I was follwing the steps in the title "Add an allow list" in https://learn.microsoft.com/en-us/azure/active-directory/external-identities/allow-deny-list
As listed in steps
1.Sign in to the Azure portal.
2.Select Azure Active Directory > Users > User settings.
3.Under External users, select Manage external collaboration settings.
I cannot perform the 3rd step, An error pops up like this
what to do?
Highly likely that this is a network issue, please try on another network or browser. If the issue persists please share the console log output.
Related
I am looking into enabling Azure State Roaming on a test group, the user in the group has Azure P1 so I am assuming that is all that is required to get it working.
When I first clicked the tab and entered the group that seemed to work but now when I go to the State Roaming option I get an error that says:
An error occurred while loading this page. You may not have permissions to view this data.
Not sure why I would get this as I am a Global Admin so I should have the permissions and it was working earlier today.
When I try and go to a device to see what is being synced it does say that I have to enable to option but I am unable to get to the option because of the above error.
Can anyone think of why this could be?
Apologies for the trouble. There was a backend issue with Enterprise State Roaming blade earlier which prevented users to access the blade. This issue is resolved now and I am able to see the blade without any issues.
Can you please check and confirm now if are able to access it.
Here's the error message that is stumping me:
My Web App seems to have the correct connection string. This is exactly what Azure provides me when I click Show Connection String:
Server=tcp:myservertest.database.windows.net,1433;Initial Catalog=MyDatabaseTest;Persist Security Info=False;User ID={your_username};Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
Here's the connection string that I put in the Visual Studio Publish Settings Default Connection setting:
Server=tcp:myservertest.database.windows.net,1433;Initial Catalog=MyDatabaseTest;Persist Security Info=False;User ID=*****;Password=***********;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
I have confirmed the username and password are correct...I used the same ones to connect via Microsoft SQL Server Management Studio.
I tried setting up the Diagnostic settings as follows, but I'm not exactly sure where I can find the resulting logs. I don't see them in Kudo services, but I believe they'd be accessed elsewhere.
Does anyone know where they're stored?
Also, what other ways could this Login failed for user error message be debugged?
The error looks like you are able to connect to the server but the server rejects the login. Debugging in the server logs would help, so you are looking at the right place.
You can enable Azure SQL Database Auditing & Threat Detection. You can enable it on SQL Server instance level by opening your SQL Server resource and selecting Security / Auditing & Threat Detection. Select a storage account to store logs in Storage details (see picture below). For more information, see https://learn.microsoft.com/en-us/azure/sql-database/sql-database-auditing.
After enabling auditing try to login to your database. After that you can find the logs in the specified Azure Storage Account in blob container named sqldbauditlogs. The logs are in folder /servername/databasename/SqlDbAuditing_ServerAudit_NoRetention/yyyy-mm-dd/ in files with xel extension. You can download and open the .xel -file in SSMS (File / Open / File…). The xel file contains events and you can see login attempts there.
Event field succeeded tells if the login failed or not, and field server_principal_name contains the username in both cases.
From text in field additional_information you can find error_code (in the xml). Error code 40615 is blocked by firewall and code 18456 is wrong username or password. (error codes from https://learn.microsoft.com/en-us/azure/sql-database/sql-database-develop-error-messages)
You can also find some information in the database system tables for analysing the connections, e.g. sys.event_log (see: https://learn.microsoft.com/en-us/sql/relational-databases/system-catalog-views/sys-event-log-azure-sql-database?view=azuresqldb-current).
More information on troubleshooting the Azure SQL Database connectivity can be found here: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-troubleshoot-common-connection-issues.
I hope this helps you forward with debugging the connection.
You've verified that Allow access to Azure services is ON. This is generally where we get tripped up. If it was coming from an outside place, we'd want to check the IP list here. Knowing that's not it, let's dig deeper.
You've gotten into the Kudu console to verify all the things. From that console, install mssql-cli. Run pip install mssql-cli from the Kudu console. If that doesn't work, look for direct urls curl or download to your PC and use the Kudu Console to upload the file into your app service.
Once you have the mssql-cli installed, try connecting with the credentials you've set in place in appSettings.json. (See https://github.com/dbcli/mssql-cli/blob/master/doc/usage_guide.md#options for command line options.) Most probably, it'll spit out a nice error message about why it can't connect, giving you more clues.
If mssql-cli connects successfully, there's something overriding your app's settings. Did you set the connection string in the Azure Portal's App Settings tab? Temporarily, you might alter your app to write portions of the connection string to an obscure page. And as soon as you get the info, DELETE THE PAGE and then change the password.
Another thing to try: grab all the details from the exception -- including Data and recursively through inner exceptions. It probably has a clue buried in there. You can remotely debug the app on Azure. Before you can debug, you'll need to ensure you've turned on remote debugging and selected the correct version of Visual Studio from the App Settings blade in your App Service.
Continue from comment - Where in Kudu would that be found? Justin in the general file explorer?
Go to Debug console > CMD - site > wwwroot - click Edit icon
Also ensure that Allow access to Azure services is ON.
Sometimes you need to check the connection string on azure application in azure. Maybe the connection string is different from the one in your web.config
I have setup a azure cloud classic. Where I have two instances running one is web role and orleans silos. I want to enable trace and I need a means to login into the box and see the logs. Azure portal is not providing the logs I needed. I am following the following link https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-role-enable-remote-desktop but, in the first step, is to click on the cloud service and click configure but I do not see configure option anywhere. I see only 'Pin, swap and delete'. But I did see an option when click on the cloud class, called configuration. In that configuration, there is nothing for remote desk top.
I do have an option for remote desk top, but when I click that I get an message "This deployment is using RemoteAccess and/or RemoteForwarder modules. We recommend using the RDP extension instead. You can enable this mode by removing the modules from your .csdef and .cscfg and then saving your RDP configuration here."
so my basic question, how what is proper way to remote to that box provided I am getting above mentioned message?
According to your description, you are using Azure new portal to configure Remote Desktop. For a simple way, you could log into Azure classic portal to leverage Remote Desktop Extension approach for you to enable Remote Desktop even after your application is deployed.
Note: For more details, you could follow the section about configuring Remote Desktop from the Azure classic portal in this doc.
so my basic question, how what is proper way to remote to that box provided I am getting above mentioned message?
You could follow this tutorial about configuring Remote Desktop in the service definition file.
I have recently updated my azure subscription and after that I am unable to see my content or resources on the Azure portal and unable to download the publish profile.
So please help me to find the latest subscription in the new azure portal.
From the top right end, you will have your profile. There you will be able to see the Active Directories available for you. Click on that and it will show a page containing info on "Directories+ Subscriptions". In case you are not able to see the respective subscription in any of those directories, it is requested to raise a Support ticket in the portal itself.
You should ask azure support to help you with this. They can see what you have registered in the portal and if something when wrong. One thing you can try is to open the portal in a private browser session to see if anything is cached or not.
I'm currently facing an Access Denied error while connecting to an Azure VM. This VM is registered in an Active Directry. When I log with the AD credentials, I get an "Access Denied" error message with a "Ok" button without any other text on the screen. I never faced this issue before. The maching was working perfectly last week...
Do you have any idea about this issue ?
Thanks for your help
Access Denied Error Screenshot
Can you still access the VM and its using your Azure Portal login? If so, try adding the AD user via RDP.
Go to Computer Mgmt on the VM via Remote Desktop
Expand the list of Remote Desktop Users.
Select the user(s) to add.
See details in the MSDN thread:
https://social.msdn.microsoft.com/Forums/en-US/9ebce1bb-2aa0-4bb0-adc7-d1e229c5ee9e/add-user-to-remote-desktop-group-in-azure-vm?forum=WAVirtualMachinesforWindows
If you're having RDP issues with the primary user account, check the Settings blade of your VM in the Azure Portal, and look at the Users list under Resource Management.
Hope that helps!
I had the same issue, in my case it was related to Terminal Service Licensing.
First save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. This will disable licensing for just that connection:
mstsc <File name>.RDP /admin
after you are able to connect then open the Event Viewer an look for an Event with ID 4105 in WIndows Logs > System. this event should appear every time a logging was attempted.
If that is the case, follow this steps to solve the issue
Event ID 4105 — Terminal Services Per User Client Access License Tracking and Reporting
Hope this helps.