I have a batch file on azure VM, which needs to be called from on-premises scheduler. Is it possible for us to access a file , on azure VM from on-premises machine
Please help
yes , we can , if port 445 is open on the Azure VM , then we can access the shared folder on Azure VM.
In the NSG , for inbound traffic , we need to open port 445
Related
When I tried to connect file share to my windows laptop, it said that port 445 is blocking.
Please help me to solve this problem.
Thank you for your kind help.
Error:
if ($connectTestResult.TcpTestSucceeded) {
# Save the password so the drive will persist on reboot
cmd.exe /C "cmdkey /add:`"storagetestmy3.file.core.windows.net`" /user:`"localhost\storagetestmy3`"
/pass:`"ZvWYXdvAkX112rT8k2MxQLqlcDi1oA+EZNNoGeQ2Bv88DDUWFdtcmbXXfKk/mHNMlw1TDVX3Vrkb+AStoh/kOQ==`""
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\storagetestmy3.file.core.windows.net\fileshare3" -Persist
} else {
Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization
or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a
different port."
} : Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not
blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port.
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException
As Per the MSFT Doc of 445 Port blocked by Windows File Connection to Azure File Share,
Your client OS should support SMB 3.0. Make sure this SMB Direct option is enabled in your windows system.
Run this command Test-NetConnection in the Windows PowerShell where you should get the PingSucceeded as True. This test is to verify the port 445 is blocking by your ISP or VPN.
If your test result is False, then port 445 (TCP Outbound) needs to be opened by your ISP or the firewall.
Another way to test that the port 445 is blocking by the firewall or ISP, using the AzFileDiagnostics tool.
Reason:
From outside the region or datacenter, Azure Files only allows SMB 3.0 with encryption support connections.
Due to some historical reasons of vulnerabilities found in lower SMB versions, port 445 has been blocking by the ISPs or System Firewalls or Organizations.
Alternative Ways to connect to Azure File Share from the Windows System:
You can setup a Point to Site VPN to your Azure File Shares. Refer this GitHub article for setting up P2S VPN.
From your local machine, you can mount the file share using the SMB 3.0 Protocol.
You can use tools like Azure Storage Explorer to access files in your file share.
Example:
Generate SAS URL of your Azure File Share from the Storage Account.
Open Azure Storage Explorer and Sign into Storage account using SAS URL:
Select the SAS URL option in the next windows and paste the URL copied from Azure Storage account portal and click on connect.
Result:
You can use Storage Client libraries, REST APIs, PowerShell, or Azure CLI to access your files in the Azure file share from your application.
can anyone help with some azure vm issues. I wished to connect a domain server VM and a ordinary server VM and use active directory synchronization. But every time I deploy new VM from azure portal, it always have the DNS name status as not configured. I really don't understand why. I set the DNS server with the private IPs of the VMs on the vNet. Thanks for replies and advise. VM DNS name not configured
As the comment stated, the DNS name for that VM is actually associated with the public IP attached to that VM. You can follow this step to create FQDN for an Azure VM.
If you want to join the Azure VM to your local domain, you can follow this link:
The main steps are as follows:
Establish cross-site connectivity using Azure site-to-site VPN connections
Configure a custom DNS server
Provision a VM with a custom DNS server
Join the Azure VM to the on-premises Active Directory domain
If you intend to join a Windows Server virtual machine to an Azure Active Directory Domain Services managed domain, read this tutorial.
I have a SQL Server DB in a VM in a VNET in an Azure Subscription . Currently it does not have any connection open to the Internet .
My application team has designed a Microsoft Flow application that will read some emails , parse them in some way and push those files into the sql server database (local storage).
I cannot open my VM NSG to the entire internet. What NSG Rules do I need to implement?
The IP address from which Microsoft Flow requests are sent depends on the region where the environment that contains the flow is located. If you want to access SQL Database hosted on Azure VM from your Microsoft Flow application, you may whitelist these IP addresses.
Then you could follow these steps in how to open ports to a virtual machine with the Azure portal to open port 1433 and protocol. You have configured the outbound IP addresses above in the source IP addresses and dest port range 1433 in the inbound rule of NSG. Also, you need to ensure the same inbound traffic flow in VM itself firewall.
Since Azure SQL have only DNS address and no IP , we can not enforce ACL's/NSG's on our Azure app VM as it needs to communicate with our Azure SQL..
ACL's/NSG's only have IP ranges restriction..no DNS restrictions..
So , potentially, a hacker who managed to sneak to our Azure App VM , can push its stolen data to what ever IP he wants as long as he is going out in port 1433.
Anyway we can restrict outbound communication from Azure VM only to our Azure SQL ?
You are correct, you can not place an Azure SQL Database within a Virtual Network (VNet). Also, you can only configure a NSG Outbound Security rule to use a Tag that restricts communication to Internet, Azure Load Balancer, or Azure Traffic Manager endpoint. So, unfortunately, it's currently not possible to restrict an Azure VM with NSG to only be able to communicate to a specific Azure SQL Database over Port 1433.
However, on the other side you can restrict the Azure SQL Database firewall rules to only allow your Azure VM to connect to the database by specifying it's IP Address in the SQL Database Firewall rules.
I tried to configure a VPN with default values (10.0.1.x) with a point-to-site feature configured.
Azure Websites has been configured too, using the new Azure portal, to point to the Point-to-Site of the VPN.
When a try to contact SQL server of my VM in Azure (Iaas) fails, while locally on the VM I can do it.
I also configured an end point for the port 1433 on the VM with the relative firewall configuration.
Is there a way to check where is the issue using the website ?
Thanks a lot.
Fabio