I'm having multiple issues with azure VMs that have a similar theme. I configure a VM and some services running on it, everything is working great, I sign off and never touch the VM again, and a day or two later it's no longer working.
In this specific case, I have configured ADFS 2.1 on a Windows Server 2012 R2 VM. The VM is joined to a domain. The domain controllers are on-premises. The VM is part of a virtual network that is connected to the on-premises network via a site-to-site gateway.
Within 24-48 hours of starting the VM, I'll realize that ADFS has stopped working. When I look in the event log, I'll see things like:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
An error was encountered during certificate rollover. The monitoring cycle was shut down. Exception details: The directory service is unavailable.
When the VM first starts, I can ping the domain controller from the VM, and tracert looks normal. Once the problems start, I can still ping the DC, but tracert gives "Request timed out" after the first hop (which is to the ip assigned to the VM). The other thing I notice is that the name of the network adapter changes. When I start the VM, it will be "Microsoft Hyper-V Network Adapter #2". When I come back a day or two later to check on the VM because it's failing, the name will have changed to "Microsoft Hyper-V Network Adapter #3" (and then #4, #5, etc).
Restarting the VM restores all connectivity to the on-premises domain controllers, ADFS starts working again, etc. But why do I have to constantly reboot, and how can I troubleshoot this?
Edit:
Actually, I misspoke. tracert to the dc always gives "Request timed out" after the first hop, even when the VM is first started and ADFS is working. is that expected?