I have VNET with one subnet which I can't delete. There no connected resources and error message is quite unclear:
Failed to delete subnet 'default-subnet'. Error: An error occurred.
↧
Unable to delete VNET and subnet
↧
Script to perform Peering between multiple vNet
Hello,
We have around 10 subscription and each subscription has one vNET. We are planning to configure the full mesh VNET peering between the vNets. As it will be around 90+ peering connection to be configured, can any one suggest any power shell script to perform this task. We have below command but that will do only for single vnet to vnet peering.
Add-AzVirtualNetworkPeering ` -Name myVirtualNetwork1-myVirtualNetwork2 ` -VirtualNetwork$virtualNetwork1 ` -RemoteVirtualNetworkId$virtualNetwork2.Id
Thanks,
suhag
↧
↧
Network Wacther Connection troubleshooter internal server occured
I am exploring network watcher and getting following errors. None of the errors are really helpful to understand what is the issue. I have installed network watcher agent and enable network watcher for the region.
I have created a new connection monitor but it is not getting started and saying an error occurred.
I am trying to troubleshoot connection between two virtual machines in the same subnet using Network Watcher Connection troubleshooter and i am getting internal server error
↧
No data in or out on VPN Azure Site-to-Site to tunnel fortigate
0
So i have a problem that it's getting over my head for about a week, my company has a VPN on Azure configured that i have seen from back to back.
Virtual Network Configurations:
-Address space - 10.200.0.0/16
Subnets:
-Backend - 10.200.0.0/24
-GatewaySubnet - 10.200.1.0/27
Virtual Network Gateway:
-SKU - VpnGw1
-Gateway Type - VPN
-VPN Type - Route-based
-Public Ip Address - [IP of Gateway]
They also have Point-to-site configuration i dont know why but here is the config:
-Address space - 192.168.0.0/16
-Tunnel Type - IKev2
-Authentication type - Azure Certificate
Connections:
-Shows that is connected Site-to-Site(IpSec)
-Data in - 0 B
-Data out - 0 B
-Virtual Network Gateway - [IP of the virtual network gateway]
-Local Network Gateway - [Public ip of the company]
-Shared Key - The shared key generated
Local Network Gateway:
-IP Adress - [Public ip of the company]
-Adress space - [private network of the company]
After all this was done we added the Virtual Network to the App-service that we have on azure so that it can communicate with the private network of the company.
Configurations of the Fortigate:
Tunnel VPN:
-Remote Gateway - Ip of the Virtual Network Gateway on Azure
-Authentication Method - Pre-shared Key
-Ike Version: 2
Phase 1 Proposal:
-Algorithms - AES256-SHA256
Phase 2 Selectors:
-Local address - Private network of the company
-Remote Address - 10.200.1.0/27
Phase 2 Proposal:
-Encryption - AES256
-Authentication - SHA1
-Enable Replay Detection
-Local Port All
-Remote Port All
-Protocol All
Static route:
-Destination Subnet - 10.200.0.0/16
-Device - VPN Tunnel
Inbound Policy:
-Incoming interface - WAN
-Outgoing interface - VPN TUNNEL
-Source - Public ip address of company
-Destination Address - 10.200.0.0/16
-Accept
The Outbound Policy is literally the opposite of the Inbound and Accept also.
Is something wrong that you guys can see? it would be really helpfull for me!
Thanks to the people that will try to help!
↧
Front Door Service and ISO27001
Is Microsoft looking at ISO27001 certification of Azure Front Door service as a part of its roadmap?
↧
↧
AppservicePlan - Premium Plan Elastic pool - delete
Hi,
While testing the behavior of the new AzureFunction App Service Premium Plan, like other PaaS VNet integrated Services, a dedicated Subnet is required (understandable) and also creates a ServiceAssociationLink and delegation on the Subnet.
Until here it is clear.
But when we start with the delete action, then Subnet is locked due to the SAL and not sure how long it takes for the Datacenter to remove the link. This is a major blocker to do any actions on the VNET.
For ISE or ACI or AKS there is documentation listing how long it takes or else how to get around the issue.
Here is what I have:
* Camera01-d-asp Service plan, which was deleted and in the it endups as below:
* Get Action from az command, returns null/empty
```
az appservice plan show --name camera01-d-asp --resource-group xxxx-RG
```
* From the network, get the subnet where the functionapp serviceplan is linked and serviceassociationlink:
```
$dedicated_subnet = Get-AzureRmVirtualNetwork -Name eng01-d-vnet -ResourceGroupName eng01-vnet-d-rg | Get-AzureRmVirtualNetworkSubnetConfig -Name ase01-subnet
$dedicated_subnet.ServiceAssociationLinks
LinkedResourceType : Microsoft.Web/serverfarmsLink : /subscriptions/xxxxxx/resourceGroups/xxx-RG/providers/Microsoft.Web/serverfarms/camera01-d-asp
ProvisioningState : Succeeded
Name : AppServiceLink
Etag : W/"zzzzz-xxxxxxxx"
Id : /subscriptions/xxxxxxxxxxx/resourceGroups/eng01-vnet-d-rg/providers/Microsoft.Network/virtualNetworks/eng01-d-vnet/subnets/ase01-subnet/serviceA
ssociationLinks/AppServiceLink
```
* Try force remove the SAL, returns unauthorized exception
```
Remove-AzureRmResource -ResourceId /subscriptions/xxxxx/resourceGroups/eng01-vnet-d-rg/providers/Microsoft.Network/virtualNetworks/eng01-d-vnet/subnets/ase01-subnet/serviceAssociationLinks/AppServiceLink -ApiVersion 2019-04-01
-- Remove-AzureRmResource : UnauthorizedClientApplication : Unauthorized client application id xxxxxxx
```
Let me know if you have faced similar issues?
Update 1: After 1 hour from the portal the service plan is not visible any more but the SAL is still there, unable to remove it
Cheers
K
Koushik
↧
VWan site BGP instances sending different number of routes
Having a vpn-site with BGP enabled,
for one of the instance I am getting one extra route than another.
for one of the instance I am getting one extra route than another.
↧
Receiving vpn site bgp peer IP as prefix from azure
Configured a vpn site with bgp with peer as suppose 192.168.1.1.
On my device(router) where this IP will be local, I am getting this prefix from azure.
↧
VNet Peering across Azure Tenant
Hi,
One of my customer want to connect two Azure VNET between their tenant and the tenant of one of their business partner. Can we use VNet Peering. Azure VPN Gateway has bandwidth limitation and they need to exchange stream with 10 Gb line.
Any advice or recommandation?
Thanks
Christophe
↧
↧
Multiple ExpressRoute Circuits to Same Peering Location to Same VNet
The ER FAQs state:
"You can have multiple ExpressRoute circuits with the same or different service providers. If the metro has multiple ExpressRoute peering locations and the circuits are created at different peering locations, you can link them to the same virtual network. If the circuits are created at the same peering location, you can link up to 4 circuits to the same virtual network."
Looking for clarity on what 4 circuits means. Is this two ER services with the two primary and two secondary consisting of the 4 circuits. Or is this 4 ER services (with a total of 4 primary and 4 secondary)?
↧
Accessing Port 7533
Hi,
I have a service hosted on a VM on port 7533, which is running and listening as check using netstat and localhost on the server. However, its not accessible from outside. I have added inbound security rules to allow access on port 7533 on NSG and Firewall is also disabled.
Please help.
Thanks,
Rajiv.
↧
Is it possible to set up public IP to fail over to another region?
Hi,
I am still learning how the Azure network works.. I am wondering: when creating a public IP, is it possible to set up such as if a region fails, it will become available in another region? In the public IP creation page, it has an "availability zone" dropdown with values "zone redundant", 1, 2, 3. No matter what I choose, no additional options to specify which zone it can fail over to. Is it even possible?
Thank you.
↧
Using Web Application Firewall without Application Gateway
Hi,
I'm looking to improve the security of my application environment on Azure. We have 7 resource groups with no virtual machines. I wanted to implement a web application firewall but i prefer to not add an virtual machine to my environment. I can't find in the documentation if the functionality of the front door service/ WAF is available without this step.
I have implemented a WAF policy into a testing environment but i'm not sure if it is applicable to my resourcegroup. Can someone tell me if implementing the policy and coupling it to a resourcegroup is enough to add to the security of our environment
Thanks in advance
↧
↧
Network security group for Web applications
Hi,
I'm looking to improve the security of my application environment on Azure. We have 7 resource groups with no virtual machines. I'm trying to find out if it's possible to connect a network security group to an resource group. And if it's not possible what the best course of action is to let the connections to my webapps flow through the network security groups. I already made a network security group in a testing environment and when i performed a port scan i saw all traffic was filtered and in my other environments 2 ports were visible. I still could connect with an database connection client without adding the rule to allow the connection for the port it was using.
Thanks in advance
↧
configure multiple cname for a server
Team,
How do we configure multiple cname for a single server on azure.
↧
RDP to VM on Vnet2 in Vnet peered Network
Dear All,
I hope things are good with everyone.
I am here to seep one help related to Vnet peered network and rdp to VM on the Vnet 2. My team recently ecountered this issue so thought of connecting with the experts here.
I setup a Site-to-Site vpn from my on-premises to Virtual Network 1 . I can do RDP to Virtual Machines on this Virtual Network 1 through its Private IP address from my network.
Now I created a secondary Vnet and did a Vnet Peering from first network with Gateway ENabled Traffic ON. I provisioned a VM on this Virtual Network 2 and wanted to RDP through my On premises network which I am failing to do.
Do you have any recommendations on how can establish the RDP to this Secondary VNet VM using its private IP through peering. I don't want to setup a separate Gateway on the secondary VNet due to budgetary constraints.
Thanks in advance for all your support.
Regards
Jayesh Maduskar
MCT-India
↧
Exposing Azure SQL Server through VPN Connection
Hello,
I'm trying to open up connections to my Azure SQL server to anyone connected to a P2S VPN.
I've followed this article to set up a P2S VPN:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
I created a self signed cert following the instructions in Powershell. I installed the client cert locally, and uploaded the root certificate. Doc here:
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert
Following that I set up a firewall rule on my SQL Server to allow connections from a VNET, following these docs:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
I downloaded the VPN client from the VNet Gateway I created and connected to the VPN. I verified I was connected with ipconfig.
After this, my client machine still does not have access to the SQL Server. SSMS tells me
"Your client IP address does not have access to the server. Sign in to an Azure account and create a new firewall rule to enable access."
Going through this will add a whitelisted IP for my client machine to Azure itself, but this is what I'd like to avoid. I need to expose a connection to this database to someone with a dynamic IP who will not have an Azure account.
Trying to connect through other means gives similar firewall errors.
I've tried simply turning off my local firewall to see if that was the issue but it hasn't changed any of the results.
Are there any common pitfalls to setting up something like this? I'm fairly new to both networking and Azure so any help is appreciated!
Thanks,
Tim
↧
↧
Access Client Machine IP Address for the requests passing through Traffic manager
Hi Team,
We would like to capture the client machine IP address on in an application hosted on Azure VM and request is being passed through traffic manager.
Environment or Issue details:
Currently we are getting the firewall's IP address in the HTTP Server Variables.
Kindly guide us to achieve this.
↧
Transfer external DNS services to Azure
hello Expert,
Our external DNS services is currently been managed by a third party and as we are doing migration into Azure, I was wondering if it is possible to move/transfer/migrate the entire service to Azure DNS
↧
Error codes for Microsoft.Network
Hello,
Recently, I got this error code response from Azure:
StatusCode=400 -- Original Error: Code=\"ApplicationSecurityGroupCannotBeDeletedIfReferencedBySecurityRule\"
Is there any reference document that lists all the error codes that could be received from the Microsoft.Network provider ?
Thanks,
Sourabh
↧