Wrong port on preconfigured "MS SQL" access rule for NSG

September 23, 2016, 9:06 am

≫ Next: Peering between Azure Classic and ARM

≪ Previous: Azure ARM Load Balancer not working with ACTIVE FTP (PASV FTP working fine).

The preconfigured rule for "MS SQL" on a NSG is using port 1443.

It should be 1433.

↧

Peering between Azure Classic and ARM

September 23, 2016, 3:08 pm

≫ Next: Can't enable Instance Level IP

≪ Previous: Wrong port on preconfigured "MS SQL" access rule for NSG

I'm trying to configure peering between Azure classic and ARM. In ARM we have a gateway in use and pointing to our on premises environment. Eventually we would like to get rid of this and utilize AADDS. I need to know which is the best option for setting up peering while maintaining our existing gateway. Since we have this gateway in place the "UseRemoteGateways" option is greyed out. The descriptions that I have found are very non-descript...

↧

Can't enable Instance Level IP

October 6, 2016, 5:58 am

≫ Next: Azure CLI set CNAME

≪ Previous: Peering between Azure Classic and ARM

I have 4 Classic VMs in one Cloud Service.

I want to enable ILPIP for all of them. It worked for 3 of them, but everytime I try to enable ILPIP for the 4th VM, I get:

"Failed to update IP address in the virtual machine 'myVM-4'. Error: The operation '667a1df297710d0b9775e7290dacf8d6' failed: 'The server encountered an internal error. Please retry the request.'."

Is there some kind of limitation? I also tried to remove ILPIP from myVM-3 and then enable ILPIP on myVM-4, but I get the same error message.

Any idesa?

↧

Azure CLI set CNAME

September 22, 2016, 5:15 pm

≫ Next: VNet-to-VNet connection gateway disconnects

≪ Previous: Can't enable Instance Level IP

I'm following the instructions on https://azure.microsoft.com/en-us/documentation/articles/dns-getstarted-create-recordset-cli/ to create a CNAME record I executed the sample commands as shown below which are working copies of the page above in section 'Create a CNAME record set with a single record' However you can see the 2nd command fails with 'Cannon read property 'cname' of undefined $ azure network dns record-set create -g 'foo' foo.xyz 'test-cname' CNAME --ttl 300 info: Executing command network dns record-set create + Creating DNS record set 'test-cname' of type 'CNAME' info: network dns record-set create command OK

$ azure network dns record-set add-record 'foo' foo.xyz test-cname CNAME -c 'www.contoso.com' info: Executing command network dns record-set add-record + Looking up the dns zone 'foo.xyz' + Looking up the DNS Record Set 'test-cname' of type 'CNAME' error: Cannot read property 'cname' of undefined error: network dns record-set add-record command failed

Anyone know why, or the correct syntax to set a CNAME value?

↧

VNet-to-VNet connection gateway disconnects

September 14, 2016, 11:58 am

≫ Next: VPN traffic is lost in Azure / Zero IN Bytes

≪ Previous: Azure CLI set CNAME

I have connected 3 networks in different accounts, each with vnet and gateway, (as explained in this (https://azure.microsoft.com/pt-pt/documentation/articles/virtual-networks-configure-vnet-to-vnet-connection/) article).
From time to time some gateway goes down, on the dashboard of the others it shows as "disconnected" but on the one that is down it says "connect".
To solve this problem I have to remove and add a new one, then reconfigure and upload all configurations to the others and finally set the shared key.
Why does this happen? Is there any solution? Is this a known issue?

Thank you.

↧

VPN traffic is lost in Azure / Zero IN Bytes

August 5, 2015, 2:36 am

≫ Next: Cannot create a VPN connection

≪ Previous: VNet-to-VNet connection gateway disconnects

Hello,

we are facing a strange issue with Azure virtual network.

This is a subnet settings

ADDRESS SPACE. 10.5.0.0/16

SUBNET A: 10.5.2.0/24

Gateway: 10.5.1.0/24

The Site-to-Site VPN us up and running.

I create a VM that gets the following settings:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . : abcd.a10.internal.cloudapp.net
   Link-local IPv6 Address . . . . . : fe80::5094:b9bf:c0ed:6fae%11
   IPv4 Address. . . . . . . . . . . : 10.5.2.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.5.2.1

And now the interesting part begins:

pinging gateway on the other side of the tunnel times out.

tracert 192.168.3.252

Tracing route to 192.168.3.252 over a maximum of 30 hops

1     1 ms     1 ms     1 ms 10.5.1.4. <-- IT reaches the Azure gateway
2     *        *        *     Request timed out. <- And is lost afterwards
3     *        *        *     Request timed out.
4     *        *        *     Request timed out.

There is no traffic coming in from Azure. It feels like it get's blocked by Azure firewall, or the routing is broken -- there is no obvious explanation otherwise.

Thanks,

Andrei

↧

Cannot create a VPN connection

September 12, 2016, 5:38 am

≫ Next: VPN query

≪ Previous: VPN traffic is lost in Azure / Zero IN Bytes

Hello,

I am trying to create a VPN site to site between my internal SonicWall device and Microsoft Azure.

I make a test with a new Azure Virtual network (classic) and it works.

But when i try to create a VPN with my Azure Production Virtual Network (classic) it don't works.

I check on the logs from my SonicWall and it says : No VPN policy for peer Gateway.

Did you already had this type of error ?

Thanks

↧

VPN query

October 6, 2016, 10:41 pm

≫ Next: Why i don't see tutorial creating Application Gateway using Azure portal console?

≪ Previous: Cannot create a VPN connection

If I create a site-to-site VPN, do we pay for 2 Gateways or 1 Connection?

↧

Why i don't see tutorial creating Application Gateway using Azure portal console?

October 7, 2016, 2:53 am

≫ Next: VPN Site a Site Azure / Fortgate connected but doesnt works fine

≪ Previous: VPN query

Hi everyone,

I'd like to create Application Gateway using Azure portal. I searched for a while and just saw a tutorial using cmdlet.

That's way more difficult for basic user who is familiar with console interface.

↧

VPN Site a Site Azure / Fortgate connected but doesnt works fine

October 7, 2016, 9:32 am

≫ Next: not able to delete Virtual Network

≪ Previous: Why i don't see tutorial creating Application Gateway using Azure portal console?

Hello,

we are facing a strange issue with Azure virtual network.

This is a subnet settings

ADDRESS SPACE. 10.0.0.0/8

SUBNET A: 10.0.0.0/29

Gateway: 10.32.0.0/29

The Site-to-Site VPN us up and running.

I create a VM that gets the following settings:

Ethernet adapter Local Area Connection:

IPv4 Address. . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 10.0.0.1
And now the interesting part begins:

pinging gateway on the other side of the tunnel times out.

tracert 172.21.69.15
Tracing route to 172.21.69.15 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 10.32.0.5 <-- IT reaches the Azure gateway
2 * * * Request timed out. <- And is lost afterwards
3 * * * Request timed out.
4 * * * Request timed out.
There is no traffic coming in from Azure. It feels like it get's blocked by Azure firewall, or the routing is broken -- there is no obvious explanation otherwise.

VPN is conected with Fortgate hardware.

↧

not able to delete Virtual Network

September 7, 2016, 4:04 am

≫ Next: Routing between two Subnets via VM instead of virtual router

≪ Previous: VPN Site a Site Azure / Fortgate connected but doesnt works fine

During my training session i created virtual network, which i am not able to delete, where i had deleted all those dependent resources, when i am trying to delete virtual network its says that Virtual network 'BLRHQ' is in use and cannot be deleted. If you recently deleted resources, it might take some time to update the virtual network.

and its more than two week i am getting same error.

please help on this

thanks in advance

Sanjeev Kumar

↧

Routing between two Subnets via VM instead of virtual router

September 16, 2016, 7:59 am

≫ Next: Configure Traffic Manager to Load Balance On-prem and Azure ADFS hosts

≪ Previous: not able to delete Virtual Network

Dear community,

How can I prohibit routing between two subnets in a VNet, resp. route all traffic via a virtual machine (FW appliance)?

In my setup I've a VNet with network 10.10.0.0/16. This VNet has two subnets; subnetA with 10.10.1.0/24 and subnetB with 10.10.2.0/24. Furthermore I've a virtual machine (VM) with two NICs and those are attached to both subnets using the last IP of the net (.254) since the first three IPs (.1-.3) are always reserved for the virtual routers.

What I try to achieve is that all traffic between subnetA and subnetB is routed via the VM but not via the virtual Azure router. For this I've created two Route tables with one "default" route each:

routeA, prefix 0.0.0.0/0, next hop type "virtual appliance", next hop address "10.10.1.254"
routeB, prefix 0.0.0.0/0, next hop type "virtual appliance", next hop address "10.10.2.254"

Those Route tables are assigned to subnetA resp. subnetB.

It looks like those routes are considered for all external traffic which means outside of 10.10.0.0/16. As an example when I try to ping IP 8.8.8.8, ICMP traffic is routed via my virtual machine. However I traffic from a VM in subnetA to a VM in subnetB does not pass my "firewall" VM!

I also tried to add an additional, more specific, route to each Route table for 10.10.0.0/16 via the IP of my VM in each subnet but then I cannot reach the other VMs attached to those subnets anymore.

Does anybody has an idea why not all traffic is routed via my "firewall" VM? Your help is much appreciated.

Thanks a lot and best regards,
Roger

↧

Configure Traffic Manager to Load Balance On-prem and Azure ADFS hosts

September 28, 2016, 3:46 am

≫ Next: Azure as a DNS Registrar?

≪ Previous: Routing between two Subnets via VM instead of virtual router

Hi,

I've configured an Azure environment as a DR solution to my O365 identity services. The Azure environment currently consists of an ADFS Server, DC and a WAP host. The WAP is located in a separate DMZ subnet away from the core subnet. I've also configured a site to site VPN connection between Azure and on-premise.

I've setup a traffic manager profile and configured the Azure WAP endpoint successfully. Now I'm looking for some direction on how I go about configuring the on-premise endpoint.

On-premise we have 2 ADFS servers and a virtual Big-IP load balancer which acts as a reverse proxy for the external ADFS connections. The current external dns name is adfs.domain.com which of course points to the Big-IP.

I assume I need to change the external DNS entry for adfs.domain.com to point to the external traffic manager address but then how do I setup the traffic manager endpoint for the current on-premise solution?

Any guidance is appreciated.

↧

Azure as a DNS Registrar?

October 7, 2016, 4:36 pm

≫ Next: Adding DNS Server to a PPP Adapter for Azure VPN

≪ Previous: Configure Traffic Manager to Load Balance On-prem and Azure ADFS hosts

Hi,

I am wondering if Azure is setup as a DNS registrar and provides the ability to register Internet domain names? I can see the Azure DNS feature allows domain names to be re-pointed in for hosting on a VM ( I think) but can Azure provide the complete service so that an alternative Registrar is not required and everything is in one monthly contract?

I understand these things to a point but if someone could please provide some more insight it would be greatly appreciated.

Thanks Sam

↧

Adding DNS Server to a PPP Adapter for Azure VPN

October 7, 2016, 6:58 pm

≫ Next: Adding the secondary interface of VM as backend pool to the Azure LB

≪ Previous: Azure as a DNS Registrar?

Hi,

We are currently using Azure VPN but when we install the standard VPN client it requires that you have local admin rights.

To work around this we are creating our own VPN connection using the phonebook files and running RASDIAL.

When the standard azure vpn connect is made (using the installed client) the setting looks like this:

PPP adapter xxxxxx:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : xxxxxxx
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.10.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 10.123.0.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

When i create the same VPN connection using the phonebook file (in the VPN installation exe) and run RASDIAL wit hthis phonebook entry the connection looks like the following:

The issue is the DNS Server doesn't appear. It's the same phonebook file that is used by the azure client. Within this file is are setting as follows:

IpAddress=0.0.0.0
IpDnsAddress=10.123.0.4
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0

I can see it's trying to set the dns server and it's the same file used by the other but it just wont set it.

Can anyone give me some ideas on this. Sorry if it's not absolutely clear . I've learn this whole VPN and phonebook (PBK) process in the last 24 hours so it's very new to me.

Regards.

Simon.

↧

Adding the secondary interface of VM as backend pool to the Azure LB

October 8, 2016, 2:01 pm

≫ Next: harod zink

≪ Previous: Adding DNS Server to a PPP Adapter for Azure VPN

I have created a Multi NIC VM on Azure using powershell, I want to configure one of the non primary interface as backend pool to the Azure external load balancer. In Azure portal there is only provision to select the VM name as backend pool and the primary interface of that VM receives the traffic. Is there a way to select the particular interface of the VM as the backend for Azure LB?

Thanks,

Ram

↧