"The expert in anything was once a beginner"
Azure Site2Site Policy Based VPN (IKev1)
NSG drops NIC after associating PIP
Hi all,
Ok, this is the situation and I would like to know if this is intended behavior or not. I have a running machine that needs to communicate to the outside world for reasons. To minimise downtime I do the following
Deploy Public IP (PIP),
Deploy Network Security Group (NSG),
Associate NSG to existing NIC 'Some_Nic_nic0',
Associate PIP to existing NIC 'Some_Nic_nic0'.
This all seems to work just fine, no errors and the reason I do this is to prevent the machine for even a second to be on the open internet.
However, when you do this it seems that the moment you associate the PIP to the NIC, the NSG drops the link with the NIC. Meaning, if you do not know this your machine will be on the internet without any NSG in front of it.
Anyone know if this is intended or is this an actual bug?
How to connect the same vnet with a peering.
2 vnets .... best way to block everything but a few select ports?
Right now I have 2 vnets that are peered but one of them is supposed to be a DMZ subnet with only a couple ports going back to the "internal" subnet. i.e. dns, ad trust and a few other ports.
what is the best way to achieve this? we are putting up the base infrastructure right now so I want to get it right before it goes production.
Chaos causes progress, Order inhibits it.
Issue with Site-to-Site Connectivity and VNet-VNet Connectivity
Hi Everyone,
We have our Landscape over 2 Azure regions viz. Region-01 and Region-02. We have setup Site to Site VPN Connectivity between our On-premise Gateway and Azure Gateway of Region-01. Have also setup VNet-to-VNet connectivity between VNet (Region-01) and VNet (Region-02). Now, I'm able to ping VMs in Region-01 from On-premise Network and also VMs in Region are able to ping VMs in Region-02, but VMs in Region-02 are not pinging from On-premise Network.
My query is - What setting / change in configuration we need to do, so that I'm able to ping my Region-02 VMs from On-premise Network.
Thanks
Kumar
WAF: HTTP Error 404
Hi
I've setup WAF for Application which is loaded to VM: IaaS Type Ubuntu 18.02 LTS
VM contains 4 Apps with different hostname.
- 1. domain.com
- 2. subdomain1.domain.com
- 3. subdomain2.domain.com
- 4. subdomain3.domain.com
Each app path created per app e.g var/www/domain.com etc.
Created 4 HTTP Settings per Hostname which "pickhost name on backend address" is selected
Listeners set to multi-site and pointing to hostname
Backend Pool points to IP: 10.0.0.4
Health Backend Health shows Good, now I'm still getting Error 404 Not Found. I'm stuck on this level.
Looking for C# code snippet for deleting and creating the loadbalancer rules for the given SLB
Anand
How to verify account
Apparently I can't include an image until my account had been verified...
...But I can't see a link anywhere to allow that to happen.
So: How does one verify an account on these 'ere forums?
List devices associated with a vNet using Powershell
Bastion RDP Setup
Hi there,
I have an Azure Linux VM with a Public IP address of 52.191.251.32 and a Private IP address of 10.0.0.4. There is a "default" subnet with an address space of 10.0.0.0/24.
I would like to configure Bastion to RDP within the browser. I have attempted to set up the AzureBastionSubnet with various IP address ranges, but have received the following two errors:
1) The specified address space overlaps with subnet 'default' which has a range of 10.0.0.0/24.
2) Your subnet is not contained within the address space for this virtual network: 10.0.0.0/24
I have read all documentation and FAQ available, and am not able to determine what IP address range is needed to configure the AzureBastionSubnet to enable Bastion RDP within the browser. Any assistance would be appreciated - let me know if there is other
information I might need to provide.
Share a single public IP for outgoing traffic from various resources in a vnet?
We have a bunch of services in a vnet (consisting of several subnets), including app services, stand alone virtual machines and scale sets. All of these needs outgoing internet access, but most of them accept no incoming traffic. Is it possible to configure
this setup so that they all "share" a single public IP for this outgoing traffic? An IP that we can "control" ourselves (ie it is an ARM resource that we can see in the portal).
When I google on this problem, all I seem to find is solutions about machines behind a single load balancer (or application gateway), and the traffic being both incoming and outgoing. Instead we want something more like the network is built up in a normal office,
having a bunch of various computers and servers, most of which are not reachable from the internet, but almost all of them having outgoing internet access, and when they reach they internet they all "go though" the same public IP.
Is there a way to achieve this in Azure? And can it be done by someone who has no real networking skills? Maybe there are some guides that describe how to do this? And a complete ARM template example would be great too.
Also, all our VMs are Linux servers.
Reduce Billing
Mudasir
Unable to Upload .CER on Application Gateway
Hi
I've managed to create a Key Vault and uploaded the .pfx file, now download the .CER file to upload it on HTTP Settings
I'm getting an error which I'm stuck, using the correct domain.
Microsoft NPS Server not Authenticating to Azure Active Directory Domain Services
Configuration Summary:
- Have a VPN Successfully configured between on-Premise LAN and Azure Environment, which includes active AADDS.
- There is an on-premise Microsoft NPS VM Guest, which has been joined to the AADDS Domain, via the VPN Connection.
- Have configured on-premise Wireless network to utilize RADIUS 802.1X authentication via the on-premise Wireless Controller, which is configured to use the on-premise NPS Server Guest VM.
On the Event Viewer for the NPS Server, am getting the following errors:
The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.
So I know the RADIUS requests are making it to the NPS server. Just can't figure out how much further, then this, the requests are traversing. Getting some logs would be great, but they seem to be empty, when they are requested, from the various dependent Azure Resources.
Am I missing anything in this particular RADIUS Setup?
Does the applicable NSG in Azure, require additional entries, to allow communication, with the Domain Controllers?
Migrate domain name form Smarter ASP.NET to Azure
I have my domains pointed to Azure so I can use them on Azure without any problems. I am scared SmarterAsp.Net will go out of business. I don't want to be stuck and unable to renew my domain. I want to transfer it competently. What
would be the steps to get this done? Any advice would be greatly appreciated. Thank you. Paul
MacOS Catalina IKEv2 VPN Client to Azure VPN Gateway Incompatibility
Unable to use "https://imms.XXXXX.ca/start" when including Fronto Door IPs in Network Restricted Access
I have implemented Azure Front Door.
I've also included the Front Door IPs in the Network Restricted Access so that ISO 27001 rule (restrict access) is satisfied and my client is satisfied that the iso 27001 REGULATORY COMPLIANCE is being met.
https://imms.XXXXX.ca/start is a folder with an ASP.NET page (PPPPP.aspx) which is defined as a DEFAULT DOCUMENT.
When I try to access https://imms.XXXXX.ca/start , it sends me to the backend address https://XXXXX.azurewebsites.net/start/ with a 403 error.
When I try to access https://imms.XXXXX.ca/start/, it works.
I need it to work with just https://imms.XXXXX.ca/start
When I remove the Front Door IPs from the NETWORK RESTRICTED ACCESS,
https://imms.XXXXX.ca/start works but I am no longer "in compliance" with ISO 270001.
Point to Site VPN in AZURE
Hi,
I have deployed Point to Site VPN in Azure with the help of Self-Signed Certificate. It is working.
Could you please tell me how I can do with the help of commercial certificate? like digicert, godaddy etc. Which Certificate I will buy? How to make certificate request etc. thanks
Regards
Azure DNS
hELLO
I am in need to know how can i size azure DNS in pricing calculator?
Mudasir
Joining computers to domain over Azure P2S vpn AND logging in users
I have setup a couple clients now with new Windows AD domains on a vm in Azure. I then join all their computers to this domain. The office computers join fine over the S2S vpn. The issue I'm having is not necessarily joining computers to the domain over the Azure P2S vpn client, but logging in users after the machine is joined to the domain.
Continue to get the following message when attempting to connect to the Azure p2s vpn with the vpn icon on the login screen.
'We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed into this device with another credential, you can sign in with that credential.'
Right now, to get this to work, we are having to join the computer to the domain using a local admin account. Then switch users just after joining it to the domain. Log in with the domain user's credentials, and then reboot.
Thanks!!!
Dave