I need to create one virtual machine with IP addresses from different regions. As far as I understand from the documentation, it can be implemented using peer-to-peer or virtual network gateways, but it does not work out.
↧
IP addresses from different regions on one VM
↧
Not able to connect to the ADDS from client system (virtual)
I have 2 windows server 2016 deployed on Azure, In one server I have added a role and services of ADDS and I have promoted the domain controller and after that, I am trying to connect to this domain controller from another server and wanted to login in as a admin user of domain controller . but thing is happening is it is not able to connect to the domain . it is giving me an error as:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "rvnjncontoso.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.rvnjncontoso.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
168.63.129.16
- One or more of the following zones do not include delegation to its child zone:
rvnjncontoso.com
com
. (the root zone)
kindly , give me a direction so that I can create domain controller and its clustered system on cloud (Azure).
thanks,
rrnjn145
↧
↧
How do I define the VN Gateway subnet that VPN Clients get their IP in?
Hi,
I am trying to create the whole VPN Gateway configuration in Azure with PowerShell.
How do I define the VN Gateway subnet that VPN Clients get their IP in?
I already know how to get the certificate raw data into the fields below (using Add-AzureRmVpnClientRootCertificate)
↧
I have allow port 445 and i have share azure vm disk but i am unable to access from internet.
Hi Support,
I have create one Vm in azure portal and after that add 2 more disk attached and share it. I have create one NSG allow 445 port rule but when i am access from public internet then getting the error message.
But i am able to access share disk from any other azure vm.
Can you suggest how i can do that.
↧
P2S Clients won't register in Windows DNS
Hello All,
I've solved most of my DNS issues except for the following. I cannot get P2S clients to register with DNS.
I am running my own windows DNS on the Azure vnet. Secure and non secure updates are allowed. Reverse lookup zones for P2S client ip's have been specified. The dns server is specified as the first dns server on the p2s clients. Register
this connection is checked. However, even when running ipconfig /registerdns from the p2s client, it never registers. Been banging my head on this for days. Help? I should add there is no ad domain. Just a small workgroup.
Event Log from p2s client
↧
↧
Is it possible to make a tenant as transit network to different tenant?
Is it possible to make a tenant as transit network to different tenant?
ex topology:
on-prem <---expressroute or s2s vpn---> azuretenant01 <--vnet peering--> azuretenant02
can on-prem access/reach the servers/services hosted in azuretenant02?
↧
Diagnosing IPsec Connection from Azure to On-premise Firewall
are there IPsec-related error messages available from within the Azure Portal? the Activity log displays, "No results to display."
↧
Internal load balancing across regions, if vNet-to-vNet is configured.
We have a set of VMs in two regions, and would like to provide internal load balancing (we connect through ExpressRoute, no public exposure). Azure Traffic Manager doesn't work across regions for private endpoints.
Is it reasonable to connect up the two region vNets and then use internal load balancing ?
↧
Error connecting to VPN - An existing connection was forcibly closed by the remote host (Error 0x80072746).
Can anyone assist with this error. We have 3 users on Windows 7 Pro who get the error above whenever they try to connect to our Virtual Network Gateway. Other users also have Windows 7 Pro but are able to connect fine. This error just
started yesterday July 30th, prior to that everyone was working fine.
Chad
Also we are using a Client Certificate to connect to our Domain Server on Azure.↧
↧
Azure Application Gateway in WAF Mode - Disable/Increase Limit on SecRequestBodyLimit and SecRequestBodyNoFilesLimit
Hello,
The following error is logged on my WAF when my users submit a specific request (modifying a category list) on our Web App hosted EPIServer site:
{
"resourceId":"/SUBSCRIPTIONS/SUBID/RESOURCEGROUPS/NETWORK/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/WAF",
"operationName":"ApplicationGatewayFirewall",
"time":"2017-10-11T20:25:13Z",
"category":"ApplicationGatewayFirewallLog",
"properties": {
"instanceId":"ApplicationGatewayRole_IN_0",
"clientIp":"XXX.XXX.XXX.XXX",
"clientPort":"0",
"requestUri":"/EPiServer/Categories.aspx",
"ruleSetType":"OWASP",
"ruleSetVersion":"3.0",
"ruleId":"0",
"message":"",
"action":"Blocked",
"site":"Global",
"details": {
"message":"Request body no files data length is larger than the configured limit (131072).. Deny with code (413)",
"data":"",
"file":"",
"line":""
}
When I put the WAF into detect mode, this request functions without error.
I have already disabled a series of rules which were blocking EPIServer functionality, but this rule is different in the WAF. The Rule ID is showing as "0," and I can not disable it through the portal nor Azure CLI.
Is there a way that I can modify rule values?
Is there somewhere where I can interact directly with the WAF ruleset to execute such commands as:
SecRequestBodyLimit 536870912
SecRequestBodyNoFilesLimit 10485760
Any assistance would be greatly appreciated.
↧
Azure Resource Manager - Receiving a "resource...is not defined in a template" related to referencing a VNet in another resource group
When attempting to test out referencing a VNet defined in another resource group from my resource template, I get the "resource 'Microsoft.Network/virtualNetworks/other-resourcegroup-vnet' is not defined in a template error". The goal of the test resource template is to create a Nic (similar to how it is done in the documentation for the resourceid() function). A copy of my test template is below.
The target VNet does exist and was created using a resource template. I verified that the VNet was created utilizing the "Microsoft.Network" provider and that I'm referencing that provider in the test template.
Any insight on what I am doing wrong would be greatly appreciated.
Here is the json for my test template:
{"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","parameters": {"other-resourcegroup-vnetLocation": {"type": "string","defaultValue": "South Central US","allowedValues": ["East US","West US","West Europe","East Asia","South Central US","South East Asia"
]
},"MyTestNicName": {"type": "string"
}
},"variables": {"other-resourcegroup-vnetSubnet1Name": "Subnet-1","other-resourcegroup-vnetSubnet2Name": "Subnet-2","VNetResourceGroup": "RDBTestVNet","MyTestNicVnetID": "[resourceId(variables('VNetResourceGroup'),'Microsoft.Network/virtualNetworks', 'other-resourcegroup-vnet')]","MyTestNicSubnetRef": "[concat(variables('MyTestNicVnetID'),'/subnets/', variables('other-resourcegroup-vnetSubnet1Name'))]"
},"resources": [
{"name": "[parameters('MyTestNicName')]","type": "Microsoft.Network/networkInterfaces","location": "[parameters('other-resourcegroup-vnetLocation')]","apiVersion": "2015-05-01-preview","dependsOn": ["[concat('Microsoft.Network/virtualNetworks/', 'other-resourcegroup-vnet')]"
],"tags": {"displayName": "MyTestNic"
},"properties": {"ipConfigurations": [
{"name": "ipconfig1","properties": {"privateIPAllocationMethod": "Dynamic","subnet": {"id": "[variables('MyTestNicSubnetRef')]"
}
}
}
]
}
}
],"outputs": {
}
}↧
Advanced management for domains not working
When clicking advanced management , the page just keeps loading for me. I need to change the DNS of my domainname soon, so this is very important to me.
↧
Azure Application Gateway with webapps- This site cant be reached
I have created an appication gatweay in Azure for HTTPS I uploaded the .pfx certificate WAF is enabled I created an App Service
Web Apps I created 3 Web Apps one which will be used for Devtest website, One for PreProd and one for Live I then created 3 back end pools with the FQDN of each of the above webapps
3 Listeners were created for each environment as follows devtestlistner which points to DevTest.mydoamin.com prepodListerner which points to preprod.mydomain.co liveListerner which points to live.mydomain.com
Routing Rules added devRule which points to devtestListener preprodRule which points to PreProdListener LiveRule which point to LiveListener
The DNS name of the appgateway was entered into my domains DNS to point to the AppGateway
However when i navigate to any of the webiste i get This site can’t be reached xxxxxxxx.cloudapp.net took too long to respond ???
When I use the Azure dns above I still get this error?
Can anyone help?
↧
↧
How to detect and disable a slow endpoint in Traffic Manager monitor?
Hello everyone,
we have a Traffic Manager profile that should distribute traffic between two Azure endpoints, let's call them "primary" and "secondary".
The two endpoints are both web apps deployed in two different regions: primary is in West Europe, secondary in France Central.
Yesterday we had an outage that lasted more than one hour because the secondary endpoint went crazy (very high cpu and memory usage) but the Traffic Manager continued distributing incoming requests to both endpoints; after I manually disabled the secondary endpoint through the Azure Portal everything went back to normal.
How do I prevent this from happening again? Why didn't the Traffic Manager detect slow response times in the secondary endpoint and disable it?
Our Traffic Manager configuration:
Routing method: Performance; DNS TTL: 30 seconds
[Monitor settings] Protocol: HTTPS; Port: 443; Path: /KeepAlive.aspx (this web page loads a record from the database using Entity Framework, in a normal situation the response time should be around 1 second)
[Fast endpoint failover settings] Probing interval: 30; Tolerated number of failures: 3; Probe timeout: 10 minutes
↧
Approach for private DNS when using Point-to-Site with Azure VPN Gateway?
I have small development and support teams that I need to connect to our private network hosted in Azure. We are using a Windows server that serves Active Directory and DNS for the VMs in the network. I was able to configure Azure VPN Gateway to authenticate
and connect to our private network. I can ping our VMs (after making the appropriate NSG changes) so connectivity is good now, but I am trying to figure out how to properly configure the DNS server on the VPN/individual machines.
I personally use macOS, but we have a mix of Windows and macOS machines. Both IKEv2 and SSTP VPN seem to not have any functionality that allows adjusting the DNS servers on connection/disconnection. What is the recommended approach for configuring self-hosted private DNS in this scenario?
I personally use macOS, but we have a mix of Windows and macOS machines. Both IKEv2 and SSTP VPN seem to not have any functionality that allows adjusting the DNS servers on connection/disconnection. What is the recommended approach for configuring self-hosted private DNS in this scenario?
↧
Detached Nic -> Public Static IP lost
Hi,
We have noticed during some testing that if we have a Nic that is not attached to a VM the public IP address that is associated to (set to static) eventually gets removed/cleared. Can you confirm if this is an expected behavour and if so what is the timeframe associated with it being removed/cleared? Does this also occur if the public IP address is dissociated for a period of time?
Which method is preferred during a backup/restore:
1. Swap the NICs between VM's (by detaching/attaching which keeps both the local and public configuration)
OR
2. Dissociate/associate the public IP address and change the local IP (which is set to static on the original VM) to suit.
↧
Exposing Azure SQL Server through VPN Connection
Hello,
I'm trying to open up connections to my Azure SQL server to anyone connected to a P2S VPN.
I've followed this article to set up a P2S VPN:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
I created a self signed cert following the instructions in Powershell. I installed the client cert locally, and uploaded the root certificate. Doc here:
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert
Following that I set up a firewall rule on my SQL Server to allow connections from a VNET, following these docs:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
I downloaded the VPN client from the VNet Gateway I created and connected to the VPN. I verified I was connected with ipconfig.
After this, my client machine still does not have access to the SQL Server. SSMS tells me
"Your client IP address does not have access to the server. Sign in to an Azure account and create a new firewall rule to enable access."
Going through this will add a whitelisted IP for my client machine to Azure itself, but this is what I'd like to avoid. I need to expose a connection to this database to someone with a dynamic IP who will not have an Azure account.
Trying to connect through other means gives similar firewall errors.
I've tried simply turning off my local firewall to see if that was the issue but it hasn't changed any of the results.
Are there any common pitfalls to setting up something like this? I'm fairly new to both networking and Azure so any help is appreciated!
Thanks,
Tim
↧
↧
Need help with setting up VPN in Azure
Good Day
I'm trying to setup a VPN tunnel between onprem and azure.
However when running network watcher it says both Gateway and Connection is unhealthy.
Just want to first check, does one need to setup a NSG for the gateway?
Regards
DesK
↧
vnet peering different subnet blocked traffic
hi I have created a vnet peering from with two vnet from different subscription, but I can't reach the machines in the other vnet.
One vnet have the segment 192.168.0./24 and the other is 10.1.0.0/16 and when I try to ping a vm from 192... to 10.1 y get time out(*the firewall is down in both vms)
my question are:
do I need to create a route after creating a v-net peering to see the machines in the other segment?
what tools azure offers to do troubleshooting for networking issues?
what may be missing in this configuration?
slevik
↧
Azure DNS, how to make what's I created as authoritative
Dear All
The support in MS chat suggested me to post here about this topics.
Okay this is details steps I use in order (I'm not use real domain name/ip address for privacy reasons)
- I register contoso.xyz with registrar
- Then I decide to use Azure DNS as my NS
- I subscribed to Azure DNS and create contoso.xyz domain resources
- I created server1.contoso.xyz to point to 1.1.1.80
- I test with command "nslookup server1.contoso.xyz ns1-04.azure-dns.com" and get the answer as "1.1.1.80"
This is my questions
- What's happen when I use nslookup as above if another user also create contoso.xyz zone and create server1.contoso.xyz to point to 2.2.2.80.
- Does Azure DNS has a method for verify the ownership of each domain zone before it's active that zone ? In the step above I never founded any verification while I can get response from nslookup command.
Regards
Plum
↧