GCP instance does not start service StackDriver Monitoring - google-cloud-monitoring

I have migrated a windows server 2008 r2 to GCP, in the process of putting it into production recreate the disks from snapshot and image in another project where I made sure in its creation that the instance had the default service account with the default permissions among the which is writing to StackDriver Monitoring, even so when installing the agent in the operating system, it does it without any problem, when verifying the service is stopped, when it starts it automatically stops again and registers the following in the event viewer log:
error metadata
On the other hand, and verified that there is communication with metadata.google.internal and not, for this reason request the client to recreate the registry in the DNS for said resolution:
enter image description here
even so, metadata.google.internal still does not respond, despite the fact that the machine does have Internet access open in the firewall and the private access vpc is also enabled.
How can I solve this problem?

Related

Azure Data Factory Integration Runtime Going Into Limited State

My team have created an IR in an on-premises VM and we are trying to create a Linked Service to an on-prem DB using that IR
Whenever we click on Test Connection in the Linked Service, the connection fails and IR goes into a limited state
We also whitelisted the IPs provided by Microsoft for IR ADF and also checked the network traces and all seems fine there
Also, we stopped and restarted the IR, uninstalled and installed it again but still the problem resists
Have anyone faced a similar kind of issue?
As this has been a long time we are facing this issue which has now become a blocker for us
Thanks!
This is observed when nodes can't communicate with each other.
You can Log in to the node-hosted virtual machine (VM). Go to Applications and Services Logs > Integration Runtime, open Event Viewer, and filter the error logs. If you find the error System.ServiceModel.EndpointNotFoundException or Cannot connect to worker manager
Follow the official documentation with detailed steps for Troubleshooting Error message: Self-hosted integration runtime node/logical self-hosted IR is in Inactive/ "Running (Limited)" state
As it states:
try one or both of the following methods to fix:
- Put all the nodes in the same domain.
- Add the IP to host mapping in all the hosted VM's host files.
I ran into same issue. Our organization has firewall rules preventing specific ports or url's from outside network. We added Data factory services tags with internet facing in Route table, and IR then connected successfully.

Is there a way to keep track of who is accessing azure vms?

I'm setting a server as a windows virtual desktop host pool. Is there a way to keep track of who is accessing the server?
Now I am using Azure Log Analytics workspaces to connect with VM, I've tried to find some queries to get the information of who is accessing the server.
Query:
VMConnection
|where computer == 'TestVM01'
I except the output of who is accessing the server, but I don't know how to write the query. If you know some information about it, please share your idea here, thanks so much.
Accessing the VM, or logging on to the VM?
Logging on to the VM would be OS logging, eg Windows Event Audit Logs or whatever the Linux logs are.
Accessing the VM would be network traffic, or in other words: Your NSG flow logs for which you would need to have Network Watcher configured. You would be able to see which source tries to access at which point in time on which port (RDP/SSH)
So you could relate both of those logs with each other by matching the time-stamps.
AFAIK the portal and thus the logs from Azure itself, don't keep track of which person tries to access a VM for logon.
I believe it is possible to have Windows Event Logs sent to Log Analytics, or actually, have Log analytics fetch the Event logs, no clue for Linux logs. So that's one part of the whole, I do not know if you can do the same for the NSG flow logs.

Host name resolution error (DNS) while accessing to app service

Recently, I have noticed that many requests to my app service fails due to a DNS issue (on daily basis).
I use the app service to run a web service to my platform (app service is located in west UK).
I get the same errors from both Android&IOS applications being used by my users.
The error says: "unable to resolve host ***.azurewebsites.net"
In addition, I would like to specify that I created a new app service (located in west Europe), but still
get the same errors.
The errors seems to be received randomly, on different times and from different devices.
Update
I created a new app service and add some simple logic in the client side, in which I switched between the two app services upon dns error detected.
After exploring my logs, I have noticed that sometimes I had success (no dns issue when switching to the secondary app service), and sometimes
the dns error keep occurring.

Azure Error 403 this site is stopped

I have a asp.net mvc5 site running off a azure website, its running off a D1 shared infrastructure.
In the last couple of days I've had a few issues when deploying to it. Its at times been unable to deploy. (i've hashed out my site name)
Error 26 Web deployment task failed. (Could not connect to the remote
computer ("#####.scm.azurewebsites.net") using the specified process
("Web Management Service") because the server did not respond. Make
sure that the process ("Web Management Service") is started on the
remote computer. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.)
And now when I deploy I'm getting
Error 403 - This web app is stopped.
. When I look in the azure portal it says the site is running and I cannot see anything in the ftp logfiles\http\rawlogs\ which would indicate this issue. i.e. I can just see 200 responses from then the site was last responding.
Restarting the site via the portal doesnt seem to make a difference.
How can i diagnose the cause of this problem? and is it possible that it could be related to any changes i have made to my application rather than a server infrastructure issue?
You may be running into Quota issues if your site is in SHARED mode. Please try upgrading to STANDARD mode.
Here is a screen shot:
I was having the same problem. Our site wasn't in shared mode and scaling up/down to another service plan helped for a moment but the problem quickly recurred.
Turned out the staging environment was bad.
To fix the problem, I had to swap, delete the staging slot, and then wait ~30 minutes before I could recreate it (got errors saying the hostname still existed).
I also had the same deployment problem from Azure Devops and the site wasn't in shared mode.
Failed to deploy web package to App Service.
Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("######.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
Error: C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe failed with return code: 4294967295
I wasn't able to get to the Kudu site (######.scm.azurewebsites.net) from my local machine but I was able to from a JumpBox VM in our Azure subscription.
After inspecting the settings at resources.azure.com I noticed that under the "web" settings:
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{SiteName}/config/web?api-version=2018-02-01
The "scmIpSecurityRestrictionsUseMain" value was set to "true". I set it back to "false" and was able to deploy and view Kudu locally again.

HTTP Request Timeout Windows Azure Deploy

I have an MVC 4 website using a WCF service. When I deploy to Windows Azure using the VS 2012 publish wizard, I get this error:
10:13:19 AM - The HTTP request to 'https://management.core.windows.net/42d4257b-5f38-400d-aac5-2e7acee9597d/services/hostedservices/myapp?embed-detail=true' has exceeded the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout.
After cleaning the project and publishing a few times, the error goes away. What am I doing wrong?
Whenever you start publish process from VS machine, a SSL tunnel is established first and once the tunnel is created, the package is transferred from your machine to Windows Azure Portal first. After the upload is completed, you will see the result notifications are posted back to Publish result windows and that is how it happens.
In your case, the time to build the SSL tunnel doe secure package transfer is longer then normal, this could be because of network latency between your machine and the Windows Azure Management Portal. For security reason the time to create the tunnel smaller windows and if the connection is not created, the retry cycle starts the process again and even if that fails you are greeted with the failure message. This could be caused by excessive traffic on either side or both sides. So this is mainly a networking related issue rather then specific to Windows Azure as after some time successive tries, you could upload your package.
In such failure/situation, you can run network capture utilities i.e netmon, wireshark, and see the time taken during failure and success to see the different in various transfer. This will help you to understand the underlying delaying issues.
Try to update your roles diagnostics
like below
then update your storage credentials because it may be expired.

Resources