I have a virutal windows server machine running on GCP.
On that machine I have an IIS with several web sites.
Untill recent windows update and restart in Site Binding I was able to see the external IP from the forwarding rule, like this:
Example from another, working server
But now the external IP is not listed, despite the forwarding rule exists:
The real state of the server in question
And because of this my sites are not working.
I've tried to deleting and creating forwarding rules via GCP Shell using gcloud compute forwarding-rules delete ... and gcloud compute forwarding-rules create ... to no avail.
With and without restarts after executing each of these commands or ageter both in a row.
Thank you for any help.
The problem was resolved with GCP support.
There's a service GCEAgent (Google Compute Engine Agent).
It was stopped despite its startup type is automatic.
Starting the service brought all forwarded IP addresses back to IIS site binding window.
Related
I'm using spark on Google Cloud Platform instance(hana express).
I installed spark and run spark shell, then shell is well running but I can't access spark web UI.
I added fire wall rules to instance but still doesn't work.
I added screen shot.
Thank you.
Have a look at the console messages:
...
Spark context Web UI available at http://sap-hanaexpress-serverinclapps-1-vm.c.hana.271411.internal:4040
...
You're not able to reach Web UI running at http://sap-hanaexpress-serverinclapps-1-vm.c.hana.271411.internal:4040 from your remote PC. As it was mentioned by #Lamanus this record is for internal usage only. Have a look at the documentation Internal DNS:
Virtual Private Cloud networks on Google Cloud have an internal DNS
service that lets instances in the same network access each other by
using internal DNS names. Internal A records for virtual machine (VM)
instances are created in a DNS zone for .internal. PTR records for VM
instances are created in corresponding reverse zones. As you manage
your instances, Google Cloud automatically creates, updates, and
removes these DNS records.
and
The internal DNS name of a VM instance only resolves to its primary
internal IP address. Internal DNS names cannot be used to connect to
the external IP addresses of an instance.
To solve this issue follow steps below:
add the SPARK_LOCAL_IP="<IP address>" to your configuration file as it suggested in console messages where IP address is local IP of your VM
set network tag to your VM
create firewall rule to enable incoming connections to your VM at port 4040
check your firewall by running nmap -Pn EXTENAL_IP_OF_YOUR_VM from your pc
check Web UI via browser http://EXTENAL_IP_OF_YOUR_VM:4040
I used to had a dedicated server but now I am migrating everything to a google Cloud Platform. In Computer Engine I have created a VM windows server. I am trying to add my first website, but when I try to bind my external IP address, this is not listed for IIS website bindings. In this case, I don't know how can I link the external IP to my website. I want to add multiple websites to that server. The only option that I have is bind to an internal IP address.
I appreciate your help.
Thanks. Now I know that you can add several network interfaces (one per core) but only in the first step of the VM creation and you can bind External to an internal IP. In the machine, there is not possible to see external IP.
So I deployed a new website in IIS 10 with port number 8888 (the Default Web Site uses port 80).
I can successfully browse the website locally on the server. However, I can't visit it from another PC using Internet. The browser complains 'Hmmm.. can't reach this page'.
The firewall on server has been manually shut down.
I also checked that port 8888 is listening on my server.
Did I miss any steps here?
All right, I got it work... Turns out the cloud service that I use shut down accesses to almost all ports except port 80 by default... After I open port 8888 on the cloud settings, everything works.
Actually #NJUHOBBY is right, I use Google Cloud and I had to go over
Google Cloud Console -> VPC Networks -> Firewall Rules -> Create Firewall Rule
...to create a new rule. Please be aware that Firewall Rules are applied to VM through TAGS, so if you choose to use https-server tag this rule will apply to all your VM's (this is tag is assigned to all server instances by default). In my case I set a custom tag and then I added this tag to my VM like this:
Compute Engines-> VM Instances.
Then I clicked my server's vm name and clicked Edit then I added the custom tag in the appropriate field. After saving VM's properties, the port was successfully opened.
For a pet project I'm attempting to spin up a VM on Azure that can run as my webserver, providing an Umbraco powered site, as well as some other web applications (such as a forum + planner) that require PHP. Now I've followed the steps of every guide out there, but I cannot get an external connection through to the VM's IIS and I can't find out why.
I'm hoping someone else has been through the pain that I'm currently experiencing and might point me in the direction of whatever setting I'm missing.
Spun up the VM with Server 2012 R2.
Configured it to run IIS.
Installed Umbraco, disabling the default web site and setting the Umbraco site as my default on port 80.
Checked that http://localhost maps to Umbraco - this works.
So after I had it running internally, I started tackling the external connection setup.
Navigated to the Network Security group, and added the inbound Http rule on Port 80.
Disabled Windows Firewall entirely for the sake of testing.
Added a custom dns name to the front of the xxx.[azurecloudappurl].com
Now my requests resolve but then timeout and I can't see why or where? Has anyone else experienced this? Every guide states that it should be as easy as this.
As you can visit localhost on your VM env, so it seems there is no problem with your env on VM.
Have you added the endpoint with 80 port of your VM server on Azure manage portal? As by default, the endpoint with 80 port is not opened.
You can refer to How to set up endpoints on a classic Azure virtual machine for how to add an endpoint on Azure VM.
In addition to #Gary Liu's answer if you are doing it on Azure Portal(and not on classic one).
For any new VM added through Azure exists a Network Security Group (NSG). Ports need to be opened in order to make them accessible from outside the VM. Specifically to allow your VM to serve requests coming to port 80 you need to enable HTTP port in Network Security Group. Here are the steps:
Search for VM Name on Azure portal.
Select the VM by Clicking on VM Name.
Click on Network Interfaces from left menu and select(double click) the listed one. This will show overview of Network Interface.
Now click on Network Security Group.
Click on Inbound Rules.
Add new rule selecting service as HTTP(TCP/80).
Voila done!
And here is the answer to manage an inbound rule
I've just set up a windows azure VM and installed IIS on it.
When I remote desktop onto the box I can see the default IIS website fine but I can't get this to serve on the web from the IP address of the box.
I've opened up port 80 on windows firewall and also added an endpoint for port 80.
I've tried to access it with the firewall completely turned off also but to no avail...
I cant work out if there is anything else I need to do to get this working?
Add endpoints for port 80 (http) and port 443 (https) to the VM in the Azure portal (tip: this can be automated with powershell or the Azure cli).
Remote desktop to the machine. Open the Windows firewall control panel and allow traffic to port 80 (http) and port 443 (https) or just turn it off ... the firewall is ON by default (tip: can also be scripted through the VM agent / powershell).
Go to the Azure portal and find the cloudapp.net subdomain for your VM (actually the cloud service) your VM is running under. Try accessing the site with that domain. If that doesn't work, try browsing to http://localhost on the server (remote desktop) to make sure IIS works and troubleshoot from there.
Modify the DNS records of your custom domain to use a CNAME to the .cloudapp.net domain. If you need A records make sure to use the public IP of the cloud service (just ping the .cloudapp.net domain to find it or look in the Azure portal).
You might want to look into Azure Websites or Azure Cloud Services (web roles). Those are a lot easier to manage and a lot cheaper. They still offer most of the functionality.
What fixed the issue for me was to go into the Azure Portal, browse to 'Network Security Groups', select the VM and then create an inbound rule to allow traffic to port 80.
Note: Also ensure that the inbound rule to port 80 is added and enabled on the actual VM.
Well, I deleted the existing VM and Cloud service and started again - all worked fine out of the box this time.
How annoying! The only thing I did notice was that before my cloud service had the same name as my VM - this time they had different names so that might have been what was causing the issue.
Cheers
For the newer VMs and pre-configured setups (2015+), it's possible your setup is using an azure asset called "Public IP". If so, you can set a custom DNS name label in it, inside "Configuration". Note that this name will consider any type of region used when creating the VM (e.g. my-site.brazilsouth.cloudapp.azure.com).
It's good to remember that for testing purposes, it still suffices to use the value of the public IP that is randomly designated to you.
The VMs are actually accessed via a Cloud Service (well they are for me). Azure created a Cloud Service automatically to be the scaling engine/load balancer on the front of the VM. I have to connect to the web site via that cloud service, not the VM directly.
Its possible you were using the internal IP rather than the external IP.
The sites have to use the internal IP address in the bindings section of IIS. However, in your dns you will need to use the external IP. This is presumably since the 'internal IP' is just a virtual one that Azure uses to map traffic from the external network to the VM's inside azure.
You should find both the internal and external IP's are visible on the VM's desktop.
Switch off TLS 1.3 in the Registry Editor.
This is what worked for me as of writing this in Mar 2021.