Hi,
When we try to connect to our Azure based Windows Server 2012 R2 via a client computer using a certificate, we get the following error:
Please also
read this link about same problem.
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Error 0x800b0109.
I created a virtual network and a VM inside it. configured vnet with P2S VPN and successfully able to connect to it via my laptop.
Then I connected an azure web app to the vNet using P2S. The portal shows it is connected and I am able to tcpping the VM using internal IP address BUT when I select internal dns name of VM (sqlvm.v2suoverxwoetlsx50noqrulfg.dx.internal.cloudapp.net) then tcpping fails to connect. I am using azure provided DNS in my vNet.
The exact scenario works fine if the vNet is classic. Any idea?
https://www.linkedin.com/in/gangwar
Dears
I add VPN connection and i am needing to change password for current certificate
please what is the steps to change password
Hi Everyone,
I have deployed my application across two regions, and used Azure Virtual Gateway to setup VNet-to-VNet VPN connection between those two regions. My concern is around security on the Virtual Gateway which has public IP address.
I am wondering:
1) what security mechanism Azure already taken care on the Gateway, like only allowing certain ports for VPN connection with Gateway in another VNet.
2) What ports are open on the VPN Gateway?
3) Do I need to add Network Security Group to GatewaySubnet, and specify rules accordingly?
Thanks!
Roy
Hello,
I am currently a college student who's trying out azure with the 30 day free trial, I have been assigned a "homework" we could say on which I have to setup a Domain Server and a Backup Server with Active Directory plus a DHCP Server.
I have already achieved to Install the Active Directory Domain Server and Backup Server on two Virtual Machines with Windows Server 2012 and I have also used a point to site connection VPN so that I can use a local virtual machine on VMWare with the Cloud active directory domain, however I can't get the DHCP Server to hand out the Ipv4 IP's as it tells me I have to set up a static IP which I can't assign because then it will instantly drop the Virtual Machine connection.
I have tried setting up the static IP's via the Azure control panel, but Windows Server doesn't seem to recognize it, Is there anything I can do to get this to work?
Would appreciate all the help I can get.
Cheers!
I am trying to connect a Web App to a VM, both hosted in Azure in the same datacenter. When I try tcpping the VM from the Web App scm site, it fails.
I connected my Web App with my VNET.v2 using the steps listed here https://azure.microsoft.com/en-us/documentation/articles/web-sites-integrate-with-vnet/
VM [internal IP 10.0.0.5], has Public IP
VNet Gateway is connected
Point-to-Site is configured[Address Pool 192.168.100.0/24]
Web App VNet is configured and certificate is synchronized
Go to https://*****.scm.azurewebsites.net
Questions
Good day All,
I'm new to azure and I'm having a bit of difficulty setting up a site to site vpn to my cisco RV110W Wireless-N VPN Firewall.Below are the parameters I can enter. Is my vpn device compatible? What parameters do I need to change to maintain a connection? Any assistance is greatly appreciated.
IKE Policy Configuration
Policy Name: AStoEBS
Exchange Mode:Main
IKE SA Parameters
Encryption Algorithm: AES-128
Authentication Algorithm: SHA-1
Pre-Shared Key: xxxxxxxxxxxx
Diffie-Hellman (DH) Group: Group2 (1024bit)
SA-Lifetime: 3600
Dead Peer Detection: Yes
DPD Delay: 10
DPD Timeout: 30
VPN Policy Configuration
Policy Type: Auto Policy
Remote Endpoint: 000.000.000.000
Local Traffic Selection
Local IP: Subnet-> 192.168.1.1->255.255.255.0
Remote Traffic Selection
Remote IP: Subnet-> 192.168.2.1->255.255.255.0
Manual Policy Parameters
SPI-Incoming: 0x
SPI-Outgoing: 0x
Encryption Algorithm: 3DES
Key-In: None
Key-Out:None
Integrity Algorithm: SHA-1
Key-In: None
Key-Out: None
Auto Policy Parameters
SA-Lifetime: 28800
Encryption Algorithm: AES-128
Integrity Algorithm: SHA-1
PFS Key Group: Yes -> DH-Group 2(1024bit)
Select IKE Policy: AStoEBS
I was previously utilizing Azure Endpoint Connect to allow clients to connect to resources in my Azure Virtual Network. I have migrated to using the new Point-to-Site VPN for this purpose, but the new SSTP VPN is using a split-VPN network topology. Users connect to the gateway subnet, but to gain access to the Virtual Network subnet, a static route must be added to the local clients computer using the client's DHCP gateway subnet address as the interface address. The native VPN client from Azure uses a "Route Add" command to accomplish this task. This requires an elevated permission set to execute. Many of the clients that will utilize this connection DO NOT have this permission set and therefore proper routing can not be acheived. I have set the "use default gateway on remote network" option for these clients as a temporary solution, but clients cannot have access to other internet resources while the VPN is active (All traffic is routed throught the Azure VPN).
Is there a way to add the necessary routing to the local client's routing table WITHOUT elevated permissions. This is a necessary step for this new VPN to have value in my architecture. This was not an issue with Azure Endpoint Connect since it ran as a service.
Hi
During my training session i created virtual network, which i am not able to delete, where i had deleted all those dependent resources, when i am trying to delete virtual network its says that Virtual network 'BLRHQ' is in use and cannot be deleted. If you recently deleted resources, it might take some time to update the virtual network.
and its more than two week i am getting same error.
please help on this
thanks in advance
Sanjeev Kumar
I have recently started using Azure and therefore started migrating my websites to Azure. My question is how can I migrate a domain I bought with another host to Azure?
I have followed documentation on how to point my domain to Azure server using DNS A Records...etc but when my domain needs renewal, I don't want to be billed by my old host - I'd prefer to handle renewal billing in Azure too, just like buying a new domain is handled from within the Azure control panel.
Is this possible? I have the migration code from my current web host which permits moving the domain to another host normally.
When I use Classic VM, I have to use PowerShell to create a "Reserved IP" for my cloud service.
Now I use Resource Manager VMs. When I navigate "Public IP adress" -> "Configuration" then I can turn on "Static IP".
What's the difference betwenn "Reserved" and "Static"?
Is it possible, that my "Static IP" can change sometimes - or will it always be the same as long as I have turned the option "static" on?
What has been done:
Hybrid HPC cluster, on azure classic portal, vnet with P2S(point to site) vpn gateway has been setup . Certificate and vpn client application has been installed on headnode(on premise). Azure node template created with network defined to use vnet on the cloud. Azure compute node can be started and brought online after p2s vpn connection established. From on-premise headnode I can ping Azure compute node's ip because of vpn connection. We have a importance service on headnode on based tcp/ip connection that compute nodes need to communicate headnode
Noticed issue
1. From azure compute node, I can't not ping headnode's ip.
2. From azure compute node, I can't not ping any servers on the internet like google.com.
Question:
1. Why azure compute node doesn't have internet connection? that's the way it is or something I missed.
2. With P2S vpn connection setup how come I cannot ping on-premise headnode?
3. What's best practice for azure compute nodes talk to an server on-premise?
Your reply is appreciated.
I am aware that SSTP is not supported by Mac so Point 2 Site VPN client doesn't work on Mac.
However, I am using Mac Parallels Desktop 11 to host a windows 10 enterprise VM. I installed Azure P2S VPN client on this windows 10 VM but it gives error "The client and server cannot communicate, because they do not possess a common algorithm."
Any idea why would that be? Does it matter which Host OS I am using?
https://www.linkedin.com/in/gangwar
Hi Everyone,
I have tried setting up VPN Gateway to connect VNet-to-VNet, which works great!
Based on Azure doc, I understood ExpressRoute is used to connect corporate network with Microsoft Services, including Azure. Is there an option of using ExpressRoute between VNet-to-VNet as well?
Thanks!
HI,
I,m downloading some files from a file server in Azure. Folder size is about 6GB.
Download speed is at 1.2mb/sec.
i had s 40mbps bandwith.
Anything i need to aware of?
BQ
Hi,
I am trying to figure this out and have spent a fair amount of time researching. Maybe I am looking in the wrong places. I am currently evaluating Azure services and so far they have been great! But I dont have a paid subscription so I am hoping to get some answers here before I escalate.
I have a few VM's that I created in the new Azure Portal with its own VNET (10.0.0.x). It's working great! Problem is, RDP is accessible virtually anywhere and that doesnt sit well with me. I believe I can make some rules etc, exlusions and so on. However I'd much rather utilize this VPN feature.
So I decided to create a VPN. Many of the sources I found point me to VNET Classic. So, I did it. I can successfully establish a connection to my VNET Classic S2P. However, my VM's sit on the newer VNET and I cannot ping them for the life of me. Even though I appear to be on the same subnet.
Is this possible? How can I add these VM's to the resource network that has the VPN tunnel in full effect? My VM's dont appear in the Classic portal... ?
Hi all!
I was hoping someone can guide me into an issue we are having at the company.
We are deploying a new Site-2-Site VPN between Azure and our office, and we setup a Local Network Gateway on Azure. I know that Azure indicates that some tasks can take up to 20 minutes but this one over 40 minutes already.
Is there any way to cancel this task? Or at least debug why is it taking so long?
Thanks in advance,
GCNH
We have ADFS 3.0 setup on several VMs in Azure with a Site-to-Site VPN between them and the local Network.
All works fine until the VPN goes down and although external users can access the ADFS logon screen (via the ADFS Proxy in Azure) they are unable to authenticate, even though there are two Domain Controllers in Azure.
We can't understand why the DC's in Azure won't authenticate the users while the VPN is down?
As soon as the VPN comes back up again it all starts working.
We've checked that the Azure VMs are using the correct DNS settings i.e. they are looking at the local DC rather than on-premise and that seems ok
Anyone else had similar problems?
Cheers for now
Russell
I am using a simple internal Active Directory Domain Services (AD DS) domain environment (with about 4 VM's total in it, 2 of them are domain controllers) that forward requests outside the domain to Google DNS servers (8.8.8.8 and 8.8.4.4). Sometimes my nslookup's on www.dropbox.com on my Azure VM's will not resolve (can't open the page, etc.). This problem is very random and can sometimes last for 30 minutes or so and then it magically is all working again out of nowhere. However, not on an Azure VM all is great and I am able to resolve www.dropbox.com. Is there something I am missing on an Azure VM that would need to be in place for reliable DNS lookups to the internet? I do know at one point there was an Azure DNS server that could be used but not sure if that is the case anymore or not. Thanks in advance!