Cannot connect to VM azure - azure

Yesterday I was able to connect to VM. After i closed it, I was not able to connect anymore.
I am getting these errors:
Network connectivity blocked by security group rule: DefaultRule_DenyAllInBound
Error:
I am expecting a possible solution to this problem.

You have a rule in your network security group to allow RDP on TCP 3389, however, your test connection is for SSH on TCP 22. Which are you trying to connect by? RDP or SSH?
Either add a rule to allow SSH or change your test to use RDP.
Note also, it is not good practice to open your NSG to source ANY. If you have an source IP or range that you can specify, it would be hugely more secure.

To create a new rule, on the Networking blade of the VM (your second screenshot) click Add Inbound Port Rule and create a rule like this:

Related

Connect to server behind

I have a newly installed MikroTik switch, and have successfully configured it for VPN traffic. However, behind the switch is a Linux server to which I am unable to connect via PuTTY. I can see the server and its IP address in Winbox->IP->DHCP Server->Leases, but as I say, I can't connect from within the VPN. I've made several attempts to add a rule to the firewall that would permit access and I've even gone so far as to uncheck the firewall router box in Quick Set, but no matter what I've tried, it always times out. To be clear, I'd like the server to be visible to all machines connected to the switch - both via ethernet and via pp2p.
I've been googling for hours, and I'm completely new to network engineering, so any help would be greatly appreciated.
I think the problem may be due to NAT and your VPN IP Subnet. I have my VPN users in 192.168.4.0/24 the main subnet is 192.168.0.0/22. In Winbox got to IP>Firewall then in the NAT tab make sure you have a masquerade action on your VPN subnet. I think the VPN quick set adds one but if your using different subnets it gets confused. See the image for what I have set for my VPN users to access servers and resources on the main network.

Unable to establish connectivity on a port after configuring proper rules

I have a Linux VM on azure, which I can access using SSH without any issues. I needed access to another port(lets say 7077) from outside, and here is what i have done so far, but unable to establish connectivity
Created an inbound rule from the networking settings, it created the rule on the Network security Group attached to the network interface.
Added a new Network Security Group, attached it to the Subnet
If I do a netcat request on port 22, i get a successful connectivity, but for the port 7077 I get connection refused.
Also with IP flow verification passes for the port
Any pointer would be helpful.
You need to allow that same port in the firewall settings of the VM. The OS itself is what is refusing the connection suggesting you have not setup any firewall rules to allow that port.
Try adding a allow rule in the firewall settings and see if you can reach that port.
https://www.digitalocean.com/community/tutorials/how-to-list-and-delete-iptables-firewall-rules
http://www.thegeekstuff.com/2011/02/iptables-add-rule/
Ubuntu 17.04
https://help.ubuntu.com/lts/serverguide/firewall.html

Azure VM Remote Desktop Can't Connect

Following a how-to book's guide on setting up a VM through the Azure Portal and getting the error when trying to connect
Remote Desktop can't connect to the remote computer for one of these reasons: 1) Remote access to the service is not enabled 2) The remote computer is turned off [Verified through the Azure Portal it is turned on because Start is faded, while Restart and Stop are not] 3) The remote computer is not available on the network.
The error occurs before I'm able to enter any credentials - it doesn't find the IP at all. The RDP file details (IP removed of course):
full address:s:[IPAddress]:3389
prompt for credentials:i:1
administrative session:i:1
What I've tried:
Even though the How-To book doesn't show where/how to specify a port, when I download the RDP file from the Connect option, it specifies the port 3389. The book seems to imply that simply downloading this file and connecting will work and there's no need to specify the port. I get the above error.
Flushed DNS on my computer, ipconfig /flushdns
In the Network Security Group option for the VM, I verified that port 3389 allowed any source and wasn't specific.
I did miss associating the subnet part of the Network Security Group to a virtual network, so I did associate my NSG with the default subnet set up for my Virtual Network.
From the Quick start option, I don't see how to connect to this either; I'm guessing, I need to specify a different port, but don't see where to do it here either => Update: this appears to be in the Network Security Group's Inbound security rules in the Azure portal.
Boot Diagnostics option shows the login screen. A ping to the IP address fails four times with "Request timed out."
Note: this is not a Virtual Machine (classic).
just wanted to share what worked for me.
After receiving an error prompt:
Connect is disabled for this virtual machine because of the following
issues: Network interface 'vmwindows1094': Network security group
'VMWindows10-nsg' does not have inbound security rule that allows port
3389. VMWindows10-nsg
I have added an inbound port rule. Under VM > Settings > Add inbound port rules.
Port: 3389 Protocol/Source/Destination: Any (this can be configured based on your security rules) Action: Allow
On the Azure portal, Select your VM -> Settings -> Boot diagnostics. Make sure that you can see the login screen. You might need to enable diagnostics (under Monitoring section) if not enabled already.
If you don't see the login screen, trying the 'Redeploy' option under 'Support and Troubleshooting' section of settings.
If you can see that the machines has booted correctly, the connectivity issue might be because of a firewall at your end or on the VM. See if you can ping the machine. If you are behind a corporate firewall, try connecting from elsewhere and check your PC's firewall.
Creating a new Virtual Machine on the new portal now creates a NSG (Network Security Group) along with the VM. You should be able to find it under all resources, same name as you VM. Make sure that there is an Inbound rule configured for Remote desktop (it is created by default but might be worth checking).
I had the same problem but adding an inbound security rule was not sufficient (although it is also needed).
I had to go to virtual machines > (myVm) > Reset password and then choose Reset configuration only
Try checking your VM has enough memory.
I had tried all of above suggestions and still didn't manage to access.
After trying many times I managed to get in a message appeared saying:
Your Computer is low on memory
Not 100% sure that was the reason though.
I faced the same issue. I had created an Azure VM but wasn't able to connect to it using RDP.
The culprit was a default "Inbound Port Rule" due to which all the inbound traffic was being blocked.
The solution is to create a new rule by clicking the "Add Inbound Port Rule" and allow traffic from port 3389. Make sure that the priority of this new rule is greater than the "DenyAllInBound" rule otherwise our new rule will not have any effect.
After adding the rule, try connecting to the VM using its public IP in RDP and you should be able to connect.
This worked for me, hope it helps you as well.

Setup Azure Network security group rules for Octopus Tentacle?

I've been trying to setup my Azure Network security group to accept connections to my Octopus Tentacle, but with no success.
I know the Tentacle is properly working because I can connect using localhost, all that's left is to be externally available.
Could anyone shine a light on the necessary rules at the Network security group? Find below my own rules.
Kind regards and thanks in advance!
Open Windows Firewall on your VM. And add an allowed access for
"10933" TCP port. (10933 the default port between Octopus server and tentacle)
If your Octopus Server and tentacle are not on the same Azure
resources and still couldn't telnet the Tentacle, You must add an "Inbound
security rule" for the same 10933 TCP port which used by your VM's
network security group.
Optional:You should give a static IP and domain name to your VM on Azure. Your Network admin should configure it a IP restricted access.
For testing the connectivity. You should use "telnet client". Open cmd and write this. If there is no connection error/timeout it's working .
telnet yourtentaclesextrenalIPaddress 10933
You should add the endpoint and firewall settings on your virtual machine firewall (not the Azure you mentioned). This is the official tutorial on how to set up the Tentacle. Also take a look if your OS you want to launch Tentacle on is supported (the same link).

Azure Point to Site port 445

I've setup Azure point to site and I'm able to connect from my computer to an Azure VM (file share). I'm also able to ping my computer IP address from the Azure VM. However, I'm not able to connect to any resource on my local computer. When trying to access a file share on my computer from the Azure VM I get the following error:
file and print sharing resource (169.254.108.240) is online but isn't responding to connection attempts.
The remote computer isn’t responding to connections on port 445, possibly due to firewall or security policy settings, or because it might be temporarily unavailable. Windows couldn’t find any problems with the firewall on your computer.
Port 445 is enabled on my local computer:
netsh firewall set portopening TCP 445 ENABLE
As an additional test If I issue a \169.254.108.240 from my local computer point to itself it works fine. The same try from the Azure VM gives me the error above.
Thanks,
Your IP address (169.254.*) is a non-routable address. You'll need to get a valid IP (say with DHCP, or set manually) and allow connections to your machine. If you have a firewall, this means adding a NAT rule to it.
If possible, try making the connection from another computer on your LAN to isolate any other firewall/Azure issues.
I think you have to consider several concepts while implementing azure network, first try to put point to site network on a different range of IPs (like 10.4.0.0) then try to disable firewall on your computer and try again, if you have proper routing device it should go through and get the feedback form the local machine.

Resources