I am trying to activate Azure AD authentication on my VPN-gateway (announced at Ignite 2019): https://docs.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant#enable-authentication
When running Set-AzVirtualNetworkGateway I get this error:
Set-AzVirtualNetworkGateway : Virtual Network Gateway VpnClientProtocol should be :OpenVPN when P2S AAD authentication is being configured.
Any idea why this error appears? It seems I am using OpenVPN as protocol..
Hi,
We would like to generate alerts when an Azure Application Gateway reaches a certain usage level. It is not possible to use the 'Current Capacity Units' metric. Is there another way to do this?
Is there a way to receive an alert when the number of instances changes (we have auto-scaling)
Many thanks,
René
I've configured Azure Front Door in front of an App Service-hosted Web App. I've also configured Front Door with WAF and added a custom rule that should deny traffic from any IP address other than 1.2.3.4. The WAF policy is definitely associated with my frontend. When I hit the Front Door endpoint from a public IP that is definitely not 1.2.3.4, I still hit my Web App. What am I missing?
Hello,
I have a web application hosted on an IIS server.
This web server has a custom MIME Type called '.configuration' with a type ' TEXT/XML'.
My web app which is a clickonce application, reads this XML file when it installs.
In short switching from the application gateway from TLS 1.0 to TLS 1.2 prevents the app from reading this XML file.
If i store this XML file in a TLS1.0 gateway, the application can read it.
Any ideas?
I'm setting up an Azure infrastructure and the plan is to use Bastion to connect to the virtual machines therein. One problem I have found is that the font rendering in Bastion is far less legible than in standard RDP. Here's an example screenshot of a PowerShell script in Notepad. Are there any settings or tricks to improve the font rendering in Azure Bastion?
Hello,
Is there any way to force AppGateway/WAF to redirect requests to HTTPS (443) port of backend pool?
I just want to do the following:
WAF(:80) --> Backend(:80)
WAF(:443) --> Backend(:443)
And I just have
WAF(:443) -->Backend(:80).
I have an application in backend that whenever it receives the request at port 80, it redirects to 443 and I have an infinite 301 loop.
WAF(:443) --> Backend(:80) --> SSLRedirect --> WAF(:443) --> Backend(:80)...
Hi There,
I am trying to export all App Gateway sku into csv but when I am doing this so getting some machine language "Microsoft.Azure.Commands.Network.Models.PSApplicationGatewaySku" in csv.
Please help me how to export this in readable format like "WAF_Large, Standard_Smalletc."
The script which I am using is as follows: -
$subs = Get-AzureRmSubscription | Select-Object -ExpandProperty NameCheers, Gourav Please remember to mark the replies as answers if it helped.
Hi
I receive error when logging on to Bastion.
It opens up fine, but is slow and theese errors.
error 1:
The network connection to the Bastion Host appears unstable.
error 2:
Connection Error
The connection has been closed because the target machine is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your
system administrator.
I'm not sure what could be the problem, I did try connect from other networks from my client but still same problem.
Any ideas to a fix?
Hello ,
we have a website hosted in our azure on two backend behind a azure loadbalancer .we need to migrate another website to these two backends.is there a setting to do in loadbalancer ?
Regards
Hello,
A couple of years ago I setup our Express Route with our datacenter provider. We had to use their cloud portal and agree on some IPs and VLANs to setup the ER. We now have a new datacenter which we are sharing with another company and I've been asked to give them access via their ER. I'm not sure how I do this.
It would be nice to connect to their ER and not cause an issue with ours first of all and just get connected and use BGP or weighted routing to make sure ours is still the primary until we are ready to make the switch over.
In detail what is the process or possibilities? Is it a case of going into the 'ExpressRoute Circuits' area and creating a new one to them? Then somehow allow the subnets in Azure we use to be allowed over that new link. I guess they need to authorise is to connect too?
Hello everyone.
When trying to create a private endpoint for a storage account (which is in a different tenant and subscription) we received this error:
Operation name: Create or update an private endpoint.
Error code: GatewayAuthenticationFailed
Message: Gateway authentication failed for 'Microsoft.Network'. Diagnostic information: timestamp '20191118T163815Z', tracking id 'b43f042c-b6c1-4611-ac5c-65e1ff4b7db1', request correlation id 'b43f042c-b6c1-4611-ac5c-65e1ff4b7db1'.
According to this documentation:
https://docs.microsoft.com/en-us/azure/private-link/private-link-faq
Can Private Endpoint connect to Private Link service across Azure Active Directory Tenants?
Yes. Private endpoints can connect to Private Link services orAzure PaaS across AD tenants.
Unfortunately the existing documentation in https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-storage-portal or in https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-powershell describes how to create a private endpoint for an Azure Storage Account or for an Azure SQL Database Server respectively BUT in the same tenant and NOT when the Azure PaaS service is in another tenant.
I'm trying to use the new Azure Virtual Network public preview of the peering feature to join two networks I have on two different subscriptions, i.e. different tenants. Is this possible, I've not seen anything to say otherwise, but when I try to peer them in PowerShell I get the following error.
The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/subscriptions/{Guid2}/resourceGroups/Default-Sydney/providers /Microsoft.Network/virtualNetworks/SYDVN/virtualNetworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant '{Guid3}'.
Full error and command
PS C:\Windows\system32> Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $SYDVN -RemoteVirtualNetworkId "/subscriptions/{Guid1}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN1" -BlockVirtualNetworkAccess
WARNING: The output object type of this cmdlet will be modified in a future release.
Add-AzureRmVirtualNetworkPeering : The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/s
ubscriptions/{Guid2}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN/virtualNe
tworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant
'{Guid3}'.
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : '{Guid4}'
At line:1 char:1+ Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $S ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : CloseError: (:) [Add-AzureRmVirtualNetworkPeering], NetworkCloudException+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.AddAzureVirtualNetworkPeeringCommandAny help will be much appreciated.
hi Friends
i've problem while transfer my domain to azure dns,
please advices , may be im missing config or other setting? ,
thanks in advance
0wat
I have an web app sitting within the same VNET as two VM's. The VM's are behind an internal load balancer that checks them for health. When the web app fires off an HTTP request, the load balancer routes it to one of the VM's.
However, I would like to replace the load balancer with something that works on the level of services rather than whole VM's. So instead of probing VM1 and VM2 for health, it would actually know about the Cat service and the Dog service, and probe those individual services for health, and then do the routing based on that.
I haven't looked much at Application Gateway or API Management. Would any of those two offerings be suitable to this scenario?
Here's a diagram of what I'm imagining:
It's not necessary for me that each logical service gets it´s own host name. If the webapp had to make requests to http://something/dog/bark, that would also work.
Thanks for any advice!
Dear,
Since yesterday I've issue on Azure portal when I want to edit NSG rules.
Seems related when ASG is used as source ou destination.
For exemple when I try to edit a rule with ASG in source and destination, fiels source and destination are empty and when I try to select a new source, ASG option not available. (preview of rules is ok)
If I close the rule and edit it again, only name, priority and comment fields are displayed.
Regards.
I've just unboxed my Surface Pro X and it's awesome.
Unfortunately though I'm unable to set up my Azure VPN because the Virtual Network Gateway setup file that Azure provides fails to set up the VPN correctly. Hoping someone can help - productivity fallling...