Hello guys,
I'm just beginning with Azure, so sorry for the level of these question.
My first question : Why the addressing begin at 4, for example I created a network address : 192.168.0.0/16, I saw that the gateway take the .1, but I can't take the IP finished with .2 or .3, why?
Thanks.
hey Guys;
i was reading some article about Traffic manager and AppServices in azure...
it says :
Contoso Corp have developed a new partner portal. The URL for this portal is https://partners.contoso.com/login.aspx.The application is hosted in three regions of Azure. To improve availability and maximize global performance, they use Traffic Manager to distribute client traffic to the closest available endpoint.
how toachieve "application is hosted in tree regions" ? i am confused about this...
that means; Create 3 different web site under 3 different app service plan which is located in different region
?
source link as below :
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-how-traffic-manager-works
Hi,
We have an Azure website with Authentication/Authorization enabled on the site connecting to Active Directory. The app in the browser redirects to default login page and works fine.
The same login page fails to load in SalesForce canvas app as the SF canvas app loads the page in the iframe.
The page is throwing following error in the browser
Refused to display 'https://login.microsoftonline.com/dc5133dd-ee6e-4110-a50c-ddb882f6e7e3/oaut….aspx%26b2cPolicy%3D&nonce=ccd2336c376c400c94a820cc08945250_20170202084203' in a frame because it set 'X-Frame-Options' to 'DENY'.
Any alternate approach to load the default AAD login page in iframe will be helpful.
Thanks
Padma
I have an Application Gateway with WAF, it is in Protection Mode and configured to send diagnostics to Log Analytics as outlined here. https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics
Also, I do have a web server behind the WAF.
My issue is, no logs of any kind are being generated or collected.
I contacted MS support and they experienced the same issue, however, because the WAF is in preview they had no resolution for me and suggested I contact the forums.
Thank you
Hi All
A bit of a novice with Azure. I have a web site running in ASP.NET on Azure, but the DNS at Network solutions points to my old website which then asks users to go to my site at Azure. This is not ideal since I have to pay ATT to keep my site up there even though it does nothing.
Nothing except it provides my E-mail forwarding to Outlook.
I want to move the DNS to point to the Azure site (which should be pretty easy), but I am worried about my E-mail if I do that. I have looked through Azure documentation and don't see anything about transferring the E-mail forwarding to Azure once it is disconnected from ATT. Best of all would be if this is automatic, but somehow I don't see how that can be.
Any help would be greatly appreciated.
How to identify VM which is not responding to health probes?
I have gone through health probe log, it says about how many VMs are up and how many are down. But how to know which all VMs are down?
Internal LB doesn't show health probe log, is there a way to get health status from internal LB as well?
Thanks,
Ram
hey everybody ;
There is a IIS + a SQL VMs on azure which is located on "UK west" datacenter also some of our clients is located in England. Everything is ok for them when they use the application no latency.
The problem is users which is located in China becasue of latency the application works so slow.
i am thinking to create secondy SQL on nearest datacanter in China and redirect users via traffic manager with same URL.
sounds good, but the questions is how to SQL Databases will synchronization with each other ?
i dont want two separate SQL server.....but dont know which way is mine..
Regards.
Hi We want to migrate our existing on-permise DC to Azure.
We have create VM, installed AD and roles now please let me know the steps for next. we are trying to setup virtual network but not sure how to use it.
Let me know if you need anything .
Regards,
Nitin
Just starting with Azure, setting up a test network. The Azure VNet uses the default 10.0.0.0/16 and the VMs' subnet is a /24 within that. VMs' IPs are set to static in the VNet and reported within VM as dynamic (as supposed to be). I installed Windows Server 2016 Active Directory (created a new forest) on one VM, then added a second DC. Installs went fine, no errors. I noticed that in AD Sites and Services, there's no subnet listed under Subnets. On either DC. Otherwise S&S looks ok - IP site link, servers, NTDS settings all there. dcdiag /c passed tests. repadmin /showrepl successful. DNS and sysvol (which is on a separate disk per MSFT instructions) look proper.
Shouldn't the /24 subnet be listed in S&S? I can add / associate it with default-first-site manually, but want to confirm the subnet should have been added automatically by the system.
Thanks,
Joan
I'm trying to use the new Azure Virtual Network public preview of the peering feature to join two networks I have on two different subscriptions, i.e. different tenants. Is this possible, I've not seen anything to say otherwise, but when I try to peer them in PowerShell I get the following error.
The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/{Guid2}/resourceGroups/Default-Sydney/providers /Microsoft.Network/virtualNetworks/SYDVN/virtualNetworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant '{Guid3}'.
Full error and command
PS C:\Windows\system32> Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $SYDVN -RemoteVirtualNetworkId "/subscriptions/{Guid1}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN1" -BlockVirtualNetworkAccess
WARNING: The output object type of this cmdlet will be modified in a future release.
Add-AzureRmVirtualNetworkPeering : The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/s
ubscriptions/{Guid2}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN/virtualNe
tworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant
'{Guid3}'.
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : '{Guid4}'
At line:1 char:1+ Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $S ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : CloseError: (:) [Add-AzureRmVirtualNetworkPeering], NetworkCloudException+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.AddAzureVirtualNetworkPeeringCommandAny help will be much appreciated.
I was trying to create a Site2Site VPN from Azure to AWS using StrongSwan. All configurations were done and in Azure I need to create Local Network Gateway to Vnet Gateway. This Local network Gateway takes public IP of VPN server and Address space of that server subnet (private IP subnet x.x.x.x/y). Initially I created Local network Gateway with public IP and forgot to add address space. I tried tunneling and it got connected but not able to ping or reach other servers in other VPN.
Later I realized my mistake and tried adding Address space and it took few minutes to update the changes and later got failed. I searched many forums for this issue and no where it was mentioned about this Address space.
In my understanding this Address Space is mandatory for servers to communicate in a VPN. So, I created a new Local Network Gateway and added VPN Public IP along with the VPN subnet and everything started working.
Hope, this helps someone with same issue.
Already have an open case, they said to post here. REG:117010715144805
Enabling WAF mode in the application gateway is indicating a failure that the request doesn't have an Accept header. However, this check is not valid for a websocket request as the Accept header is not permitted on web sockets on current browsers. We have the WAF in detect only mode at the moment as it completely breaks our app otherwise. From log analytics: ...details_message_s: Warning. Operator EQ matched 0 at REQUEST_HEADERS. ...details_file_s:/owasp_crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf
Any suggestions?
#SETUP
$resourceGroupName = ""
$nsgResourceName = ""
$ruleName = ""
$desiredDefaultIp = "xxx.xxx.xxx.xxx/32"
$newIP = "xxx.xxx.xxx.xxx/32"
#GET NSG
$nsg = Get-AzureRmNetworkSecurityGroup -Name $nsgResourceName -ResourceGroupName $resourceGroupName
#FIND RULE
$specificRule = $nsg.SecurityRules | Where-Object { $_.Name -match "$($ruleName)" }
$index = $nsg.SecurityRules.IndexOf($specificRule)
#IF THERE ARE EXISTING IPS IN THE RULE, KEEP THEM, ELSE, MAKE SURE WE HAVE A DEFAULT IP AT LEAST.
$allowedAddresses = New-Object "System.Collections.Generic.List[String]"
if($specificRule.SourceAddressPrefix) {
$allowedAddresses = $specificRule.SourceAddressPrefix
} else {
$allowedAddresses.Add("$desiredDefaultIp")
}
#ADD A NEW IP, IF IT DOESN'T ALREADY EXIST
if($allowedAddresses.Contains($newIP)) {
Write-Host "IP address already allowed"
return
} else {
$allowedAddresses.Add($newIP)
$nsg.SecurityRules[$index].SourceAddressPrefix = $allowedAddresses
Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
}Running the following code, I'm getting this error: "Set-AzureRmNetworkSecurityGroup : Required security rule parameters are missing for security rule with Id: [RESOURCE ID] Security rule must specify SourceAddressPrefixes, SourceAddressPrefix, or
SourceApplicationSecurityGroups.
StatusCode: 400
ReasonPhrase: Bad Request"
This is occuring because while the rule I want is OK, another resource in the network security group uses a port range for the "DestinationPortRange" - specifically 10930-10939. When using the get call - the security rule for this range is returning an empty "SourceAddressPrefix". I have also tried to write out the rule as 10930,10931,109312...,10939 - which also returns an empty "SourceAddressPrefix". When I go to run the Set command the error is thrown because it is expecting a value on this security rule. I don't really want to break up each port to it's own individual rule - and I had similar code to this working not long ago - so I'm wondering if something has changed in the azure API.
When I am trying to enable accelerated networking for a VM, nothing happens:
$ az network nic update --name MyLinuxVM-3 -n MyLinuxVM-3VMNic --resource-group ic-exasol-001 --accelerated-networking true
{"dnsSettings": {"appliedDnsServers": [],"dnsServers": [],"internalDnsNameLabel": null,"internalDomainNameSuffix": "a1gteu2qlm3uvda5qury3tvdxc.ax.internal.cloudapp.net","internalFqdn": null
},"enableAcceleratedNetworking": true,"enableIpForwarding": false,"etag": "W/\"ada75778-f4a2-49f4-b853-c2d0cd29a812\"","id": "/subscriptions/fd6696e3-8f52-4410-a769-230c3727693e/resourceGroups/ic-exasol-001/providers/Microsoft.Network/networkInterfaces/MyLinuxVM-3VMNic","ipConfigurations": [Inside the VM after that I see the same devices as before, no Mellanox:
# lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGAHello,
What is the SPF record for microsoft.com (including domains related to Azure and Azure gov) so that emails from Microsoft will not be flagged as spam after we can update our email server with your SPF record.
My company is a current client of Microsoft.
Thanks,
E
Hi,
We are trying to do a policy based VPN with multiple sites.
However from this article,
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-connect-multiple-policybased-rm-ps
It shows a policy based diagram to multiple sites but at the same time the max connection for S2S policy based is 1.
So does anyone know if policy based VPN can be done from Azure to 2 or more different sites?
| PolicyBased VPN Gateway | RouteBased VPN Gateway | |
|---|---|---|
| Azure Gateway SKU | Basic | Basic, Standard, HighPerformance, VpnGw1, VpnGw2, VpnGw3 |
| IKE version | IKEv1 | IKEv2 |
| Max. S2S connections | 1 | Basic/Standard: 10 |
I have Azure trial subscription
have came across below article
https://blogs.msdn.microsoft.com/mast/2017/11/15/enhanced-azure-security-for-sending-emails-november-2017-update/
I have integrated Sendgrid SMTP relay service with My Azure Compute Subscription and allowed SMTP traffic by setting up API keys and password.
Post that Azure VM (Exchange server) is configured to send emails to smart host (smtp.sendgrid.net) via above API key and password as authentication mechanism
However still My exchange server is unable to relay any emails to any internet SMTP including Sendgrid SMTP
i cannot contact Microsoft Azure Support because of free subscription
How I can allow Exchange server to send emails to sendgrid SMTP relay?
Thanks Best Regards Mahesh
Hi,
Can anyone tell me how to enable DPD on a BOVPN connection?
This document states that it is supported - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
however, I cannot see anywhere how to enable it??
Thanks for the help