Hello,
I was wondering what's the reason that Azure Static VPN uses IKEv1 and Azure Dynamic VPN uses IKEv2.
Is there any specific reason why i wouldnt be able to choose between IKE version on dynamic routing?
↧
Dynamic VPN and IKEv2
↧
How to control VNet traffic
Hi,
We're trying to reproduce below scenario in Azure:
-Three VM's: One Server and two Clients. We put them in same VNet but there is a critical condition that each Client can only communicate with the Server,but not with other Clients.
We tried to use Multiple NIC's attached to the Server (each NIC connected to each Client) in different SubNets, but it doesn't work .
Do you know if there is another way to achieve this?
Thanks a lot for your answer!
Pablo.
↧
↧
Azure DNS: CNAME record named "autodiscover" not possible: New-AzureDnsRecordSet : PreconditionFailed
Hi there,
i try to create a CNAME record for our domain. We use Office365, Exchange online, for this we have to create a CNAME record named "autodiscover". When i try to create this record, it fails with following error:
New-AzureDnsRecordSet : PreconditionFailed: The condition '*' in the If-None-Match header was satisfied.
Any other CNAME record could be created without any problems..
Thank you in advance
Felix
↧
Azure DNS: PTR record can not be created
Hi there,
i try to create a PTR record for our domain, this seems not to work for me, what am i doing wrong?
New-AzureDnsRecordSet : BadRequest: The record type PTR is not supported. Resource records can contain only one typeof record specified.
Thank you in advance
Felix
↧
Domain redirection to azure VM
Hi everyone,
We have one site hosted under IIS in the web server Windows 2008 with the domain name mapped under intranet naming resolution system.
Can we point the domain which currently exist under intranet naming resolution system to the IP allocated to azure VM ?
Thanks,
↧
↧
Azure Point to Site VPN stopped working
Hi
I've recently started using Azure and had everything up and running then I went and blew my budget (yes, I left some VMs up over a holiday!). Now my budget has been refreshed I'm refamiliarising myself with where I was and my VPN no longer works.
My Virtual Network is up and running but when I try and connect to my VPN I get the following error:
The network connection was aborted by the local system.
(Error 0x800704d4) For customized troubleshooting information for this connection, click Help.
And looking in the log:
[cmdial32] 08:10:23 03 Pre-Init Event CallingProcess = C:\Windows\Explorer.EXE
[cmdial32] 08:10:27 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 08:10:27 06 Pre-Tunnel Event UserName = AzureDesktopCert Domain = DUNSetting = 69722ef6-5908-458f-b585-4d2ddc23a105 Tunnel DeviceName = TunnelAddress = azuregateway-69722ef6-5908-458f-b585-4d2ddc23a105-fbc94105fe0e.cloudapp.net
[cmdial32] 08:10:30 21 On-Error Event ErrorCode = -2147023660 ErrorSource = RAS
[cmdial32] 08:11:07 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 08:11:07 06 Pre-Tunnel Event UserName = AzureDesktopCert Domain = DUNSetting = 69722ef6-5908-458f-b585-4d2ddc23a105 Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress
= azuregateway-69722ef6-5908-458f-b585-4d2ddc23a105-fbc94105fe0e.cloudapp.net
[cmdial32] 08:11:11 21 On-Error Event ErrorCode = -2147023660 ErrorSource = RAS
[cmdial32] 08:26:56 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 08:26:56 06 Pre-Tunnel Event UserName = AzureDesktopCert Domain = DUNSetting = 69722ef6-5908-458f-b585-4d2ddc23a105 Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress
= azuregateway-69722ef6-5908-458f-b585-4d2ddc23a105-fbc94105fe0e.cloudapp.net
[cmdial32] 08:26:59 21 On-Error Event ErrorCode = -2147023660 ErrorSource = RAS
I have checked the certificate I created and installed at the time and that is all still fine and in correct location and am struggling to troubleshoot further.
Any ideas guys of what the problem could be or how to diagnose further?
Many thanks
↧
Trouble connecting Cisco ASA 5585x to Azure VPN
Created an Azure virtual network with a point to point connection. Then created the gateway. Once the gateway was created, I downloaded the Cisco config and sent it to my firewall team. Azure is supposed to be using ikev1 for crypto, but when I download the config and open it up everything is set to isakmp. Firewall team states that our ASA is on v9.2 and we no longer use isakmp.
Cannot get the VPN tunnel past the "connecting" screen, any ideas why the config file keeps showing isakmp instead of ikev1? This is a static route, not dynamic, just fyi.
Thanks for any help!
↧
Error_1_Web deployment task failed. ('Microsoft.Web.Deployment.DeploymentBaseOptions' does not contain a definition for 'UserAgent')__
Hi folks, can someone please HELP me with this, its driving me round the bend...
I have tried to publish a website using Microsoft Studio web express 2013. Every time I try to use thePublish tool I receive the following error;
“Error1Web deployment task failed. ('Microsoft.Web.Deployment.DeploymentBaseOptions' does not contain a definition for 'UserAgent')00TyrescannerWebApp”
After Googling this error I found out that I needed to install Web Deploy 3.5
I tried to install this, received another error - This product did not install successfully, the installer has encountered an unexpected error installing this package, error code is 2738
What is going on!!!
↧
Configure a Draytek Vigor 2820 router to connect to the Azure virtual network
Can the Draytek Vigor 2820 router be used to create a lan to lan connection to the Azure virtual network? If so how do I go about configuring it. I have setup the Azure virtual network but can't seem to connect to it using the pre shared key. Any ideas?
↧
↧
Possible to create Cloud-only Virtual Network with Resource Manager?
I'm trying to create a 'cloud-only' virtual network with Azure Resource Manager. I do not have any on-premise requirements, everything is living solely in Azure.
I've read that I can't provide my own DHCP server for IaaS VMs. And Azure-Provided DNS doesn't seem to work; I can only see references to Cloud Services, but these do not exist in V2. I've tried creating two virtual machines in a Resource Group, but they
can't ping or nslookup each other either (see http://stackoverflow.com/questions/31000313/how-can-i-use-azure-provided-dns-for-resource-manager-vms)
How can I get name resolution working without a connection to an on-premise network?
↧
Network Security Group attached to a VM stopped working suddenly.
I need to send log messages out of a VM so last week I created a Network Security Group via PowerShell and traffic started flowing out. On Friday we stopped receiving traffic unexpectedly. I can still connect to our remote IP/Port from other locations but not from our Azure VM. I deleted/re-created the rule on Network Security Group and updated the VM several times but so far nothing has worked. When I try to remove the Network Security Group from the VM I get the below error message. I'm not sure where to go from here. Azure has been nothing but frustrating.
C:\> Get-AzureVM -ServiceName "testtsservice" -Name "testtsservice" | Remove-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "AzureSNG1"BOSE: 10:41:22 AM - Completed Operation: Get Deployment
ove-AzureNetworkSecurityGroupConfig : 10:41:22 AM - Cannot remove Network Security Group "AzureSNG1" from Virtual Machine "tstesttsservice" because it is not directly.
line:1 char:70
et-AzureVM -ServiceName "tstesttsservice" -Name "tstesttsservice" | Remove-Azur ...
~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-AzureNetworkSecurityGroupConfig], Exception
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.RemoveAzureNetworkSecurityGroupConfigCommand
The NSG was created using the following commands.
New-AzureNetworkSecurityGroup -Name "AzureSNG1" -location "West US"
Get-AzureNetworkSecurityGroup -Name "AzureSNG1" | Set-AzureNetworkSecurityRule -Name "AzureLogOut" -Type Outbound -Priority 100 -Action Allow -SourceAddressPrefix 'VIRTUAL_NETWORK' -SourcePortRange '*' -DestinationAddressPrefix 'our_remote_ip.0/24' -DestinationPortRange "3515" -protocol '*'
I assign the NSG to the VM with this command.
Get-AzureVM -ServiceName "tstesttsservice" -Name "tstesttsservice" | Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "AzureSNG1"
And then update the VM.
$VM = Get-AzureVM -ServiceName "tstesttsservice" -Name "tstesttsservice"
Update-AzureVM -VM $VM.VM -Name $VM.Name -ServiceName $VM.ServiceName
↧
Dell Sonicwall Dynamic Routing Device Support
Up until November 24, 2014 the known compatible VPN devices here http://msdn.microsoft.com/en-us/library/azure/jj156075.aspx listed Dell Sonicwall as compatible. The page was updated November 24, and Dell Sonicwall is now listed as Not Compatible.
Can someone please explain what changed, and why Sonicwall is no longer compatible?
↧
Not able to SSH to VM after applying Network Security Group
Problem Statement:
Not able to SSH to VM after associating a NSG.
We have been trying to create a VM and associate it to an NSG following steps mentioned here:
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
Following are the details in depth:
We have tried creating Network Security group(under which we are creating some rules) for Azure and then associate the security group to a VM to allow access on some ports.
1. Creating Network Security Group via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913818.aspx?f=255&MSPPError=-2147217396
In this call we are passing the Name, label and Location.
<Name>TestSecViaCode-14</Name>
<Label>VNMC_RES_ID-123456789ab4</Label>
<Location>West US</Location>
2. Creating Network Security Rule via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913819.aspx
In this call we are passing the Rules information. We have added one rule to Allow SSH on port 22 to security Group TestSecViaCode-14
Rule info retrieved with Get Network Security Group REST call:
<Name>Allow SSH</Name>
<Type>Inbound</Type>
<Priority>120</Priority>
<Action>Allow</Action>
<SourceAddressPrefix>*</SourceAddressPrefix>
<SourcePortRange>22</SourcePortRange>
<DestinationAddressPrefix>*</DestinationAddressPrefix>
<DestinationPortRange>22</DestinationPortRange>
<Protocol>TCP</Protocol>
<State>Active</State>
3. Create VM under a Virtual Network(Subnet) with Network Security Group info passed in while creation of VM (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/jj157194.aspx
VM(Role) Details:
Virtual Network: Test2
Hosted Service: 20150624043926-18426
Deployment Name: VMNameTestviaJAVA03
Role Name: VMNameTestviaJAVA03
In this call we are setting the parameter under NetworkConfiguration like below:
<NetworkSecurityGroup>TestSecViaCode-14</NetworkSecurityGroup>
We are also adding the required endpoints on the VM.
NAME
PROTOCOL
PUBLIC PORT
PRIVATE PORT
LOAD-BALANCED SET NAME
SSH TCP 22 22 -
HTTPS TCP 443 443 -
RemoteDesktop TCP 3389 3389 -
DataPathTCP TCP 6644 6644 -
DataPathUDP UDP 6644 6644 -
DataPathTCP6646 TCP 6646 6646 -
DataPathUDP6646 UDP 6646 6646 -
4. After this we have verified whether the Security Group is attached to the VM by the following REST call: (Verified Successfully)
https://msdn.microsoft.com/en-us/library/azure/mt179353.aspx
We found it is Successfully attached
5. Now we should be able to access the VM on port 22 (Expected behavior)
But we are not able to access the VM, after attaching the Security Group.
We also tried attaching a Network Security Group to Role from commandshell by using following command:
Get-AzureVM -ServiceName "20150624043926-18426" -Name "VMNameTestviaJAVA03" `
| Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "TestSecViaCode-14" `
| Update-AzureVM
But still we are not able to access the VM, after attaching the Security Group.
Please resolve.
Thanks
Not able to SSH to VM after associating a NSG.
We have been trying to create a VM and associate it to an NSG following steps mentioned here:
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
Following are the details in depth:
We have tried creating Network Security group(under which we are creating some rules) for Azure and then associate the security group to a VM to allow access on some ports.
1. Creating Network Security Group via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913818.aspx?f=255&MSPPError=-2147217396
In this call we are passing the Name, label and Location.
<Name>TestSecViaCode-14</Name>
<Label>VNMC_RES_ID-123456789ab4</Label>
<Location>West US</Location>
2. Creating Network Security Rule via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913819.aspx
In this call we are passing the Rules information. We have added one rule to Allow SSH on port 22 to security Group TestSecViaCode-14
Rule info retrieved with Get Network Security Group REST call:
<Name>Allow SSH</Name>
<Type>Inbound</Type>
<Priority>120</Priority>
<Action>Allow</Action>
<SourceAddressPrefix>*</SourceAddressPrefix>
<SourcePortRange>22</SourcePortRange>
<DestinationAddressPrefix>*</DestinationAddressPrefix>
<DestinationPortRange>22</DestinationPortRange>
<Protocol>TCP</Protocol>
<State>Active</State>
3. Create VM under a Virtual Network(Subnet) with Network Security Group info passed in while creation of VM (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/jj157194.aspx
VM(Role) Details:
Virtual Network: Test2
Hosted Service: 20150624043926-18426
Deployment Name: VMNameTestviaJAVA03
Role Name: VMNameTestviaJAVA03
In this call we are setting the parameter under NetworkConfiguration like below:
<NetworkSecurityGroup>TestSecViaCode-14</NetworkSecurityGroup>
We are also adding the required endpoints on the VM.
NAME
PROTOCOL
PUBLIC PORT
PRIVATE PORT
LOAD-BALANCED SET NAME
SSH TCP 22 22 -
HTTPS TCP 443 443 -
RemoteDesktop TCP 3389 3389 -
DataPathTCP TCP 6644 6644 -
DataPathUDP UDP 6644 6644 -
DataPathTCP6646 TCP 6646 6646 -
DataPathUDP6646 UDP 6646 6646 -
4. After this we have verified whether the Security Group is attached to the VM by the following REST call: (Verified Successfully)
https://msdn.microsoft.com/en-us/library/azure/mt179353.aspx
We found it is Successfully attached
5. Now we should be able to access the VM on port 22 (Expected behavior)
But we are not able to access the VM, after attaching the Security Group.
We also tried attaching a Network Security Group to Role from commandshell by using following command:
Get-AzureVM -ServiceName "20150624043926-18426" -Name "VMNameTestviaJAVA03" `
| Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "TestSecViaCode-14" `
| Update-AzureVM
But still we are not able to access the VM, after attaching the Security Group.
Please resolve.
Thanks
↧
↧
Need to upgrade existing Site to Site conectivity to Azure Express Route
Hi,
For a case study, we have an existing Site-to-Site connectivity in place. We now procured ExpressRoute Connection through an Exchange Provider. So we wanted to upgrade the exisitng connection with Express Route.
I have gone through this link:https://azure.microsoft.com/en-in/documentation/articles/expressroute-configuring-exps/
Is the steps mentioned in the above link is enough or is there any specific steps to be followed to upgrade the connection?
Will there be network outage between on-prem and azure services during this change?
Any inputs will be helpful. Thanks.
↧
Application not using VPN - Firewall?
Hello!
I'm having a VPN connection to a VM in a network on Azure, now i have a application that requires me to put the host in.
So when i go the ip adress of the VM, its loads the VM so thats good.
However, the application won't connect to the IP.
Is there a way to turn of the firewall of the VM or VNet? To check if thats the problem.
↧
Site-to-Site VPN Problem..
Hi there..
I have a problem with a vpn ste-to-site between azure and my on premises environment. The connection is successfully established and I can access all machines on my on premises from azure (except ICMP). But
i can't access any machines in Azure from my on premises environment. It's like the connection is enabled only from azure side. The windows firewall is disabled...
↧
DFS Namespace not seen through Point to Site VPN Connection
We are attempting to connect through a point to Site VPN Connection to DFS namespace. So far we can establish a P2S connection through Azure to our onPrem and azure based file server. We can map and access our Server file shares (ServerName.domain\Share) through the P2S VPN Connection with no problems. When we attempt to access a DFS NameSpace we are getting the error message "Not accessible, the specified account does not exist" or "Windows cannot access <namespace>\ShareName".
Is access a DFS namespace supported through a P2S connection?
↧
↧
Azure internal Load balancer problems
Hi,
I have setup an Site-to-Site vpn from AWS-VPC to Azure. This is working fine and aws instances can talk to azure vms.
I have now setup an azure internal load balancer and this is where i start to have problems. Azure vms behind the ILB are running a simple flask app. From my aws instances i can curl to the app and return data. Some times when i route through the ILB VIP the request hangs however.
ILB VIP - 172.16.0.10
Request from AWS instance which hangs::
curl -Lv http://172.16.0.10:8081/jobs/6a319bb7ca354945ad05d0515c8e8a9c/status* Trying 172.16.0.10...* Connected to 172.16.0.10 (172.16.0.10) port 8081 (#0)> GET /jobs/6a319bb7ca354945ad05d0515c8e8a9c/status HTTP/1.1> User-Agent: curl/7.35.0> Host: 172.16.0.10:8081> Accept: */*
ILB Health Check returned HTTP 200 and i have removed the second machine from the ILB so i know this backend node is working:
100.78.x.xx 0.042 168.63.xx.xx - - [26/Jun/2015:16:16:28 +0000] "GET /status HTTP/1.1" 200 51 "-" "Load Balancer Agent"
If i hit the node directly and bypass the ILB then i get a response back.
curl -Lv http://172.16.0.6:8081/jobs/6a319bb7ca354945ad05d0515c8e8a9c/status * Hostname was NOT found in DNS cache* Trying 172.16.0.6...* Connected to 172.16.0.6 (172.16.0.6) port 8081 (#0)> GET /jobs/6a319bb7ca354945ad05d0515c8e8a9c/status HTTP/1.1> User-Agent: curl/7.35.0> Host: 172.16.0.6:8081> Accept: */*> < HTTP/1.1 200 OK* Server nginx is not blacklisted< Server: nginx< Date: Fri, 26 Jun 2015 16:18:49 GMT< Content-Type: application/json< Content-Length: 26624< Connection: keep-alive< Cache-Control: private, max-age=0, no-cache, no-store< Strict-Transport-Security: max-age=15768000< X-Host: 34A8CA5D-0C68-F440-92A6-1F2DC0FF0438<
Does any one have any advice on what i can check to try and resolve this problem thanks.
Please let me know if anyone needs further information↧
AzureIPReservedIPAssociation - VirtualIPName ends with "ContractContract"
Hi,
I ran the command below..
New-AzureReservedIP–ReservedIPName$ReservedIPName–Label$label–Location$location
Set-AzureReservedIPAssociation-ReservedIPName$ReservedIPName-ServiceName$ServiceName-VirtualIPName$ServiceName
Now when i do a Get-AzureReservedIP -ReservedIPName $ReservedIPName then i get an output which looks ok but the VirtualIPName is showing as vipnameContractContract
Where did the ContractContract come from and how can i rename it?
↧
Network Load Balancing with client affinity as Single.
Hi,
I have configured Network Load Balancing and added two hosts in a cluster. (Issue: Load is only on one server not forwarding to another server added in the cluster).
I have two host (Host 1 and Host 2) where application is deployed and which is added in a cluster NLB. When I am setting Port rules as "Single" in cluster properties then all load (client incoming request) forwarding to only one server (Host 1) and it is not distributed to other server i.e. Host 2.
I will appreciate If someone can help me in this scenario.
Thank You.
Best Regards,
Nikhil Gupta
↧