How to enable force tunneling on Expressroute. Kindly provide the steps and what is the disadvantages and what precautions need to be taken before implementing force tunneling on Expressroute
↧
Forced Tunneling for Expressroute
↧
ExpressRoute Status | Data in and Data out
I have created ExpressRoute Circuit and Routing has been configured by Network Provider. Later I have linked the Virtual Network Gateway with the ExpressRoute Circuit. However Data in and Data Out shows Zero. I am able to RDP from Internal Network to Test VM and Even I am able to connect to DC but I am not sure if it is working or not. What is the way to test the Express Route connection.
↧
↧
MIcrosoft Azure Virtual Network configure Issue
Microsoft Azure Virtual Network configure Issue
Microsoft Azure Virtual Network in VM not ping and Connect our On-premises domain controller.
our office network running at server not ping MS Azure Server ( showing Azure virtual Network connect)
↧
Giving access to another user to create an end point
Hi,
I added another user to my Azure subscription and I gave him "owner" role in a classic VM. The problem comes when he try to create an endpoint, he cannot do it and get this error:
Please help me figure out what permission set I need to give to him.
Failed to update endpoint 'qw wq' on virtual machine 'MyCompany testapp1'. The client 'sales@MyCompany.com' with object id '1eed1921-2cc3-438c-8c05-920702292ff6' has permission toperform action 'Microsoft.ClassicCompute/virtualmachines/write' on scope '/subscriptions/ff2f1a71-27e0-4ea2-a339-f5b61fefcff1/resourcegroups/Group/providers/Microsoft.ClassicCompute/virtualmachines/MyCompanytestapp1';
however, it does not have permission to perform action 'Microsoft.ClassicCompute/domainNames/write' on the linked scope(s)
'/subscriptions/ff2f1a71-27e0-4ea2-a339-f5b61fefcff1/resourceGroups/Group/providers/Microsoft.ClassicCompute/domainNames/MyCompanytestapp1'.
↧
Changing static route to dynamic route for multisite connectivity in Azure
Hi Team,
We currently have a forest A connected to Azure using Site to Site connectivity using Static route. AAD connect and ADFS server for SSO are configured on Azure. Users from Forest A access O365 through ADFS SSO.
Now we have to connect Forest B to Azure so that we can have a connectivity between Forest B and Azure AAD connect,
For this we need to establish a multisite connectivity to Azure.
So we are first planning to convert Static route gateway to Dynamic routing gateway for multisite connectivity.
Will this impact our existing connectivity from Forest A to Azure.
Is there any other way to set multisite connectivity so that the impact can be reduced or there will be no impact to users.
Is there any rollback plan if dynamic route does not get configured and we want to revert to our previous setting of static route.
↧
↧
Website hosted in Azure VM
I have a website hosted in Azure VM and I want to make sure that the website is NOT accessible outside my company's network. How can I do this?
↧
Azure Site to site VPN connection
Hi all,
Having issue with connecting to site to site. First we configured the site to site on Azure then download the script to plug into our on premise production ASA was unable to connect.
Then we used an non production ASA and plugged into the script and reach out to Microsoft. Microsoft provided the following info.
6487 17:58:03.5247457 11:28:03 PM 10/7/2016 62.5147806 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Negotiation Request Initiated
6496 17:58:03.5499553 11:28:03 PM 10/7/2016 62.5399902 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Send ISAKMP Packet
6501 17:58:03.5500667 11:28:03 PM 10/7/2016 62.5401016 (868) 13.77.80.177
xx.xxx.xx.xxx IKE IKE:version 1.0, Identity protection (Main Mode), Payloads = HDR, SA, VID, Flags = ..., Length = 372 à Initial MM
packet
6663 17:58:04.5449240 11:28:04 PM 10/7/2016 63.5349589 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Send ISAKMP Packet
6667 17:58:04.5449824 11:28:04 PM 10/7/2016 63.5350173 (868) 13.77.80.177
xx.xxx.xx.xxx IKE IKE:version 1.0, Identity protection (Main Mode), Payloads = HDR, SA, VID, Flags = ..., Length = 372 à Re-transmission
of the Initial MM Packet
6766 17:58:05.5510583 11:28:05 PM 10/7/2016 64.5410932 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Send ISAKMP Packet
6770 17:58:05.5511130 11:28:05 PM 10/7/2016 64.5411479 (868) 13.77.80.177
xx.xxx.xx.xxx IKE IKE:version 1.0, Identity protection (Main Mode), Payloads = HDR, SA, VID, Flags = ..., Length = 372 à Re-transmission
of the Initial MM Packet
6891 17:58:08.5550864 11:28:08 PM 10/7/2016 67.5451213 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Send ISAKMP Packet
6895 17:58:08.5551539 11:28:08 PM 10/7/2016 67.5451888 (868) 13.77.80.177
xx.xxx.xx.xxx IKE IKE:version 1.0, Identity protection (Main Mode), Payloads = HDR, SA, VID, Flags = ..., Length = 372 à Re-transmission
of the Initial MM Packet
11575 17:59:00.6174956 11:29:00 PM 10/7/2016 119.6075305 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Main Mode Failure - Error: ERROR_SUCCESS
11577 17:59:00.6286090 11:29:00 PM 10/7/2016 119.6186439 (868) 13.77.80.177
xx.xxx.xx.xxx WFP WFP:IPsec: Main Mode SA Terminated à The Main Mode negotiation is
So after many tests I decided to forgo ASA all togeather and set up an trial windows 2012 server. I received this error from Microsoft support tech.
| Time | Level | Category | VIP | MMSA | QMSA | iCookie | rCookie | outboundSPI | inboundSPI | Comments | Details | |
| 10/14/16-23:49:22.875881 | INFO | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | On-prem is the MM initiator. | IKE diagnostic event:, Failure type: IKE/Authip Main Mode Failure, Failure error code:0x00003601, No policy configured, , Failure point: Local, Keying module type: IKEv2, MM State: Initial state, no packets sent, MM SA role: Responder, MM auth method: Unknown, 0000000000000000000000000000000000000000, MM ID: 0x0000000000000f91 | ||
| 10/14/16-23:49:22.876139 | ERROR | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Check on-prem encryption domain against the Azure Local Networks. They must match exactly for Static. | Cleaning up mmSa: 0000008DC4D97730. Error 13825(ERROR_IPSEC_IKE_NO_POLICY) | ||
| 10/14/16-23:49:22.875881 | INFO | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | On-prem is the MM initiator. | IKE diagnostic event:, Failure type: IKE/Authip Main Mode Failure, Failure error code:0x00003601, No policy configured, , Failure point: Local, Keying module type: IKEv2, MM State: Initial state, no packets sent, MM SA role: Responder, MM auth method: Unknown, 0000000000000000000000000000000000000000, MM ID: 0x0000000000000f91 | ||
| 10/14/16-23:49:22.876139 | ERROR | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Check on-prem encryption domain against the Azure Local Networks. They must match exactly for Static. | Cleaning up mmSa: 0000008DC4D97730. Error 13825(ERROR_IPSEC_IKE_NO_POLICY) | ||
| 10/14/16-23:49:22.876140 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Inactivating MM: 0000008DC4D97730 | ||||
| 10/14/16-23:49:22.876141 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Moving mmSa 0000008DC4D97730 to zombie list | ||||
| 10/14/16-23:49:22.876144 | ERROR | user | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Check on-prem encryption domain against the Azure Local Networks. They must match exactly for Static. | IkeProcessPacketNoSa failed with HRESULT 0x80073601(ERROR_IPSEC_IKE_NO_POLICY) | ||
| 10/14/16-23:49:22.876147 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Deleting MM from lists: 0000008DC4D97FD0 | ||||
| 10/14/16-23:49:22.876152 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Completing Acquire for ipsec context 7837 | ||||
| 10/14/16-23:49:22.876340 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | IPsecKeyModuleUpdateAcquire0 failed. Context 7837, error WINERROR=80320008 | ||||
| 10/14/16-23:49:22.876342 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | IkeFreeAcquireContext: Freeing acquire 0000008DC4D928D0 | ||||
| 10/14/16-23:49:22.876388 | ikeext | xx.xx.xx.xxx | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Deleting MM from lists: 0000008DC4D97730 | ||||
| 10/14/16-23:49:22.876393 | ERROR | user | N/A | N/A | f65c9d98c6b09dfb | 0 | N/A | N/A | Check on-prem encryption domain against the Azure Local Networks. They must match exactly for Static. | IkeProcessPacketDispatch failed with HRESULT 0x80073601(ERROR_IPSEC_IKE_NO_POLICY) | ||
Any advice appreciated.
Noah
↧
Cant log into F5 BIG-IP Loadbalancer via SSH or Configuration utility using the default root &pass or default admin and pass for Big-IP
i provisioned a F5 loadbalancer the Best one, but when I go to configuration utility and try logging in with username admin and password admin it fails, also when I try and log in via SSH using root and default for the password it says access denied. I provisioned the VE several time..and same issue.
can someone please tell me what is going on? I'm using the default user names and passwords, but not working
i used admin for username and admin for password which is supposed to be default for F5 BigIP
Using Putty to SSH
Here I'm supposed to use 'root' and for password use 'default' that is what the default username and password for SSH for F5 big ip
clear
22m20 minutes ago
i provised the F5 big IP best several times and I even tried with the log in and password I provisioned with, but that doesn't work either
19m17 minutes ago
↧
Cannot access SSRS 2016 on azure VM
I just installed SQL Server enterprise Edition and configured SSRS successfully. I'm able to access SSRS portal when I RDP to the VM, however, I cannot access it externally from my workstation via internet. I have also set up endpoint for port 80 but still not able to connect. If anyone can shed any light on this problem it would much appreciated.
Thanks,
↧
↧
Muliple ADC on same VNET for different forest
Hi Team,
We have two forest Forest A and Forest B.
Forest A is connected to Azure on VNETA through Site to Site connectivity.
We have 2 Additional Domain controllers and 2 ADFS server and a AAD Connect Server on VNETA for Forest A.
Now we want to configure Forest B to be connected to Azure so that it can connect to Forest A. There is no trust between Forest A and B.
Once we establish a multisite connectivity from VNETA to Forest A and Forest B On premise network can we promote Additional domain controllers for Forest B as well in the same subnet in Azure. Will this impact us in any way?
Thanks,
Mitesh
↧
HowTo Create VNET VPN Connection to On-Premises MSSQL Database
Hi,
I am facing performance issues with a configured
HybridConnection and consider to create a VPN connection utilizing VNET.
I develop a C# Azure Mobile Apps backend.
Is there any good tutorial on that topic available or can someone give me a jump srart?
Thanks in advance,
Eric
↧
Azure Web App with Azure Point To Site VPN -- Access Resources from network
Hi Team,
Little Background:
We have Azure Site- 2-Site VPN connectivity (Classic V1) and it is working well with our Azure Cloud Service (Classic V1). Now we received a requirement to connect our Azure Web App (ARM V2) with this network and user some of the resources from the Azure VPN Network.
For that, We have enhanced our Azure VPN and enabled Point-2-Site Connectivity. Now, We come back to Azure Web App tab and there we have Networking Option, we enable Point-2-Site and select our this network. after few minutes, we got success status and we can see all green with enough details.
Real Issue:
Now, I want to access one of UNC Path under that network we have through our Azure Web App. But it is not working. I am getting an error message "Access to the path '\\<vmname>\testing' is denied. However I have tested the code (C#) and it's working well in local computer.
This issue I don't think is related to access or permission. Because though I give any name in place of <vmname> whether that VM is really exists in the network or not, It gives me the same error message. So, Its not specific to permission.
My Observation:
Virtual Network has one domain and that domain username and password different and when you are accessing anything from IIS to some other local, I suppose Impersonate and Identity may come in picture.
But If that is the real issue, I should get some different error message if I type ABCD as my <vmname> which doesn't exists in the Virtual Network. Isn't it? But I am getting same access denied message.
Troubleshooting:
Using Console Tab under Azure Web App blade, I tried to check nameresolver and dnsping exe and both are able to access my this vm where I have shared the folder. So, from Azure Web App VM they are able to access the Virtual Network VM.
Some References:
Regards, Brijesh Shah
↧
Azure DNS for PTR records/Reverse DNS zones?
Hi,
I am looking to migrate my DNS zones to Azure. I try to import my reverse DNS zone in, however, I get an error. Forwards work just fine. Does Azure DNS not support reverse DNS zones?
Thanks in Advance.
↧
↧
Error 500 when creating an AzureRMVirtualNetworkGateway using PowerShell
I am attempting to create an Azure VPN Gateway from an already created Vnet. The Vnet is created and I've got a VM inside the VNET - works great. But now I am trying to setup the P2S gateway as follows
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RgName ` -Location $Locname -IpConfigurations $ipconf -GatewayType Vpn ` -VpnType RouteBased -EnableBgp $false -GatewaySku Standard ` -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert
Sadly I get this response
WARNING: The output object type of this cmdlet will be modified in a future release
New-AzureRmVirtualNetworkGateway : An error occured.
StatusCode: 500
ReasonPhrase: Internal Server Error
OperationID : '6583d352-2ad6-473f-b747-d77f8e3c78f1'
At line:1 char:1
+ New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $Rg ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmVirtualNetworkGateway], NetworkCloudException
Any clues a) to that this means and b) how to fix it
Thomas Lee <DoctorDNS@Gmail.Com>
↧
Cannot connect Windows Azure Point to Site VPN
Hi,
I Have created a Virtual Network in Azure by Following the Steps in Azure Site
But When I Try to connect the VPN, I am receiving the following Error.
A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)
How can I solve the issue.
↧
Cant mapp custom domain to my website in Azure
Hi!
I have an issue with my DNS zone and website in Azure.
It all started when I accidently removed my previous DNS zone that I created some time ago in Azure.
I recreated the DNS zone gothenburg-industries.se and added my Office 365 records that is needed and that works just fine.
Then add an A record for @.gothenburg-industries.se -> 52.178.201.147 and a CNAME record forwww.gothenburg-industries.se ->gothenburg.azurewebsites.net and when I try to map the domain to my website it complains that no record is added.
I also tried to add A record www.gothenburg-industries.se -> 52.178.201.147 but then I cant add a CNAME www.gothenburg-industries.se ->gothenburg.azurewebsites.net since it complains that there already is a record set with that name.
↧
Configure IPs of master nodes before deploying an ACS with DC/OS
Hi,
Does anyone know hoe to configure the IPs of the master nodes before deploying an Azure Container Service with DC/OS? the default setup assigns IPs in the 172.16.0.0/24 which clashes with my current production infrastructure. Thus, I would like to change the IPs to be in the 172.32.0.0/24 range.
If I change the IPs after deployment the cluster is messed up since static master_discovery is used.
Thanks
↧
↧
Routing over multiple Azure VPNs
I have multiple VPN's setup which are not routing properly. I would like to know how I can configure a static route to achieve the following.
1)Azure vnet Address space 172.32.0.0/21
2)Azure vnet Address space 172.31.0.0/21
These two are connected with a vNet to vNet VPN and routing etc is working fine.
next up
2) also has a site to site vpn in different subscription to others above .
3)Azure vnet Address space 172.31.40.0/21
Routing between 2 & 3 also works fine and I can do all I want.
My issue is that I cannot route directly from 1) to 3) I therefore believe I need a static route from 1-3 and 3-1
But I don't know where to add this route.
↧
Azure Application Gateway Under Azure Load Balancer
Hi
I am trying to configure Application Gateway under Azure load balancer but the new portal is not allowing me to do so.
When I trying to add a NAT inbound rule, all it shows me are my VM and not application gateway. We have a Traffic Manager for DR to secondary site, then Azure Load balancer and then we wish to add Application Gateway under it for load balancing but more for WAF capabilities of Application Gateway.
Is it now allowed or I am not doing it right?
Thanks, Piyush
↧
Traffic Manager Profile tagging
Hello,
I'm experimenting with tagging in the new Azure portal and via Powershell. It seems I cannot add any tags to the Traffic Manager Profile, while this works for my other services.
The error I get via the portal and via powershell is the following:
The 'endpoints' property cannot be specified when updating a profile using PATCH. Please use PUT to update the profile instead. (Code: BadRequest)
Anyone else experiencing the same issue?
Thanks!
Rgds,
Thomas
↧