Problem Statement:
Not able to SSH to VM after associating a NSG.
We have been trying to create a VM and associate it to an NSG following steps mentioned here:
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
Following are the details in depth:
We have tried creating Network Security group(under which we are creating some rules) for Azure and then associate the security group to a VM to allow access on some ports.
1. Creating Network Security Group via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913818.aspx?f=255&MSPPError=-2147217396
In this call we are passing the Name, label and Location.
<Name>TestSecViaCode-14</Name>
<Label>VNMC_RES_ID-123456789ab4</Label>
<Location>West US</Location>
2. Creating Network Security Rule via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913819.aspx
In this call we are passing the Rules information. We have added one rule to Allow SSH on port 22 to security Group TestSecViaCode-14
Rule info retrieved with Get Network Security Group REST call:
<Name>Allow SSH</Name>
<Type>Inbound</Type>
<Priority>120</Priority>
<Action>Allow</Action>
<SourceAddressPrefix>*</SourceAddressPrefix>
<SourcePortRange>22</SourcePortRange>
<DestinationAddressPrefix>*</DestinationAddressPrefix>
<DestinationPortRange>22</DestinationPortRange>
<Protocol>TCP</Protocol>
<State>Active</State>
3. Create VM under a Virtual Network(Subnet) with Network Security Group info passed in while creation of VM (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/jj157194.aspx
VM(Role) Details:
Virtual Network: Test2
Hosted Service: 20150624043926-18426
Deployment Name: VMNameTestviaJAVA03
Role Name: VMNameTestviaJAVA03
In this call we are setting the parameter under NetworkConfiguration like below:
<NetworkSecurityGroup>TestSecViaCode-14</NetworkSecurityGroup>
We are also adding the required endpoints on the VM.
NAME
PROTOCOL
PUBLIC PORT
PRIVATE PORT
LOAD-BALANCED SET NAME
SSH TCP 22 22 -
HTTPS TCP 443 443 -
RemoteDesktop TCP 3389 3389 -
DataPathTCP TCP 6644 6644 -
DataPathUDP UDP 6644 6644 -
DataPathTCP6646 TCP 6646 6646 -
DataPathUDP6646 UDP 6646 6646 -
4. After this we have verified whether the Security Group is attached to the VM by the following REST call: (Verified Successfully)
https://msdn.microsoft.com/en-us/library/azure/mt179353.aspx
We found it is Successfully attached
5. Now we should be able to access the VM on port 22 (Expected behavior)
But we are not able to access the VM, after attaching the Security Group.
We also tried attaching a Network Security Group to Role from commandshell by using following command:
Get-AzureVM -ServiceName "20150624043926-18426" -Name "VMNameTestviaJAVA03" `
| Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "TestSecViaCode-14" `
| Update-AzureVM
But still we are not able to access the VM, after attaching the Security Group.
Please resolve.
Thanks
Not able to SSH to VM after associating a NSG.
We have been trying to create a VM and associate it to an NSG following steps mentioned here:
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-nsg/
Following are the details in depth:
We have tried creating Network Security group(under which we are creating some rules) for Azure and then associate the security group to a VM to allow access on some ports.
1. Creating Network Security Group via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913818.aspx?f=255&MSPPError=-2147217396
In this call we are passing the Name, label and Location.
<Name>TestSecViaCode-14</Name>
<Label>VNMC_RES_ID-123456789ab4</Label>
<Location>West US</Location>
2. Creating Network Security Rule via REST call: (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/dn913819.aspx
In this call we are passing the Rules information. We have added one rule to Allow SSH on port 22 to security Group TestSecViaCode-14
Rule info retrieved with Get Network Security Group REST call:
<Name>Allow SSH</Name>
<Type>Inbound</Type>
<Priority>120</Priority>
<Action>Allow</Action>
<SourceAddressPrefix>*</SourceAddressPrefix>
<SourcePortRange>22</SourcePortRange>
<DestinationAddressPrefix>*</DestinationAddressPrefix>
<DestinationPortRange>22</DestinationPortRange>
<Protocol>TCP</Protocol>
<State>Active</State>
3. Create VM under a Virtual Network(Subnet) with Network Security Group info passed in while creation of VM (Created Successfully)
https://msdn.microsoft.com/en-us/library/azure/jj157194.aspx
VM(Role) Details:
Virtual Network: Test2
Hosted Service: 20150624043926-18426
Deployment Name: VMNameTestviaJAVA03
Role Name: VMNameTestviaJAVA03
In this call we are setting the parameter under NetworkConfiguration like below:
<NetworkSecurityGroup>TestSecViaCode-14</NetworkSecurityGroup>
We are also adding the required endpoints on the VM.
NAME
PROTOCOL
PUBLIC PORT
PRIVATE PORT
LOAD-BALANCED SET NAME
SSH TCP 22 22 -
HTTPS TCP 443 443 -
RemoteDesktop TCP 3389 3389 -
DataPathTCP TCP 6644 6644 -
DataPathUDP UDP 6644 6644 -
DataPathTCP6646 TCP 6646 6646 -
DataPathUDP6646 UDP 6646 6646 -
4. After this we have verified whether the Security Group is attached to the VM by the following REST call: (Verified Successfully)
https://msdn.microsoft.com/en-us/library/azure/mt179353.aspx
We found it is Successfully attached
5. Now we should be able to access the VM on port 22 (Expected behavior)
But we are not able to access the VM, after attaching the Security Group.
We also tried attaching a Network Security Group to Role from commandshell by using following command:
Get-AzureVM -ServiceName "20150624043926-18426" -Name "VMNameTestviaJAVA03" `
| Set-AzureNetworkSecurityGroupConfig -NetworkSecurityGroupName "TestSecViaCode-14" `
| Update-AzureVM
But still we are not able to access the VM, after attaching the Security Group.
Please resolve.
Thanks