I created a VPN gateway on azure and I was able to connect to it using windows 10. However it does not work on windows server 2012. I got this error.
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. (Error 812)
In azure the authenticate type is Azure certificate.
I have tried some solutions online, like running some commands and applying some windows updates, but nothing worked.
Like the comment mentioned, Azure VPN Gateway supports only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2. and more details: Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
Also, Windows OS versions prior to Windows 10 are not supported with IKEv2 VPN and can only use SSTP or OpenVPN® Protocol. See details here.
Check the above all. If you still have any question, you can contact the MS Azure support check if there is any update on the Azure side.
I decided to use openvpn as a tunel type and it worked.
Thanks for your help.
If someone comes across the same error ("The connection was prevented because of a policy configured on your RAS/VPN server.."), here's what helped in my case:
In the Windows search for "ncpa.cpl" or just go to Network Connections
Right click on your VPN connection and open properties
In the Security tab, tick checkboxes next to the "Challenge Handshake.." and/or "Microsoft CHAP.."
Related
After I received a windows update on my PC I cannot connect to my azure vm via RDP. How can I connect to Azure in order to install the update?
This is a known issue.
Root Cause Analysis
To resolve a vulnerability issue with Credential Security Support
Provider protocol (CredSSP), a monthly Windows update in May was
applied which does two things:
Correct how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process
Change the group policy Encryption Oracle Remediation default setting from Vulnerable to Mitigated.
Here is a blog written by Micah to give a solutions by editing Local Group Policy.
Hope this helps!
I am trying to connect to my Sql server 2012 which is setup on Azure VM. I am trying to connect it from my local Sql server 2012. I have tried all these steps
http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-provision-sql-server/
But still not able to connect. I getting this error
Can Some please help me to solve this problem?
Since you're connecting to cloudnet.app domain address I assume you don't use VPN. This means:
- SQL Server authentication should be set to mixed mode
- SQL login should be created or enabled
- In case enabling SA login make sure you set the password
For connectivity part I agree with Jason's suggestions, but I would not disable firewall, since with endpoints facing public internet it is your last line of defense on the VM. Just make sure you have allow rule for the SQL Server port (most likely 1433).
Confirm the following:
You have configured the cloud service port 57500 (from the screenshot) to forward to the port that SQL is configured on, typically 1433.
Turn off the firewall within the VM. Once you get a working connection, I would reconfigure the firewall to only open the port(s) you need for security. The instructions you provided show how to open a specific port, but you should first disable the firewall to rule out a misconfiguration there.
Remote into the VM and ensure that you're able to use the management tools on that machine to make a local connection. This will help rule firewalls and the load balancer for the cloud service.
I can't seem to be able to deploy a site to a windows server 2012 r2 running IIS and Web Deploy in Azure VM. I have verified that the port is open, the credentials are correct and the site name as well. I tried using http: and https: also tried using msdeploy.axd end point and the MSDEPLOYAGENTSERVICE one nothing. Check is the services are running and if I can connect to the machine which at can on port 80 to the default site. Tried connecting from multiple connections I get the same result...
Could not connect to the remote computer ("<computer name>.cloudapp.net"). On the remote computer make sure that Web Deploy is installed and that the required process ("Web Deployment Agent Service") is started. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DESTINATION_NOT_REACHABLE. Unable to connect to the remote server.
After dealing with this for about an hour now, I figured out how to fix this on my Azure Virtual Machine.
First the obvious
Check that port 8172 (if you're using default settings) is open in your firewall
Check that the processes MsDepSvc and WMSVC are running.
Check that the site name is correct.
Management Service
In ISS, at the root level of the server, check your settings under Management Service.
It should have Enable Remote Connections checked:
Did you download the full package
This was the one that got me, I hadn't installed everything.
On the bottom of the WebDeploy page: http://www.iis.net/downloads/microsoft/web-deploy
You can download the full package, and then just install everything.
You don't mention if you have an endpoint configured for your Azure VM. If not, make sure you create an endpoint with a private port of 8172.
EDIT: Here is a troubleshooting guide for web deploy that includes the error message you've encountered. Additionally, from my own experience I have managed to mistype the site name and not install .NET and seeing similar errors.
Helpful but in the end in our case it was TLS mismatch. Check both machines can do TLS 1.2 if you are forcing it. Have put more detail here https://fuseit.zendesk.com/hc/en-us/articles/360000328595. Cheers
We have a AZURE Connect to an outside Company. (This works fine for a while.)
On the Azure Diagnostics the only on yellow point is:
“An IPsec certificate is invalid at the moment, Connect will try to update the certificate, please ensure that the machine is connected to the internet.”
The connection is disconnected in case on wrong certificates,
The Server have full Internet access. How I can update the Certificate manually?
You need to update the Connect endpoint software to the latest version: Upgrade to the latest Connect endpoint software now
On 10/28/2012, the current CA certificate used by Windows Azure
Connect endpoint software will expire. To continue to use Windows
Azure Connect after this date, Connect endpoint software on your
Windows Azure roles and on-premises machines must be upgraded to the
latest version.
Just installed azure connect on my localhost, but it won't connect. I see my machine dbates-HP as a active endpoint in my vistual network/connect section on my azure portal and organized it into a group.
I can see in the azure connect portal that the machine endpoint is active, and that it refreshes since the last connected updates.
My local connect client lists the following diagnostics messages:
Policy Check: There is no connectivity policy on this machine.
IPsec certificate check: No IPsec certificate was found.
Also tried with firewall turned off.
Duncan
In some scenarios getting Windows Azure connect to working becomes very complex. I have worked on multiple such scenarios and found most common issues are related with network settings. To start investigate you need to collect the Azure Connect logs first from your machine and try to figure the problem out by yourself. I have described some info about collecting log here:
http://blogs.msdn.com/b/avkashchauhan/archive/2011/05/17/collecting-diagnostics-information-for-windows-azure-connect-related-issues.aspx
To open a free Windows Azure support incident please use link below:
https://support.microsoft.com/oas/default.aspx?gprid=14928&st=1&wfxredirect=1&sd=gn
Have you "linked" your Azure role with the machine group you created? The message "There is no connectivity policy on this machine" suggests that you haven't defined (in portal) to whom this machine should connect to.