Quantcast
Viewing all 6513 articles
Browse latest View live

Overlapping VNets address spaces and ability to RDP

January 19, 2017, 10:23 am
$
0
0

Hello

As I understand, within a resource group, multiple VNets are allowed to have overlapping address spaces. For example, within a given subscription and resource group, I could have:

VNet1: 192.168.0.0/16 containing subnet: 192.168.1.0/24 containing VM1 with internal IP: 192.168.1.4

VNet2: 192.168.0.0/16 containing subnet: 192.168.1.0/24 containing VM1 with internal IP: 192.168.1.4

VNet3: 192.168.0.0/16 containing subnet: 192.168.1.0/24 containing VM1 with internal IP: 192.168.1.4

and so on and so forth but within subscription limits.

Noted that the Azure portal will throw out a warning for overlapping VNet address spaces, but will nevertheless accept the configuration as valid.

Every VM1 gets a unique static external IP address used for RDP. Please see diagram.

Problem: I am not able to RDP into any of the VM1s except the first created. This happens although every VM1 was created with identical configuration.

Ask:

1. Is this really a valid and supported configuration in Azure?

2. If valid, why I am not able to RDP into any of the VM1s except the first created VM1?

BTW, I performed troubleshooting steps as described below and nothing exceptional turned up:

https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-troubleshoot-rdp-connection?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json
https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-detailed-troubleshoot-rdp?toc=%2fazure%2fvirtual-machines%2fwindows%2ftoc.json

Setup:

Image may be NSFW.
Clik here to view.

ARM Template used to create the setup:

{"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion": "1.0.0.0","parameters": {"Number of students": {"type": "int","metadata": {"description": "Number of students"
      }
    }
  },"resources": [
    {"apiVersion": "2016-03-30","type": "Microsoft.Network/publicIPAddresses","name": "[concat('vm1-PublicIP-Student-',copyIndex())]","Comments":  "vm1 Public IP Address","location": "[resourceGroup().location]","properties": {"publicIPAllocationMethod": "Static"
      },"copy": {"name": "PublicIPAddressCounter","count": "[parameters('Number of students')]"
      }
    },
    {"apiVersion": "2016-03-30","type": "Microsoft.Network/networkSecurityGroups","name": "[concat('NetworkSecurityGroup-Student-',copyIndex())]","location": "[resourceGroup().location]","Comments": "Network Security Group one per student","properties": {"securityRules": [
          {"name": "default-allow-rdp","properties": {"description": "Allow RDP","protocol": "Tcp","sourcePortRange": "*","destinationPortRange": "3389","sourceAddressPrefix": "*","destinationAddressPrefix": "*","access": "Allow","priority": 1000,"direction": "Inbound"
            }
          },
          {"name": "allow-port-443","properties": {"description": "Allow HTTPS","protocol": "Tcp","sourcePortRange": "*","destinationPortRange": "443","sourceAddressPrefix": "*","destinationAddressPrefix": "*","access": "Allow","priority": 1001,"direction": "Inbound"
            }
          }
        ]
      },"copy": {"name": "NetworkSecurityGroupCounter","count": "[parameters('Number of students')]"
      }
    },
    {"apiVersion": "2016-03-30","type": "Microsoft.Network/virtualNetworks","name": "[concat('VirtualNetwork-Student-',copyIndex())]","location": "[resourceGroup().location]","Comments": "Virtual Network - One Per Student","dependsOn": [ "NetworkSecurityGroupCounter" ],"properties": {"addressSpace": { "addressPrefixes": [ "192.168.0.0/16" ] },"subnets": [
          {"name": "[concat('SubNet-Student-',copyIndex())]","properties": {"addressPrefix": "192.168.1.0/24","networkSecurityGroup": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups',concat('NetworkSecurityGroup-Student-', copyIndex()))]"
              }
            }
          }
        ]
      },"copy": {"name": "VirtualNetworkCounter","count": "[parameters('Number of students')]"
      }
    },
    {"apiVersion": "2016-03-30","type": "Microsoft.Network/networkInterfaces","name": "[concat( 'vm1-NetworkInterface-Student-',copyIndex())]","location": "[resourceGroup().location]","dependsOn": [ "PublicIPAddressCounter", "VirtualNetworkCounter" ],"properties": {"ipConfigurations": [
          {"name": "ipconfig1","properties": {"privateIPAllocationMethod": "Static","privateIPAddress": "192.168.1.4","publicIPAddress": {"id": "[resourceId('Microsoft.Network/publicIPAddresses', concat('vm1-PublicIP-Student-',copyIndex()))]"
              },"subnet": {"id": "[concat( resourceId('Microsoft.Network/virtualNetworks', concat('VirtualNetwork-Student-',copyIndex())),'/subnets/SubNet-Student-',copyIndex())]"
              }
            }
          }
        ]
      },"copy": {"name": "NetworkInterfaceCounter","count": "[parameters('Number of students')]"
      }
    },
    {"apiVersion": "2016-03-30","type": "Microsoft.Compute/virtualMachines","name": "[concat( 'vm1-VM-Student-', copyIndex())]","location": "[resourceGroup().location]","dependsOn": [ "PublicIPAddressCounter", "NetworkInterfaceCounter" ],"properties": {"hardwareProfile": { "vmSize": "Standard_DS3_V2" },"storageProfile": {"osDisk": {"name": "[concat('vm1-OSDisk-Student-', copyIndex())]","osType": "Windows","createOption": "Attach","caching": "ReadWrite","vhd": {"uri": <URI goes here>
            }
          },"dataDisks": [
            {"name": "[concat('vm1-DataDisk-Student-', copyIndex())]","lun": 0,"CreateOption": "Attach","caching": "None","vhd": {"uri": <URI goes here>
              }
            }
          ]
        },"networkProfile": {"networkInterfaces": [
            {"id": "[resourceId('Microsoft.Network/networkInterfaces', concat( 'vm1-NetworkInterface-Student-',copyIndex()))]"
            }
          ]
        }
      },"copy": {"name": "VirtualMachineCounter","count": "[parameters('Number of students')]"
      }
    }
  ]
}

Thank you very much!

Sada Kubsad











Search

Error while deploying to Microsoft Azure

January 19, 2017, 12:09 pm
$
0
0

Hey guys,

I am facing an issue while deploying the web app to Azure.

It says MissingRegistrationForLocation: The subscription is not registered for the resource type 'components' in location ''Centrall Us".

Image may be NSFW.
Clik here to view.

I am using VS2015 Azure sdk 2.0 

any suggestion are appreciated.

And also I am want to learning micro services in azure. please suggest me some references.



Thank you in advance.

Sri C


VPN Azure - NSX

January 19, 2017, 12:20 pm
$
0
0

We are performing a setup of a VPN from Azure to NSX

NSX have an error log "no proposal chosen"


Routing external internet traffic to an Internal Load Balancer 

January 13, 2017, 9:09 am
$
0
0

Hi,

Scenario:

I have an internal Load Balancer for two VMs that run Dynamics CRM for use on our company network only and does not require any external access.

On each VM under the load balancer has a public IP which is used to connect to various external services and apis these rules are set via an associated NSG.

Now an we have one external service provider that requires access to the internal load balancer in order for its service to run correctly.

Since internal load balancers are not able to have a public IP associated with it, is there any way I can create a public IP and have a route or perhaps a forwarding to the internal IP address of the Load Balancer?

Azure Traffic Manager & ADFS 2012r2

November 9, 2014, 3:03 pm
$
0
0

Hi All

Ive installed ADFS 2012r2 (ADFS 3) on some VMs in Azure and I have Azure Traffic manager pointing to the ADFS WAP Cloud Service,

But I keep getting Degraded mode.  Traffic Manager is doing the job with no issues.  Which is great.  

I believe the issue is that TM is looking for a 200 reply from the WAP server.  The TM config is below.

relative path and file name

/adfs/ls/IdpInitiatedSignon.aspx

Port 443.

On the WAP I can brows to /adfs/ls/IdpInitiatedSignon.aspx 

Has anybody come across this issue before?

Thanks

Spud

Unable to remove a Virtual Network of an App Service Environment

January 20, 2017, 2:14 pm
$
0
0

Hi yes, it said that something is in use .. but I just created this resource by error .. I tried to go the deeper I can to delete whatever its attach to it .. but its always something blocking



Image may be NSFW.
Clik here to view.

Application gateway backend servers in Unhealty status

January 21, 2017, 12:22 pm
$
0
0

Hi, 

I'm new to Azure, and have been setting up several resources in Azure. I'm having problems with one specific AG where both backend servers are in Unhealthy status when I check on the portal, but the servers are properly configured. I have other AG's setup, with only one server in the backend that show healthy, but not in this case. Is round robin not working? Please let me know if you need more info.

Thanks

Will

Can't get SSL bindings configured

January 23, 2017, 8:41 am
$
0
0

I've been following this guide: https://docs.microsoft.com/en-us/azure/app-service-web/web-sites-configure-ssl-certificate

I'm at the bottom of Step #2.  I've successfully imported the App Service Certificate.  Then I clicked on "Add binding".  However, in the "Hostname" dropdown listbox, there are no domains to choose.

Later this week my company's DNS admin will assign CNAME records from our company domain to Azure.  But it doesn't make sense to me that this step is going to solve the problem I'm currently up against.

Any guidance would be much appreciated!

Robert

Search

How to use CORS with azure traffic manager

January 19, 2015, 6:24 am
$
0
0

I am using azure traffic manager for load balancing of my virtual machines. But it is giving CORS blocked error when calling from ajax.

I have CORS enabled for my machines url.

can any one provide me some solutions.

P2S VPN with peering to another Vnet

January 13, 2017, 1:55 am
$
0
0

Is it possible to setup P2S VPN allowing access to another Vnet using Peering.

I have Vnet1 and Vnet2. I have a three  VM's in Vnet1 and one VM in Vnet2.

Vnet1 has a S2S VPN to on-premise. 

Vnet2 has P2S VPN

VM's in VNet1 and Vnet2 can communicate with each other (ping/RDP) via the peering setup.

Using the P2S VPN on Vnet2, I can communicate with the VM in Vnet2 but cannot ping/RDP to the VM's in Vnet1.

my peering setup:

Vnet1:

connected to Vnet2

allow virtual network access enabled

allow forwarded traffic enabled

allow gateway transit disabled

use remote gateways disabled

Vnet2:

connected to Vnet1

allow virtual network access enabled

allow forwarded traffic enabled

allow gateway transit enabled

use remote gateways disabled

My initial thought is that the subnets are setup to be peered between the Vnets.

However, as the P2S IP range cannot be an existing Vnet subnet then there probably is no routing in place for the peering.

Can a P2S VPN be setup for peering into the other Vnet and if so, how?

Thanks

Connection draining in Azure LB

January 23, 2017, 9:26 am
$
0
0

Is there a way to disable connections draining on Azure LB. Basically the behaviour I have seen is that, active connection on a backend VM is not closed after azure health probe fails on that VMs but new connection lands to another VM. I want to close all the active connections on a backend VM when the health probe fails.

Thanks,

Ram 

Express Route public / private peering with Active Directory

December 22, 2016, 5:32 pm
$
0
0

Hi all, 

This is probably a loaded question but here it is anyway. 

We have a requirement to have all of our environments AD authenticated (mostly a windows shop). 

We would prefer to keep all of our Dev/Test environments on the private peering (non public facing). Production obviously will need a public presence. 

With express route in mind how do people handle Active Directory replication between Public / Private peering options? At present we have DCs hosted on Azure VM's. To get AD replicated across the public / private peers does this mean we need more DC's deployed on the corporate site? 

Use DC's deployed in the private space to replicate to corporate networks. Then an RODC to replicate into the public tier? 

Or is there an ability to route traffic across the public / private express route connections? My assumption to this would be its not possible. 

Cheers, 

ronny

force tunneling

January 23, 2017, 9:53 pm
$
0
0

unable to access internet on azure vm after configuring force tunneling in site-to-site vpn.

all onpremise servers are accessable.

Public IP Redirect

January 24, 2017, 12:35 am
$
0
0

I have created a Public static IP address that has the hostname name.location.cloudapp.azure.com

How can I redirect that to another hostname/IP address?

Do I create a DNS record? What entries do I need to add?

The reason I want this is because the azure IP is static and my servers IP is dynamic. I want to be able to change the dynamic IP (probably with a script) in azure when my IP changes so it doesnt have to propogate through all the DNSs and is an instant change


A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109)

August 15, 2016, 8:15 am
$
0
0

Hello there all

We've been successfully connecting to our Azure VNET via a standard point-to-site VPN configuration for more than a year. We originally created individual certificates for each user, as described at:

https://azure.microsoft.com/en-gb/documentation/articles/vpn-gateway-point-to-site-create/

...And they have worked just fine for a year or so.

Now, halfway through our morning, we suddenly can't connect to the VNET. Earlier in the morning, we connected successfully.

We now get the error:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109)

Any ideas? Thanks a lot.

Search

Problems combining CDN and Traffic Manager

January 24, 2017, 12:51 pm
$
0
0

I'm attempting to use CDN's and Traffic manager at the same time. Here's my current setup:

DNS point to Azure Edge:

CNAME: www.inboxlock.com -> inboxlock.azureedge.net

Inside Azure Edge I have the origin pointing to Traffic Manager (inboxlock.trafficmanager.net). The reason I'm pointing to the CDN and not Traffic Manager is because there's no option for setting a CDN inside of Traffic Manager. So basically, if I use Traffic Manager I can't use a CDN.

So, theoretically what should happen is a DNS request checks the CDN to see if there's a cache of the content and if not it will load the resources from the closest server (Traffic Manager). I currently have servers in the West US, West Europe, and SouthEast Asia. However, I'm located in Washington State and when I check the location of the referring server it's triggering West Europe or some other place nowhere near to me. Also, if I test this setup using an IP from Singapore (through a VPN) for example technically it should trigger the server in SouthEast Asia (which happens to be in Singapore). But nope, it's triggering the server in California. 

I was thinking that maybe the reason it's hitting the wrong servers is because it's being pulled from the location of the cache and not the IP of my personal DNS zone but if the CDN cache was really loading from my nearest location like it should for low latency of the CDN then it would still pull from the closest server through traffic manager.

Please help. Thanks, Chris Walters

Azure VPN to CISCO ASA 5550 using azure public ip addresses

January 19, 2017, 5:57 am
$
0
0

I have a VPN with a gateway to connect to another network (a local mobile operator) which are using CISCO ASA 5550 Version 8.0(3), on azure side i would like advertise the public ip instead of the local azure network since the mobile operator security policy does not accept private ips on their configurations.

The tunnel phase 1 is coming up and the second phase fails with an error saying that the ip is not allowed which is the azure local network.

From the server (with public ip allowed in the network operator) i can ping the mobile operator network gateway but i cannot ping any server in their network.

I am not sure what can be done but am guessing a NAT (Not sure how to do this either) can do it or something i dont know?

NOTE: All resources have been setup using Azure resource manager

emabusi

What is the best way to remove Traffic Manager

January 25, 2017, 9:19 am
$
0
0

Hi,

I have a Traffic Manager and two endpoints.

Now I want to remove Traffic Manager and one endpoint.

If I still want to use former URL to direct to endpoint remain.

What is the best way to do that.

I am a little bit worry about the DNS thing.

Best Regards,

Zhong

Unable to delete Classic VNET

January 25, 2017, 1:45 pm
$
0
0

I've cleaned out pretty much everything in the subscription and this doesn't seem to be able to be deleted.

Can't delete or modify the properties of Subnet-1 (can't change name, CIDR allocation) and can't delete parent address space either because "in use". All VMs, gateways have been deleted. AAD is basically the only other thing in the sub and domain services for AAD isn't configured.

Help to kill this vnet off appreciated!

Image may be NSFW.
Clik here to view. Image may be NSFW.
Clik here to view. Image may be NSFW.
Clik here to view. Image may be NSFW.
Clik here to view.

I want to understand how azure network work with my on-premise network

January 25, 2017, 11:50 pm
$
0
0

Hello Support,

I want to configure my on-premise network on Azure VM then what is basic requirement for that .

1. I want to know configure step by step to configure on azure VM.

2. why we use azure VM ( site to site or point to site) and any other concept will be also used in connect on-premise network

3. i want to know what-2 component will be use in configuring VM

Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>