I am testing my own TCP client/server software, trying to use an Azure VM for testing. I have done this successfully on a Azure VM that I set up over a year ago. Now I have created a new VM that I need to test with. My service is installed on the VM and is monitoring port 18971. In the Azure portal, I have created an "endpoint" for TCP for that port. The machine is running Windows 2012. I have configured Windows Firewall with inbound and outbound rules to allow all TCP traffic to/from that port. I have also tried turning the firewall off. Still, my client software does not work, I receive error 10060 on the Winsock API "connect". I tried both the domain name and the IP address.
Any ideas of what else I have to do to allow TCP traffic? I am pretty sure this is an Azure configuration problem - I have successfully tested the software on direct connected machines as well as the old Azure VM I mentioned (I see no difference between it and the one I am trying now).
I guess you use the new type of VM with a resource manager on the old portal which you have "endpoint" for TCP for that port. You have to open some ports (endpoints) on new VM via the new portal. Refer to this.
For the new type of VM with a resource manager, you have to allow the port 18971 in the inbound port rules of NSG associated with your Azure VM or subnet.
Navigate to your virtual machine settings, and find Networking---Add inbound port rule.
Related
I have created a Windows WCF Service and I want to host it inside Azure VM.
The service is locally running fine inside the VM, but when attempting to access the service outside of the VM, I cannot connect to the service at the specified port.
While requesting the service, I'm getting the following error:
SocketException (0x274d): No connection could be made because the target machine actively refused it...
Also, while pinging the VM through the command prompt with public ip, I'm getting Request timed out.
I have enabled the port for TCP in Azure inbound rules as well as in VM firewall inbound rules. The VM is Windows Server.
How can I access the service running in the VM from another system?
Any help is appreciated.
check application is running on the port you exposed
check windows level firewall allows traffic on that port from your destination
check NIC level NSG allows traffic on that port from your destination
check subnet level NSG allows traffic on that port from your destination
you might also have Azure Firewall\UDR\NVA in the networking setup, check those as well (this is highly unlikely if you are not running an enterprise grade setup).
I have created inbound and outbound rule on the virtual machine to allow any connection to port 5100 over tcp.
I have created an endpoint in the new Azure portal for TCP and public/private port 5100, but for some reason I can't comprehend I still can't connect.
I tried to turn off the firewall on the virtual machine, but still I can't connect to the virtual machine.
I have previously done this for port 80 with no problems. Does anyone know if Microsoft have changed anything that affects the classic vm's and endpoint configuration?
We can add endpoints via New Azure portal in this way:
We should make sure the update endpoint completed.
Hope this helps:)
I have an azure pc in Windows server 2008 r2. The fire wall is off. I have defined html, opened port 80 and evneport8080. I have defined a end point too
but when I do psping ipaddress:80 the remote computer refused the network connection. But if I try to psping ipaddress:3389 it seems to work, but not any new port I have created.
What is this msg, and will it impact my connectivity?
You will need to add an NSG rule to allow TCP traffic on port 80.
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal
By default, an NSG rule is added to allow only port 3389.
According to your description, we should check your web service is running or not, we can use netstat -ant to check it.
Update:
Does your VM create in Azure classic module?
if yes, we should add endpoints to your Azure VM via azure portal, like this:
More information about add endpoints, please refer to this link.
Also we can add endpoints in Azure classic portal:
I'm using Windows Azure virtual machines. What I did was I have added some new TCP port to inbound and outbound rules in the firewall. After that I can't get the Remote Desktop connection from my PC. But I got Remote Desktop connection from another virtual machine by using the local IP address.
My DNS is :xxxx.cloudapp.net:3389.
This is the issue I'm facing. What I actually want is to give provision to new ports inbound and outbound rules in windows Azure virtual machines. Any help would be grateful.
Not exactly a programming question but anyway:
Nmap scan report for mjsindia.cloudapp.net (13.66.56.229)
PORT STATE SERVICE
3389/tcp filtered ms-wbt-server
Make sure you have 3389/TCP open inbound on both the Network Security Group or ACL in the Azure Portal and Windows Firewall (on the VM, for all Firewall profiles - Private/Public/Domain).
I want to open a port on Azure. I am logged onto Azure VM. After that how to do I open the port?
I tried opening the firewall port but that did not help. I also tried to do it thru azure-cli but it needs web login.
Can I not open a port while logged in onto that Azure VM?
For VMs in azure service management mode:
To open a particular port, say 8080 in your VM, you have to add an endpoint in azure portal, powershell or using xplat-cli. Once this is done, you have created a connectivity between external loadbalancer (I mean VIP of the VM) to the actual VM (with Internal IP address). If the VM is Linux, by default you can start using endpoint (VIP and port) it unless you restrict ports specifically.
For windows VM, for non standard ports, you have to add windows firewall inbound allow rules (say for 8080) inside your VM so that it can accept traffic forwarded from VIP
For VMs in azure resource management:
You have to first create a loadbalancer with VIP, then add NAT rules to forward traffic from VIP to VM. (use load balancing rules if same VIP port forwards traffic to multiple backend VMs)
For windows VM, again windows firewall inbound rules needs to be added
Securing ports:
The above scenario will work by default, but if you want to secure your ports, you have to follow either one of the below, not both.
Use Access control List (ACL): This works at VIP endpoint level. If we want to restrict VIP port 8080 to only few Ip and deny other IP, we can use ACL to add those IPs. This can be done in portal endpoint section/powershell/Xplat-cli
Use Network Security Group (NSG): This works at pheriphery of VM level. We have greater control here to restrict multiple VM ports, port range, etc., but we have to manage those rules. The ports needs to be secured in NSG is the VM internal port whereas in ACL it is the VIP port.
Hope this clarifies
You also need to open the port in the Endpoint settings within the Azure Portal.
Go to Azure Portal -> Your VM -> Settings -> Endpoints and add your Port.
To open a port, you have to it from the azure portal and not in the VM. You can use the NSG (Network Security Group) attached to vm and add a rule in the "Inbound security rules"