Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

Virtual Network in Failed State

October 21, 2016, 11:18 am
$
0
0

Hello,

We are new to Azure and are trying to get a virtual network gateway connected for a pair of ADFS WAP vm's.  We created our DMZ virtual network with the subnet 10.0.0.0/24 in ip space 10.0.0.0/16.  We found when we were connecting our site's ASA that there are conflicts with out network in those subnets.  At that point I added the address space 10.4.0.0/16 and disconnected/deleted all network devices that were attached to 10.0.0.0/24.  I was having problems modifying the subnet of our Virtual Network Gateway and the portal said that the change to the subnet failed but later when I checked the changes appeared successful.

After all of that, I went to add the virtual network gateway back to the virtual network (there are no gateways setup now) and found that the gateway subnet was greyed out because the DMZ virtual network was in a failed state.  I'm noticing there are some global outages going on so I'm not sure if that's impacting our solution but I'm wondering if anyone else has had a virtual network in the "failed" provisioning state and if so how to fix it without blasting it away and recreating it.

Thank you!

Search

Azure VNet Peering with multiple subscription in mutiple AD. Possible?

September 24, 2016, 2:53 am
$
0
0
Me and my colleague have Azure accounts (with BizSpark plan). We both created VNets and some VMs in each. Now, he want to access some VMs that I have created so we tried to setup VNet peering between these accounts. Is it possible to do that?

NB: we tried for the VNet peering option as the VPN is costly.

How to find a Free IP Address under ARM using PSH?

October 23, 2016, 2:13 am
$
0
0

Hey All,

While creating an ILB here's the code that I'm using

$VnSN = Get-AzureRmVirtualNetwork | where {$_.name -eq "SQLSrvNET"} | get-AzureRmVirtualNetworkSubnetConfig

$frIP = New-AzureRmLoadBalancerFrontendIpConfig -Name LBFE -PrivateIpAddress a.b.c.d -SubnetId $VnSN[0].Id

New-AzureRmLoadBalancer -Name PSHILB -ResourceGroupName ARGmultiAO -Location "Central US" -FrontendIpConfiguration $frIP

My intention is to identify & provide an IP address in Line[2].

Any help on that?

yup

Reverse DNS setting for Azure Virtual Machines

October 23, 2016, 2:54 am
$
0
0

Hi,

We try to build mail servers on Azure. So, we need to set reverse DNS record to VM's static global IP address.

But I got an error by using PowerShell cmdlets.

***********************************************

PS C:¥> Login-AzureRmAccount

Environment:AzureCloud

Account:****@****

TenantId:*****

SubscriptionId:*****

SubscriptionName:*****

CurrentStorageAccount:

PS C:¥> $pip = Get-AzureRmPublicIpAddress -Name XXX.XXX.XXX.XXX -ResourceGroupName *****

Get-AzureRmPublicIpAddress : Resource group '*****' could not be found.

StatusCode: 404

ReasonPhrase: Not Found

OperationID: '*****'

Line:1 character:8

+ categoruInfo:CloseError: (:) [Get-AzureRmPublicIpAddress], NetworkCloudException

+ FullyQualifiedErrorId:Microsoft.Azure.Commands.Networdk.GetAzurePublicIpAddressCommand

***********************************************
Any ideas what I could do to fix this issue?

Thanks,

Yoshihisa

On-Premise to Azure VPN Tunnel automatic failover

October 23, 2016, 4:24 am
$
0
0

Hi

We have Site-to-Site connection between our On-Premise network and VNET in Azure via VPN Gateway.

What are my failover options here? If just in case Azure region goes does how to automatically switch to secondary VNET in different region. We do have same VNET in different region for failover but how to connect that is the question.

Thanks, Piyush

ARM - Public IP Address tcp/81 not open

October 24, 2016, 7:53 am
$
0
0

Hello Support

I have setup in ARM the following

1 x Azure Load Balancer (Internet Facing with public ip address)

1 x Availability Group

2 x haproxy servers

3 x www servers


I have multiple sites setup

Site_1 - 0.0.0.0:80

Site_2 - 0.0.0.0:8080

Site_3 - 0.0.0.0:81

Site_4 - 0.0.0.0:15672

Sites_1 & _2 work through I can browse these publicly and everything looks correct

Now if I try to telnet to Sites_1:80 & _2:8080, on the public ip address this works fine

If I try to telnet to Site_3:81 - it times out on the public ip address

and the same for site_4:15672 and the same for this aswell.

from the individual haproxy ip address I can browse to the site on port 81 but not on the public ip address

So i've proved its not an haproxy thing and it works locally and also not a NSG issue either

Its just the public ip address

Can you please advise

regards

James

Access Issue to Microsoft Azure

October 24, 2016, 6:25 am
$
0
0

Thanks for your prompt support. We have a test server running on Azure with the url: http://13.92.139.163:81. Trace to it revealed that the packet drops at 104.44.10.55 and we couldn't access the app installed on the test server. Kindly, assist check this issue. Thank you.



Cannot ping from vm to certain local subnet

October 24, 2016, 8:02 pm
$
0
0

Current setup:

Local subnet A and B  <<>> policy based vpn (cisco asa) <<>> vnet gateway <<>> dmz vnet <<>> 2 server 2016 vm's

Earlier today I was able to ping from local subnets a and b through to the two vm's and the two vm's were able to ping to the local subnets.  At some point the service on my 2 server 2016 vm's went down (adfs web proxy) and I noticed I was unable to ping from the vm's to my local subnet A (ADFS server subnet) but I was able to ping local subnet B (monitoring subnet).  

Things I have tried to fix this problem:

  • Remove NSG rules so that we're running on base NSG
  • Disable firewalls on both ends
  • Reset vnet gateway using a powershell command
  • Built two additional vm's and assigned them to new NSG (same behavior)

I have verified that the routes to local subnets A and B are similar and this was working earlier today and I have reverted everything I remember changing to try to get this to work.  At this point I'm a little disappointed in Azure since what seemed somewhat simple has turned into a day and a half ordeal.  Nothing I have done has granted me the ability to ping the ADFS subnet (A) since this issue started.  I have checked a number of articles online and as far as I can tell everything should be working.  Does anyone have a suggestion on next steps?  Just to be clear - vm's in azure cannot ping any IP in the local ADFS subnet.  

Thank you!

Search

how to provide hostname and ip address details while deploying a VM in Azure

October 25, 2016, 1:45 am
$
0
0
When we deploy the appliance, we used to provide the hostname, ip address, default gateway, subnet mask, primary & secondary DNS. But as the console access is not available, we are unable to provide the details. Please suggest us, what can be done in this regard.

Internet Facing Load Balancer to a VM hosting IIS (Reverse Proxy) to a VM hosting our ASP.NET Core 1.0 windows service

October 25, 2016, 7:49 am
$
0
0

In Azure we have an Internet-facing load balancer that directs requests to a VM hosting IIS acting as our reverse proxy which then directs traffic to the appropriate ASP.NET Core 1.0 windows service on another VM.  So a request takes the following route:

Internet-facing load balancer to a IIS Reverse Proxy hosted on a Windows Server VM to a ASP.NET Core 1.0 windows service hosted on another windows VM.

For the Network Security Group hosting our ASP.NET Core 1.0 windows service we would like to create an inbound security rule to only allow traffic from the source IP of the IIS Reverse Proxy VM.  But we are noticing that we end up having to use the IP address of the Internet-facing load balancer instead.  Why would requests that arrive at the ASP.NET Core 1.0 windows service VM have the source IP of the Internet-facing load balancer?  Shouldn't they have a source IP of the IIS Reverse Proxy VM?


How to create DNS Entry for Azure Virtual Machine

October 24, 2016, 2:59 pm
$
0
0

Hi,

I have a website running in IIS on an Azure VM. I want to set the address to www.abc.com but I can;t get it to work.

I've entered the 4 Nameservers with my DNS provider for abc.com: ns1-05.azure-dns.com etc.

I've created a DNS Zone in Azure. I've created an A record in the DNS Zone in Azure and called it www and pointed it to the IP address of the VM but nothing happens.

What do I need to do to make it work? Do I need to have the A Record and CNAME Record (www.abc.com and abc.com) with my DNS provider or in Azure?

Sorry for the poor description but this isn't my forte and please bear this in mind with the (simple) answers :)

Traffic Manager Shows All Endpoints Status Degraded

April 22, 2016, 10:56 am
$
0
0

I have two total endpoints that are both showing a status of "Degraded."

I read that this usually indicates that the monitor configuration is resulting in a response other than 200. However, testing with curl shows a 200 response for both endpoints. This is over http so there's no authentication.

It may be relevant that this is a Traffic Manager Profile (classic).

Here is an example of the curl result:

C:\Users\estarks>curl -I posguys-west.cloudapp.net:80/
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 76357
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=ztw4ebs0tnzelp4gkqfl1bi5; path=/; HttpOnly
X-Frame-Options: SameOrigin
Set-Cookie: Cart=9c822cc6-9a01-4461-9fbd-758e8447a096; path=/; HttpOnly
Date: Fri, 22 Apr 2016 17:18:10 GMT
I know that when all endpoints are degraded, they will essentially be treated the same as if they were online, but I'd like to resolve the degraded status.

Verify ownership of Domain Name

October 25, 2016, 5:19 pm
$
0
0
I need to setup a business email address with Zoho/Gmail using my custom domain name that I bought through the Azure Portal.  It appears that although I bought it through Microsoft it needs to be validated at GoDaddy.  How can I validate with those external providers (Gmail/Zoho) that I own my domain name?

Load Balancer with primary/secondary routing

October 26, 2016, 12:05 am
$
0
0

Hi,

We have Two Applications servers (APPVM1 and APPVM2) running in an Availability setASet1. The connections to these application servers are directed thourgh a load balancer APPLB.On the other hand, we have two database servers DBVM1 (primary) and DBVM2 (secondary) running in an Availability setASet2. Both the database servers are connected to a Database Load Balancer DBLB.All the connections hit the application server via application load balancer in round robin fashion and further hit the database via database load balancer in round robin fashion.Our requirement is that the connections to the database should go only to DBVM1. (The DBVM1 and DBVM2 are having replication in place). If and only if the DBVM1 goes down the connections should be redirected from the Database load balancer to DBVM2. Few things to note

1. We do not want to expose the VMs to public. 

2. Traffic Manager does not meet our requirement.

3. Session Affinity does not completely address the issue. 

4. We do not want to create a seperate VM for broker/monitor processes for keeping the VM in ready/busy state under the load balancer.


Let me know if you have any questions or clarifications on my question. 

Thanks & Regards

Venu

Controlling outbound URLs through NSG

October 26, 2016, 9:30 am
$
0
0

I need to achieve a scenario where an Azure VM could make outbound connection only to specific URLs.

I see a couple of ways to do it

1. configuring host based firewall

2. Installing n/w security device and using UDRs to route traffic through it (force tunnel is out of question as we have single vNet cloud only scenario)

What I was wondering is if we can use NSGs or any other Azure provided construct to block traffic at n/w or subnet level. NSGs seem to support IP address only (and not URLs unless something is configurable through poweshell).

Can someone confirm if NSG can be configured with URLs too? Or suggest any other Azure construct if NSG is not the answer?

https://www.linkedin.com/in/gangwar

Search

Intentionally fail Azure

October 26, 2016, 11:09 am
$
0
0

This question was posed to me and I have no idea.  Could someone please help?

Is there a way to intentionally fail the Azure
Multi Factor Authentication (aka PhoneFactor) when it calls.

The options are to either press # to confirm success, or 0 to report
fraud, but there needs to be some other button to "fail" the
authentication so that the calls will cease.  If you just ignore the
phone call, it will just keep calling, including leaving messages in
ones voicemail.

It's possible that this is not 100% an Azure problem and instead may
have to do with how we have RADIUS configured.  Perhaps if we can define
a "maximum" amount of retries, instead of the current, which appears to
be indefinite, then that may be an acceptable solution.

Azure Site to Site stops working because Public IP cannot be reached.

October 26, 2016, 1:41 pm
$
0
0
For over a week now our Azure Ike2 site to site VPN has not been working. After working with our firewall vendor we have determined that the firewall cannot reach the public IP address of the VPN gateway. We are in the south central US dc. Has anything changed here or how do we get support for something that appears to be an Azure issue?

Can't control my Azure.

October 26, 2016, 6:20 pm
$
0
0

Azure send Blade_Errors. and I can't control my portal even look a status.

It is from yesterday. 

Change Browsers and change to InPrivate brows, not change anything.

I can't understand anymore.

VNET to VNET VPN connection using import/export method

October 26, 2016, 5:46 am
$
0
0

Hi 

Need help with our setup, I'm trying to do vnet to vnet connection using import/export method

Here is my scenario.

I have 2 Virtual Network both are connected via S2S VPN connection. Both S2S VPN is connected to a single H.O. (could have been a single but the former admin use this method) each VNet have several VMs on it and downtime is not possible.

Virtual Network
VNet01 192.168.0.0/16 connected via s2s vpn to HO
VNet02 172.168.0.0/16 connected via s2s vpn to HO

Local Network:
LN01 onprem IP
LN02 onprem IP
(LN01 & LN02 have the same set of IP segment on premise e.g if LN01 have 10.10.0.0/24 LN02 also have 10.10.0.0/24)
inet01 public ip of gateway in vnet02. address space is address space of vnet02
inet02 public ip of gateway in vnet01 address space is address space of vnet01

use method of export and import network config.
Vnet01>config>localnetwork>multi (inet01 and LN01)
Vnet02>config>localnetwork>multi (inet02 and LN02)

run the ff command
Set-AzureVNetGatewayKey -VNetName VNet1 -LocalNetworkSiteName inet01 -SharedKey A1b2C3D4
Set-AzureVNetGatewayKey -VNetName VNet2 -LocalNetworkSiteName inet02 -SharedKey A1b2C3D4

status is successful. 
but when i run the command get-azurevnetconnection the inet01 and inet02 status is not connected.

I need our VMs from Vnet01 to communicate with Vnet02.

Kindly help me resolve this issue.

Thanks in Advance

Paolo


Unable to create new vpn connection

October 27, 2016, 9:54 pm
$
0
0

I'm attempting to follow the instructions for creating a new VPN connection for my virtual network. The guide I'm following is here: https://github.com/Azure/Azure-vpn-config-samples/tree/master/Cisco/Current/ASA.

I'm stuck at the point of needing to create the vpn connection. On Step 2 (settings) I'm unable to create a new virtual network gateway or a local network gateway. The blade for both of those shows up but has dots animating across the top that never stop as if it's waiting for something to finish loading. I tried in another browser (Chrome) and that time the blade was missing the create new button all together.

Here is a screenshot of how it looks for me in Edge: https://dl.dropboxusercontent.com/u/17579043/ShareX/2016/10/ApplicationFrameHost_2016-10-27_17-04-38.png


Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>