I have an existing VM in Azure which has been running fine for some time but now need to take advantage of MS 99.95% availability and to implement some degree of fault tolerance.
I have found a very useful blog on doing this here. The only thing is that because it is building a very simple test scenario, the areas of DNS and IIS configurations are not covered in any detail.
I have configured 2 new VMs in an Availability Set together with a Load Balancer in Azure. The configuration looks something like this:
Static Public IP (PIP01)
Load Balancer
Availability Set
Virtual Network
Dynamic Public IP (PIP02) Dynamic Public Ip (PIP03)
Network Interface Network Interface
Network Security Group Network Security Group
Virtual Machine (VM01) Virtual Machine (VM02)
This is all configured using ARM.
The VM Firewalls have inbound rules for http and https. They also have inbound rules for ports 446,447 and 8080.
The Network Security Groups have inbound rules for http and https. They also have inbound rules for ports 446,447 and 8080 (see reasons below).
The Load Balancer has 2 rules to pass http and https only.
The Load Balancer has 2 probes for http and https (used by the appropriate rule as above).
The Load Balancer has 2 NAT redirections doe RDP.
The VMs are running Windows Server 2012 SP2 and IIS 8.5
Before any further configuration, if I access PIP01 either by IP address or Azure FQDN then I get the default IIS website. I can edit the page on each VM to show the server name and all appears to work fine.
Shutting down one website causes my current browser session to switch and the fault tolerant nature of the configuration works as expected.
The problems come when I start configuring the actual sites needed. There are 3 sites required. 2 of these are https and I have a UCC certificate for them.
I have configured IIS bindings as follows (these are the same as the existing VM):
Site1
http site1.com 80
http www.site1.com 80
https site1.com 443
https www.site1.com 443
https 447 (allows me to Browse from IIS Manager)Site2
http demo.site1.com 80
http www.demo.site1.com 80
http 8080 (allows me to Browse from IIS Manager)Site3
https dpin.site1.com 443
https www.dpin.site1.com 443
https 446 (allows me to Browse from IIS Manager)The odd port numbers are to allow me to access the sites from IIS Manager whilst the DNS has not been configured.
If I now now re-point the DNS for the main domain and each of the two sub-domains then I hit a problem whereby none of the sites will respond.
I have tried using A records and CNAME to the Azure domain associated with PIP01.
Pinging the relevant domain verifies that the correct IP address is being accessed leading me to believe that DNS is working correctly.
If I access them using PIP02 or PIP03 (e.g. https ://1.2.3.4:8080 (e.g. PIP02)) then I can access each of the sites using the odd ports (8080, 446, 447).
An attempt to access https ://www.site1.com will result in a timeout (e.g. www.site1.com took too long to respond). The same for https ://site1.com, http ://site1.com, http ://www.site1.com.
The same happens with the other 2 sites, they can be accessed on either VM (PIP01 or PIP02) but not through the Load Balancer using PIP01.
I have spent almost a week on this during which I have rebuilt the entire Azure configuration twice.
I am at a complete loss as to where to look next.
Any help would be most appreciated.
John