We have a SMS provider that gives us access to their SMPP Server. The only problem is that, for security reasons (estipulated by
this provider), we need to use a VPN connection from Azure to an mobile operator?
I want to setup my windows VPN client connection on my Azure server to connect to my company's existing VPN. Getting an 806 error which appears to be in Azure firewall/endpoint area (I have temporarily disabled Windows Firewall on my Azure Server). I have tried setting up endpoints in the Azure management portal. So far I have setup these
VPN TCP: 1723
L2TP UDP: 1701 IPsec UDP: 500 IKEv2 UDP: 4500
Am I missing something/what do I need to do to get this azure server to be able to connect to my VPN? My VPN is a simple windows VPN, when setting up on any other windows server I plug in my VPN address and take all defaults and it connects no problem.
I found in the documentation (msdn.microsoft.com/library/azure/jj156075.aspx) that for a S2S VPN between Azure and a Cisco ASA can you only have a static routing setup with IKEv1.
Since I want to optimize the performance towarde Azure, I want to use IKEv2
Is this still true (maybe is the documentation old...) that I´m limited to IKEv1 and if this is still is the case, is it just a feature missing in the ASA or in Azure, which will be soon implemented or is more fundemental and I will newer get the possibillity
tue use IKEv2 from my ASA ?
We have a Site-to-Site IPSEC VPN link established with our Azure Virtual Network. Created an Azure VM and DHCP correctly assigned an IP from the Virtual Networks subnet as well as our local DNS servers. From On premise I can ping that Virtual Networks private
IP address, RDP to the Azure VM, file copy from our local network to the Azure VM.
However, once on the Azure VM I cannot ping the Gateway assigned to it, ping any clients on our local network even the client I am RDP.
I have 2 cloud services running under the same virtual network. Role instances within the same cloud service can connect to each other through internal endpoints. But it seems that, even though the virtual network brought all instances of all cloud services
under the same subnet, an instance from cloud service A cannot connect to the internal endpoint of an instance from cloud service B.
I'm rather confused because I've read that internal endpoints cannot be accessed beyond the cloud service deployment, but at the same time virtual networks are presented as a way to connect cloud services together... so what would be the point if you can't
have instances communicate through it?
Some clarification would be appreciated here!
Thanks in advance,
Thomas
Note: We just discuss the Windows Server Virtual Machine here.
When creating a Virtual Machine from Azure Management Portal, the Remote Desktop endpoint is created by default. From the Windows Azure Management Portal, we could select the virtual machine, then clickConnect to start the remote session.
However, sometimes, we could not connect the virtual machine, and we may see the error below (Figure 1):
Image may be NSFW. Clik here to view.
Figure 1: Remote Desktop Connection Error Message
This issue could be caused by many factors, you can refer to the checklist below to narrow down the issue.
1. Make sure the virtual machine is running in Azure Management Portal.
2. Make sure the username and password are correct.
The username and password are created when we create the virtual machine. When RDP to the virtual machine from Management Portal, we just need to input the correct username and password.
3. Make sure the domain information.
If the RDP connection fails, we need to check the domain information. If the domain information is not correct, please selectOther User, add a backslash before user name and then input the password.
4. Remote Desktop endpoint is missing.
Each virtual machine that is created should have a remote desktop endpoint at TCP Port 3389 (Figure 2).
Image may be NSFW. Clik here to view.
Figure 2: TCP Port 3389
If this endpoint is deleted then a new one should be created. The public port can be any available port number. But the private port must be 3389. For more and detail information about setting up endpoints, please refer to:
How to Set Up Endpoints to a Virtual Machine
5. Connect using a different network.
If you are using a corporate network, try a network that’s separate from the corporate network. If that works, it indicates that the corporate network doesn’t allow that type of connection. For example, the connection might be blocked by the corporate firewall.
Contact your corporate network administrator for help.
6. If none of above steps resolve the problem, resize the virtual machine to have a try.
Warning: All data on the D: drive will be lost when changing the virtual machine size and the VM ends up on a different host. So if you have data on D: that you care about losing, move it to C: or to a data disk before changing
the virtual machine size.
If you need further assistance, welcome to post your questions in the
Windows Azure forum.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.
As we all known, virtual machines in the same virtual network can automatically communicate with each other by using a private network channel. However, we may find that we cannot ping the other virtual machines in the same virtual network.
In fact, this is due to the inbound traffic of ICMP protocol is disabled in Windows Azure by default. Since the ping utility is implemented using the ICMP "Echo request" and "Echo reply" messages, in these scenario, the
ICMP request messages cannot be received on the virtual machines that you have pinged.
To solve this, we just need to enable the File and Printer Sharing (Echo Request-ICMPv4-In) rule in Windows Firewall Inbound Rule on the windows Azure Virtual Machines.
According to this, we did a test in our environment as below:
1. Create a virtual network
Firstly, we created a virtual network by using the Custom Create wizard in the Management Portal as below:
1) Open Windows Azure Management portal, click Add, and choose Network Services, Virtual network, and then click Custom Create. Please refer to Figure 1.
Image may be NSFW. Clik here to view.
Figure 1: Create a virtual network
2) On the Virtual Network Details page, create a name for your virtual network and assign it to an affinity group and region. Please refer to Figure 2.
Image may be NSFW. Clik here to view.
Figure 2: Virtual Network Details page
3) On the DNS Servers and VPN Connectivity page, specify the IP address of the DNS servers to use for name resolution. In our test, we didn’t specify a DNS Server so
that Windows Azure use its own default DNS service. Besides, as we had no requirements to configure VPN connections, we unchecked the options for VPN.
Image may be NSFW. Clik here to view.
Figure 3: DNS Servers and VPN Connectivity page
4) On the Virtual Network Address Spaces page, create the private address space for the virtual network. We created two subnets in the virtual network 192.168.0.0/24.
Image may be NSFW. Clik here to view.
Figure 4: Virtual Network Address Spaces page
After that, we can see the Virtual network is created successfully in the network page (Figure 5).
Image may be NSFW. Clik here to view.
Figure 5: Network page
2. Add Virtual Machines into the VLAN
Later, I created two Virtual machines (test1 and test2) into the subnet 192.168.0.0/25 in that virtual network. You can create the Virtual machines into different cloud services, in our test, we added them into the same cloud service –testcloud01.cloudapp.net.
You can refer to the detailed information of those two Virtual machines in the screenshots of Quick Glance below (Figure 6 and Figure 7):
Image may be NSFW. Clik here to view.
Figure 6: Quick Glance of VM test1
Image may be NSFW. Clik here to view.
Figure 7: Quick Glance of VM test1
3. Log on to the Virtual Machines
We started the Virtual Machines in the Windows Azure Management Portal, after the Virtual Machines were in the Running status, we download the RDP file and entered the usernames and passwords for the Virtual Machines to log on to the Virtual Machines. (Figure
8 and Figure 9)
Image may be NSFW. Clik here to view.
Figure 8: Enter the credentials for VM test1
Image may be NSFW. Clik here to view.
Figure 9: Enter the credentials for VM test2
4. Enable related Windows Firewall rule
After we log on to the Virtual Machines, we can see that the Virtual Machine test1 couldn’t ping the Virtual Machines test2 and vice versa. (Figure 10 and Figure 11)
Image may be NSFW. Clik here to view.
Figure 10: Ping VM test2 from the VM test1 failed
Image may be NSFW. Clik here to view.
Figure 11: Ping VM test1 from the VM test2 failed
Then, we opened the Windows firewall advanced settings and clicked “Inbound Rules”, then click
the “File and Printer Sharing (Echo Request-ICMPv4-In)” rule and clicked “Enable Rule” on both of the two
Virtual Machines. (Figure 12)
Image may be NSFW. Clik here to view.
Figure 12: Enable inbound Windows Firewall rule
After that, the Virtual Machines test1 and test2 could ping each other successfully. (Figure 13 and Figure 14)
Image may be NSFW. Clik here to view.
Figure 13: Ping VM test2 from VM test1 succeed
Image may be NSFW. Clik here to view.
Figure 14: Ping VM test1 from VM test2 succeed
More information:
About Virtual Network Settings in the Management Portal
Well, first I want to use site to site VPN of Azure. It looks really cool but unfortunately I don't have a Azure supported VPN device on my local network. I have a OpenVPN router though, so I set it up.
1) I have a virtual network configured in Azure 10.0.0.0/19.
2) OpenVPN client is an Ubuntu Server 12.04 with IP 10.0.0.6. It's connected to my home network 192.168.1.0/24. The internal OpenVPN is using 192.168.66.0/24. So on the Ubuntu, it has tun1 with IP 192.168.66.6.
3) It works great from my home LAN to this Ubuntu server only. 10.0.0.6 can talk to 192.168.1.0/24 and vise versa.
4) Now the issue I am facing is that it wouldn't allow me to access any other servers on 10.0.0.0 vlan. My plan is to test a Windows 2012 as my backup AD through the OpenVPN tunnel, but I can't get to any other servers with 10.0.0.0/19 vlan.
4.a) My route config on Ubuntu is:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.1 0.0.0.0 UG 0 0
0 eth0
default 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.224.0 U 0 0
0 eth0
192.168.1.0 192.168.66.5 255.255.255.0 UG 0 0 0 tun1
192.168.66.0 192.168.66.5 255.255.255.0 UG 0 0 0 tun1
192.168.66.5 * 255.255.255.255 UH 0 0 0 tun1
4.c) On Ubuntu OpenVPN client machine, tcpdump result tracking icmp packets. I can see packets going to eth0 interface, but didn't see any reply back.
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
01:59:53.228791 IP (tos 0x0, ttl 126, id 10619, offset 0, flags [none], proto ICMP (1), length 60) 192.168.1.4 > 10.0.0.7: ICMP echo request, id 1, seq 665, length 40
01:59:58.078545 IP (tos 0x0, ttl 126, id 10620, offset 0, flags [none], proto ICMP (1), length 60) 192.168.1.4 > 10.0.0.7: ICMP echo request, id 1, seq 666, length 40
4.d) On Windows machine, when ping 192.168.1.1, no reply back.
4.5) I can ping 10.0.0.6 from 10.0.0.5 as they are all local vlan.
So how can I make Windows to route 192.168.1.0/24 using 10.0.0.6 VPN gateway? My observation is that Azure virtual network may be dropping my 192.168.1.0/24 packets. Any workaround to my problem? Thanks for helping.
How i can set a virtual machine in Azure and configure it as virtual private network server?
I'm involved in a cloud project that need a VPN server. A big number of IP devices dial-up to VPN server in a data center to create a big private network with the cloud servers in the data center. Later, we connect to all devices to manage their states, operations,
etc.
¿It's possible to migrate this scenario to Azure? ¿Are all Azure servers connected to a private network? ¿It's possible to create a PPTP service in Azure?
Thanks a lot.
Note: The VPN of azure it's not a option because is a big number of devices and this VPN is to expensive (it's designed for site to site VPN)
Hello, there is a new feature in Microsoft Azure called EpressRoute. Currently, ExpressRoute is available only in the US through the partners in US, so i can´t try in in EU. Our cusomer would like to use connection to MS Azure based on L2
layer ISO/OSI reference model, that means connection without "routing". They use VLANs in local network, which they would like to "extend" to Azure environment - for example they use some device - card readers where is not possible to set
up default gateway so network packet can't be routed as L3 connection (and they do not want to use Proxy ARP). So as I understood in ExpressRoute is possible to connect to Azure with dedicatet and guaranteed private connection line (not over public internet).
But my qutestion is:
Do anybody have a experience with Expressroute, is it possible to connect Azure networks and services trought L2 connection (one site in customerś location and second in Azure) ?
Install Certificate and Client Package and when I try to connect it shows the following error
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection"
I have checked both cert are installed under current user in both personal and trusted root, and have tried every resource we can
We have successfully installed using same settings & process on Windows 7 without problem, the log file is as follows
****************************************************************** Operating System : Windows NT 6.2 Dialler Version : 7.2.9200.16384 Connection Name : Dxxxxxxxxx2 All Users/Single User : Single User Start Date/Time : 16/05/2013, 15:04:48
****************************************************************** Module Name, Time, Log ID, Log Item Name, Other Info For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
******************************************************************
[cmdial32]15:04:4822Clear Log Event
[cmdial32]15:04:5104Pre-Connect EventConnectionType = 1
[cmdial32]15:04:5106Pre-Tunnel EventUserName = Domain = DUNSetting = Dxxxxxxxxx2 Tunnel DeviceName = TunnelAddress = azuregateway-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.cloudapp.net
We currently have a production sharepoint environment in Azure.
The company has now decided it wants a test environment so it can test changes and patches before they go live as they have had some bad experiences by not doing this.
I have seen that there have been issues adding new environments, some resulting in the gateway being deleted and recreated once the new network(s) has been added to get them to work.
Are these old posts or has the problem now been fixed ?
I have a working Point-to-Site VPN setup which works fine for most of us. so far at least 4 of us use it without any problems. must use VMs locally with either Win 8.1 or Win 7. As local host OS we use either Windows or in one case Mac OS X.
We have however one use who is running a Windows 7 VM on a Linux host and he can't connect to the Azure VPN.
All he sees when trying and after choosing the client certificate is the following error message:
A connection to the remote computer could not be established. You might need to change the network settings for this connection. (Error 720).
We installed P2S VPN about 3 month ago. We experienced no problems until yesterday. At about 17h all clients were disconnected from the VPN. Then nobody could connect again, the message displayed is the following :
"The remote access connection completed, but authentication failed because the certificate that authenticates the client to the server is not valid. Ensure that the certificate used for authentication is valid. (Error 853)"
All clients are using the same client certificate.
I checked the expiration date, but no problem of expiration.
I tried to go through the whole process of generating new certificates (on my windows7 computer) as described here: http://msdn.microsoft.com/en-us/library/windowsazure/dn133792.aspx
but the problem remains the same.
I want to use P2S and have configured my VNET with such settings. A dedicated VPN client network and a gateway. All look ok in the portal.
I have then set up a Win2012 CA in Azure IaaS. I exported the CA cert and imported it into the VNET certificate page. From the same CA I have created a user cert that I exported and imported into a client (Win8) (.pfx moved to client via RDP). I have downloaded
and installed the VPN client package. All went fine with no issues.
When tryint to connect I get "The remote access connection completed, but authentication failed because the certificate that authenticates the client to the server is not valid. Ensure that the certificate used for authentication is valid. (Error 853)"
I can not see why the cert is invalid? On the client the chain is valid with the same CA cert that I uploaded to Azure!
Any help welcome, I would love to have P2S working...
Hi I have got 2 sites connected via a site to site LAN but the second site is slow accessing data held at the main site.
I am using Windows Azure for a few virtual machines but is it possible to use it for data storage?
If so are there any tips/advise on setting this up.
I would still like the users to access the data via a mapped drive but feel it would be better for both sites if I can store the data on Azure rather than at one of the sites.
