwarding on VA interfaces
[c] Create User Defined Routing rule saying any traffic from 172.31.2.0/24 should go to VA i.e. 172.31.2.122
Can someone please confirm if step [c] is mandatory or is there any other simple way to get it working?
We found challenge in assigning static IP to the VMs
The above settings works fine in that session, but after “stop” ing the VMs and starting next day or something the settings had gone for static IP inside the server
And if I try to assign same IP inside server I get following error
---------------------------
Microsoft TCP/IP
---------------------------
The IP address 10.0.0.5 you have entered for this network adapter is already assigned to another adapter (Microsoft Virtual Machine Bus Network Adapter #2) which is no longer present in the computer. If the same address is assigned to both adapters and they both become active, only one of them will use this address. This may result in incorrect system configuration.
Do you want to remove the static IP configuration for the absent adapter?
---------------------------
Yes No Cancel
---------------------------
Hello,
We have several Traffic Manager Profiles (Performance routing) each running with multiple endpoints. The last few days I have tried to add a new endpoint (same app as the existing - deployed with Release Management) in East US through portal and PS, but I keep on getting errors. The latest was:
Failed to save configuration changes to Traffic Manager profile 'myprofilename'. Error: Domain name is not available. The provided Traffic Manager profile relative name is invalid or missing.
Existing and new endpoints are Azure endpoint / App Service and I have tried all kinds of configurations with domain names and certificates (and the same operations in PS).
When trying to change monitoring from "HTTPS / port 443 / some path" to "HTTP / port 80 /" I couldn't save and got the same error.
I have a correlation ID, if that helps?
clientNotification-d79b94f9-5ad6-40a5-99a3-259103e3e01a;f6c15185-936e-4a45-a744-bce48c887893
What's going on here? Any help appreciated :-)
BR,
Henrik
Hi All,
I have a requirement is it possible to implement Gone fishing for my applications using Application gateway service.
Currently All my applications are using ARR (Azure Resource Routing) .
What is Gone fishing :In the event of downtime instead of getting error page I should get my friendly configured web page.
Any help here can greatly Appreciated.
Hello,
Background:
Recently we migrated to Microsoft Azure and i have successfully configured 3 server as
Server 1 : AD, DNS 10.0.3.4
Server 2 : RRAS with NAT 10.0.3.5
Server 3 : File server 10.0.3.6
and we deployed Site to site connection for on-premises and everything working fine
Problem:
I have a few client they work from outside So, I install and configured RRAS server
RRAS server has single NIC and configuration done with "custom configuration" using this link : https://blogs.msdn.microsoft.com/lighthouse/2013/07/30/how-to-deploy-sstp-and-l2tp-vpn-in-windows-azure-windows-server-2012/
Now i have two problems
This is my current diagram
Kindly guide me to solve this problem
Hello all,
I am new to this Azure Cloud service and I already have a problem configuring a DNS zone as a service in order to resolve to my webpage.
This is the original message sent to Microsoft support, but unfortunately they cannot answer my question since the DNS zone still in preview mode:
"This server (VM) is hosting various websites. I did create a DNS zone (service) for each domain I own, including A records (www). I did configure the websites properly on the VM. Somehow, I cannot access my websites without using the www.
Let me explain, when I try to access my website hit-global.org I get a webpage error as it cannot find the page, but if I access my webpage using www.hit-global.org then it works fine.
When I look for answers on Azure blogs, they talk about adding CNAME for awverify, but I guess this is if I host a webpage in Azure, which is not the case since I am hosting the webpages on my server directly."
I'm attempting to set up 2 NetScaler VPX instances with HA, but to do so requires an Availability Group other than NONE. However I can't find any way to set up an Availability Group.
Any suggestions where to look to add a group?
I have created a Linux virtual machine scale set through the Azure portal creating 3 virtual machines.
This has automatically created a backend address pool containing the 3 instances as well as a load balancer with 3 inbound NAT rules giving us SSH access on ports 50000 - 50002.
I have successfully accessed the VMs and installed an application running on port 42000 and although I can access this on the web via proxy/private IP, I cannot access this through public IP/DNS despite setting up a load balancer rule directing all incoming port 80 traffic to the 42000 backend port.
I have included our configuration below and any help or assistance on how to be able to access this application from the public IP would be greatly appreciated.
Mark
-----
Backend address pool (demopool):
This contains our 3 Virtual Machine instances (instance 0, instance 1, instance 2)
Probe (demoprobe)
Protocol: Http
Port: 80
Path: /
Interval: 5s
Unhealthy Threshold: 2 consecutive failures
Load Balancing Rule (demolb):
Protocol: TCP
Port: 80
Backend Port: 42000
Backend Pool:demopool
Probe:demoprobe
Session Persistance: None
Idle Timeout: 5m