Time before a cloud service without vms (instances) loses IP?

September 2, 2014, 3:47 am

≪ Previous: Unable to access websites deployed on windows azure virtual machine

Hello experts :-)

I have a few virtual machines with 2008R2 and we got the extension feature that allows us to do the migration part as late as the 3rd of November if I'm not mistaken.

Most of them we can do fine, but there is a specific machine we don't want to lose the public IP for.

I know that the IP is held by the cloud service related to the VM, but I believe that when the cloud service detects there is not a VM attached to it, it can lose it's ip. This situation can happen if we shutdown a machine first and we start up the new one. I hope I explained the situation well.

So the question is, how long does it take for the cloud service to detect that it does not have anything running and so it releases the IP?

Thank you very much.

↧

Azzure my local network

September 2, 2014, 11:44 am

≫ Next: Trustwave Unable to Scan website to Validate for PCI Compliance

≪ Previous: Time before a cloud service without vms (instances) loses IP?

Is there a way to create a azure server I put it on my local network via VPN or maybe GW.

Thank you
Marcus

↧

Trustwave Unable to Scan website to Validate for PCI Compliance

September 2, 2014, 4:15 pm

≫ Next: Is it possible to get a later expiration date for VPN PTS Certificates?

≪ Previous: Azzure my local network

As of a month ago, Trustwave was able to scan my site and validate that it was PCI compliant. Now, the scan is unable to do so due to the following evidence:

Port was open, but now it's closed

Port 443/TCP

Banner Microsoft IIS/8.0

Does anyone know why this would now be happening, and is there any course for remidiation?

↧

Is it possible to get a later expiration date for VPN PTS Certificates?

September 3, 2014, 1:54 am

≫ Next: Cannot deploy: error The deployment cannot use the VirtualNetwork ... that belongs to a region.

≪ Previous: Trustwave Unable to Scan website to Validate for PCI Compliance

Hello,

I've set up a Azure VPN with Point-To-Site capability. It works fine, but I need client certificates with an expiration date later than 3 years from now. We will install the client software on Embedded PCs that we can't maintain every 3 years.

I've created and uploaded a self signed root certificate for the azure network that expires 2099 but if I download the VPN client software from azure management page, I get a certificate that expires 2017.

Ok, so I created and installed client certificates from that root certificate with makecert. These certificates will expire 2044. If I set up a VPN Connection, that works fine with the certificate from the azure client software, but with my certificates I get the following error: 0x800B0109 "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."

My root certificate is installed under "Trusted Root Certification Authorities" as the certificate from the client software. If I change only the marked root certificate to that certificate from azure, everything works.

So, the certificate which expires in 3 years will work, but my root certificate next to it don't, why and how can I get a certificate for my clients that expires much later?

Please help me, thanks a lot.

↧

Cannot deploy: error The deployment cannot use the VirtualNetwork ... that belongs to a region.

September 3, 2014, 6:15 am

≫ Next: Traffic Manager shows website that is not under by subscription

≪ Previous: Is it possible to get a later expiration date for VPN PTS Certificates?

Hi.

I'm trying to make Staging deployment and it fails.

The deployment cannot use the VirtualNetwork .... that belongs to a region. The long running operation tracking ID was: 81258538a5080624b185b91a249cf862.

I want to include my servers into VNET I created.

Cloud service is in Affinity Group related to North Central US.

VPN is in North Central US region.

I don't see any ability to switch service from Affinity Group to Region. I don't see an ability to specify Affinity Group in VPN.

What need I to do?

Sergei.

↧

Traffic Manager shows website that is not under by subscription

August 7, 2014, 11:28 am

≫ Next: Is external IP address permanent?

≪ Previous: Cannot deploy: error The deployment cannot use the VirtualNetwork ... that belongs to a region.

I see website listed

mawscanary-011c8d34-6b425580.azurewebsites.net

which is not created under by subscription id <hidden>. I can send per request.

Thank you

↧

Is external IP address permanent?

August 24, 2014, 3:23 am

≫ Next: Outbound UDP specified source port changed when crossing public VIP

≪ Previous: Traffic Manager shows website that is not under by subscription

Is the external IP address assigned to my virtual machine permanent? Can I count on it not changing?

↧

Outbound UDP specified source port changed when crossing public VIP

September 5, 2014, 12:53 am

≫ Next: Can we store more than 1TB on Azure virtual machine

≪ Previous: Is external IP address permanent?

Hi!

We have an Azure VM and we need to send UDP messages from this machine's specific UDP port. We are using .NET Class UdpClient for communications.

If we try sending messages between machines in the same Virtual Network, receiver machine shows correct source host and port.

If we cross Public VIP (between VM in different Virtual Networks or onPremises listener), source port will show a port from 1024 and up, not the selected source port.

Sender: 1.2.3.4:5000

Receiver: 5.6.7.8:5001 -> says data received from 1.2.3.4:1025 -> 1025 source port should be 5000

'Sending
Private Sub Send()
   Dim data() As Byte = System.Text.Encoding.Unicode.GetBytes("Data")
   Dim client As UdpClient = New UdpClient(5000)
   client.Send(data, data.Length, "5.6.7.8", "5001")
   client.Close()
End Sub


'Recieving
Private Sub Recieve()
   While True
      Dim remoteIPEndPoint As IPEndPoint = New IPEndPoint(IPAddress.Any, 5001)
      Dim content() As Byte = udpClient.Receive(remoteIPEndPoint)
      If content.Length > 0 Then
         Dim message As String = Encoding.ASCII.GetString(content)
         message &= remoteIPEndPoint.Address.ToString & " " & remoteIPEndPoint.Port & " " & message & vbCrLf
      End If
   End While
End Sub

I've read something about SNat (source NAT) and I'm wondering if Azure Network always translate source UDP ports on outbound communications beyond public Gateway.

We really need to preserve source port information at destination in our platform, because we have thousands of devices on Internet that only listen on specified IP:UDPPort combination.

Thanks in advance,

Antonio Sanchez

Atlantis Global System

↧

Can we store more than 1TB on Azure virtual machine

July 16, 2014, 9:24 pm

≫ Next: makecert.exe Error: WriteFile failed =>0x7b (123) Failed

≪ Previous: Outbound UDP specified source port changed when crossing public VIP

I signed up for Azure trial, I created a virtual machine and I want to have storage more than 1TB

When I attach new empty disk it says the maximum is 1TB, is it because I am on trial or is Azure limited to maximum 1TB of storage?

Thank you

↧

makecert.exe Error: WriteFile failed =>0x7b (123) Failed

December 3, 2013, 2:18 pm

≫ Next: Point-to-Site on Windows 8 Client connection Error 798

≪ Previous: Can we store more than 1TB on Azure virtual machine

HY!

I have a question for you. When I run cmd as administrator and typed a command as "makecert -sky exchange -r -n "CN=<testCertname>" -pe -a sha1 -len 2048 -ss My "<testCertname>"

the result showed that "Error: WriteFile failed =>0x7b (123) Failed"

What does it mean? What do I wrong?

Thanks

↧

Point-to-Site on Windows 8 Client connection Error 798

May 16, 2013, 7:09 am

≫ Next: Azure clients not registering with on-premise DNS server

≪ Previous: makecert.exe Error: WriteFile failed =>0x7b (123) Failed

Hello,

Install Certificate and Client Package and when I try to connect it shows the following error

"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection"

I have checked both cert are installed under current user in both personal and trusted root, and have tried every resource we can

We have successfully installed using same settings & process on Windows 7 without problem, the log file is as follows

******************************************************************
Operating System : Windows NT 6.2
Dialler Version : 7.2.9200.16384
Connection Name : Dxxxxxxxxx2
All Users/Single User : Single User
Start Date/Time : 16/05/2013, 15:04:48
******************************************************************
Module Name, Time, Log ID, Log Item Name, Other Info
For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
******************************************************************
[cmdial32]15:04:4822Clear Log Event
[cmdial32]15:04:5104Pre-Connect EventConnectionType = 1
[cmdial32]15:04:5106Pre-Tunnel EventUserName = Domain = DUNSetting = Dxxxxxxxxx2 Tunnel DeviceName = TunnelAddress = azuregateway-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.cloudapp.net

↧

Azure clients not registering with on-premise DNS server

September 8, 2014, 11:32 am

≫ Next: Windows Azure VPN with Cisco ASA Software 8.4

≪ Previous: Point-to-Site on Windows 8 Client connection Error 798

So I've configured a site-to-site VPN between our Azure instance and our local LAN, via our Sophos (Astaro AG) UTM-9 gateway. The VPN tunnel seems to be working fine, and I have a default allow rule on our VPNs currently for testing. This is the first evaluated rule, so all traffic is passed, unaltered by the firewall.

We have configured the Azure machines to use our local (on-premises) DNS server, which is configured correctly with root hints, so it can resolve the internet in general.

However, our DNS server does not know about our Azure VMs. Attempting to resolve the names of our Azure VMs fails, whether bare (ping vmname) or with the local suffix (ping vmname.localdomain.local).

Any ideas on what to look into? The VM logs aren't very informative, and nslookup on the VMs show it querying our DNS server successfully, they can resolve local names and internet names, but not Azure device names.

↧

Windows Azure VPN with Cisco ASA Software 8.4

September 8, 2014, 5:38 pm

≫ Next: Site-to-Site VPN Between Azure and Amazon AWS

≪ Previous: Azure clients not registering with on-premise DNS server

Hi,

I need to create a Windows Azure VPN with Cisco ASA 5500 Series with software 8.4, and i need to know if changes needed to make the VPN script after download script are only in this two sections:
– Internet Key Exchange (IKE) configuration
– Tunnel configuration

where can I findinformation about these VPN script changes?

Best Regards,
Moreira

↧

Site-to-Site VPN Between Azure and Amazon AWS

February 24, 2013, 9:29 am

≫ Next: My azure web site IP isn't included in the published IP range

≪ Previous: Windows Azure VPN with Cisco ASA Software 8.4

Hi everyone,

I've seen quite a couple of posts giving guidance on how to create a site-to-site VPN on your local network, but does anyone know how it would be possible to setup a site-to-site VPN between a Windows Azure network and a Amazon Private Cloud? In an ideal world it would be great to achieve this without needing an appliance somewhere to connect the two networks. I'm still learning here so any help would be greatly appreciated.

Thanks

Tjopsta

\\Tjopsta// http://www.tjopsta.net

↧

My azure web site IP isn't included in the published IP range

September 10, 2014, 5:57 am

≫ Next: Azure Blocking FTP Data Channel

≪ Previous: Site-to-Site VPN Between Azure and Amazon AWS

This might be a newbie question, and I know the IP ranges can be updated without any notice of course, but I really need to understand if this is the case.

When I ping my website bimobile.azurewebsites.net, I receive back this answer:

Pinging waws-prod-am2-013.cloudapp.net [23.97.224.11]

The website is hosted in Western Europe, however the above IP does not belong to the list published at:

http://msdn.microsoft.com/library/azure/dn175718.aspx

is it just because the list is out of date? Or am I missing something. I'm trying to make the service bus relay to work, and I'm behind the company firewall, of course.

Thanks for any help

Regards

↧

Azure Blocking FTP Data Channel

September 10, 2014, 12:00 pm

≫ Next: Windows Firewall configuration for VPN

≪ Previous: My azure web site IP isn't included in the published IP range

Hello,

I Have a VM on Azure and a FTP Server on my local site.

When i connect to the FTP from Azure all seems fine, but when i try to PUT or LS my local FTP it fails to connect to the ftp data channel.

User (XXXXXXXXXXX:(none)): XXXXX
331 Password required for XXXX
Password:
230 Logged on
ftp> ls
200 Port command successful
150 Opening data channel for directory listing of "/"
Aborting any active data connections...
425 Can't open data connection for transfer of "/"

How can i setup outbound rules?

Any Ideas?

Thanks!

↧

Windows Firewall configuration for VPN

September 10, 2014, 12:45 pm

≫ Next: No connection between Virtual Machines on Azure

≪ Previous: Azure Blocking FTP Data Channel

I have set up VPN between Azure and my on-premises network using Windows Server 2012 R2 as my VPN device. This works fine as log as I leave the Windows Firewall disabled. I would like to enable the firewall and open only the required ports. Which ports do i need to open?

Hallis

↧

No connection between Virtual Machines on Azure

September 11, 2014, 2:58 am

≫ Next: Computers not locate DC at cross forest migration scenario (testing purposes)

≪ Previous: Windows Firewall configuration for VPN

I am new in Azure and have one problem which I can not solve. I want several Virtual Machines to ping/telnet each other to check if they communicate but it is no use.

To complete the task I created Virtual Network, Cloud Service, an Affinity Group and Storage. Because every server in my network will have different roles, so I did not see the reason for creating Availability Sets.

So far I created two Virtual Machines within this Virtual Network. First one (VN1) has Active Directory and DNS roles (also IIS and Application Server roles) deployed on it. The other one (VN2) has only IIS role deployed. Both are within the same VN, Cloud Service etc. and have default (PowerShell and Remote Desktop) endpoints defined.

Now comes the funny part. When I try to ping VN1 from VN2 there is no problem (However I cannot telnet it) but if I try opposite - VN1 does not see VN2. The other thing is that in both cases it does not work using host name (which is the name of VM). The only way VN2 can ping VN1 is by using their IP addresses (I used private one).

Like I said before I am new in this topic so problem may as well lay in some roles I didn't add or wrong configuration of existing ones.

Could you give me a hand in this? It is third day when I am working on this and am kind of irritated :/

↧

Computers not locate DC at cross forest migration scenario (testing purposes)

September 10, 2014, 7:35 am

≫ Next: Azure Network P2S and S2S

≪ Previous: No connection between Virtual Machines on Azure

Hi,

I need to create a testing cross forest migration environment.

The scenario is the following:

Domain A:

virtual network: NETA. DNS servers: 10.0.0.4, 10.0.0.6. IP range: 10.0.0.0/8
domain name: domaina.local
1 DC: 10.0.0.4. Windows 2008 R2 SP1 (enterprise root CA too)

Domain B:

virtual network: same above
domain name: domainb.local
1 DC: 10.0.0.6. Windows 2012 (enterprise root CA too)

Joining a server to DomainA (to be a Ex2007): OK

Joining a server to DomainB (to be a Ex2013): Fail. Cannot locate a DC in the domain DomainB. This is because the first DNS server at virtual network is 10.0.0.4 (DomainA DC).

I have tried creating another virtual network and connecting the DomainB VMs to this new virtual network. The I tried creating a new VM with 2 NICs (the idea was: first NIC conencted to first virtual network and second NIC conencted to second virtual network and install routing services between two virtual networks) but cannot create the second NIC.

The questions are:

It is possible to route traffic between virtual networks?

If no

How to create a cross forest migration environment like above?

Thanks in advance!

↧

Azure Network P2S and S2S

September 12, 2014, 5:31 am

≫ Next: Virtual Network VPN Connection (Gateway) Deleted

≪ Previous: Computers not locate DC at cross forest migration scenario (testing purposes)

Hello,

We have two options to connect to On-Premises network; Point to site and Site to Site.

I am using Azure trial version and wanted to test a couple of features like Azure Site Recovery, using Azure with App Controller, and joining On-premises VMs to Azure VM DC.

I have a PPPoE connection as below:

MyHost -----> WiFi Router (accessible by 192.168.1.1) ------> ISP (PPPoE)

I can see that a public IP Address is assigned when I go and check the connection status in the WiFi Router.

I followed the guide at Microsoft site to connect my Host (running Windows Server 2012 R2) via S2S but the script fails with the some errors (Endpoint mapper).

My questions:

1. Do I need to create a PPPoE connection on my Host and then connect the cable directly to the Host?

2. Can I use Point-To-Site connection to enable me to test above features?

Thank You,

Nck_1979

↧