Following on from the latest Azure maintenance, we cannot remote desktop to one of our VMs and fix potential issue on the IIS server of this machine. Everything was working fine for over 1 year.
The Agent status is now set to "Not Ready" when looking at the properties of the VM in the Azure portal.
We obviously tried to restart the machine but no effect. We cannot redeploy the machine to another node as the VM agent seems to be down.
The outbound NSG rules do not block outbound connection to internet (so that the machine should be able to write to its azure storage).
This user seems to have a similar issue on a VM scale set: Azure VM scale sets not accessible and cannot restart
Any idea on how to resolve this issue ?
Related
I have created a DMZ subnet on Azure and have everything (inbound/outbound) locked down using NSGs. Currently I have a linux VM running and my azure backup is failing for the VM. I went and added Azure Backup service tag for both inbound and outbound rules but the backup are still failing.
Any thoughts on any specific ports or other servers I need to open up on the NSG?
I appreciate any help I can get.
Thanks everyone!
Microsoft Azure Backup makes use of port 443 (Https). Azure Backup service tag can also be used when backing up locked down VMs using MARS agent however the MARS agent can only be installed on Windows machines. So, backing up Linux Azure VMs with MARS agent is not supported as of now.
i have several Linux Vms in MS Azure within the same security group and i can access all of them over SSH expect one. Here i need to restart the VM 5 to 10 times before i also can access it via SSH.
anyone has an idea whats wrong with this VM?
If the problem seems specific to this VM alone, you might want to check the VM's Resource Health first. Ensure that the VM reports as being healthy. If you have boot diagnostics enabled, verify the VM is not reporting boot errors in the logs.
If that looks clean, you might consider redeploying the VM. This redeploys a VM to another node within Azure, which may correct any underlying networking issues.
Do note that post this operation completes, ephemeral disk data is lost and dynamic IP addresses that are associated with the virtual machine are updated.
Additional troubleshooting guidance can be found here.
In azure, i created 3 Windows server VM i.e. one for Azure Backup Server (let say BackupServer), one for Active Directory on VM (let say ADServer), and last SQL Server on Windows Server(let say SQLServer) . All three are on same Domain. Now while adding SQLServer to Protection Group in Azure Backup Server Configuration, then it is giving me error as attached in the screenshot.
Tried many links available on the internet but no luck.
Any suggestions?
But is it ok to disable firewalls for security concern?
You are right, disable firewall just for test, we should follow this official article to config firewall settings for DPM.
By the way, Azure VM have NSG to block outside network traffic.
While performing ASR migration from VMWare Vsphere VMs to azure portal, I have reached till creating a protection group step in azure portal.
The configuration server, master target, process server and Vcenter Host server are all up and running in azure and are shown as "Healthy" and in sync.
But while adding the on premise VMWare Virtual Machines to the protection group, its showing their IP addresses as invalid. Also mobility service is installed on the VMs (manually), still it is showing in the portal as not installed.
My Network reference:
Azure IP Range: 10.99.18.0/24
On-Prem VMware VM's: 10.209.113.0/24
Connection from On-Prem to Azure is VPN/express route.
both end-to-end are able to connect each other.
The IPs of the VMs are now public and outside any firewall.
Error Screenshot from Azure ASR:
Install the VMWare tools by downloading them local on the vm or network drive. Once installed it will ask for restart. Wait for replication to take effect for about 15 min minimum with enhanced version. Now you should not see any error.
Regards
Ravichander Pinnaca
Q: Has anyone managed to get MSDTC transactions working between a local machine and a database that resides on an Azure Virtual Machine?
I read this: which suggests MSDTC is not supported on 'SQL Azure' - but is SQL Azure the 'SQL Databases' option, not the 'Virtual Machines' option which may happen to have a SQL database on there? It is unclear: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/894b6087-35ab-4f4f-aa19-f81ee56dc6bf/msdtc-with-the-new-virtual-machines?forum=WAVirtualMachinesforWindows
I found the following article: http://sanganakauthority.blogspot.co.uk/2014/02/definitive-steps-to-configure-msdtc-on.html - but this is related to Azure VMs on the same virtual network.
There are enough articles out there which give me hope that IT IS possible, as they seem to imply it. E.g. http://thoughtsofmarcus.blogspot.co.uk/2013/03/msdtc-error-after-cloning-virtual.html, http://www.jamescrowley.co.uk/2012/06/23/msdtc-gotchas-with-virtual-machines/
I have tried the following, from reviewing numerous articles:
Checked MSDTC service is Started, and set to Automatic.
Checked Local DTC settings in Component Services on both machines: http://technet.microsoft.com/en-us/library/cc731495.aspx
Restricted the port range 5000-5050 for MSDTC in Component Services: http://support.microsoft.com/kb/300083.
Set/verified the registry entries for the above as described in this article: http://support.microsoft.com/kb/306843
Added inbound and outbound rules for port 135 and a range of 5000-5050 on the firewall on both machines (and tried disabling the firewall completely)
Uninstalled/reinstalled MSDTC on the Azure VM, checking the CID is unique: http://msdn.microsoft.com/en-us/library/aa561924.aspx
Added endpoints to the Azure VM in the management portal, 135 and 5000-5050, using this helpful article: http://fabriccontroller.net/blog/posts/adding-multiple-endpoints-to-your-windows-azure-virtual-machines-by-using-a-csv-file/
Added host names to the hosts file (even though ping doesn't work on Azure anyway). http://blogs.msdn.com/b/distributedservices/archive/2008/11/12/troubleshooting-msdtc-issues-with-the-dtcping-tool.aspx
Tried to add ICMP to the firewall to let me ping the Azure VM but this didn't work, didn't expect it to though... (http://feedback.windowsazure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet/suggestions/3346609-icmp-support-for-azure-websites-roles-cloud-serv).
Ran dtctester.exe, output was an error: Error: SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state.
Attempted to run dtcping.exe, received the message RPC pinging exception -->1753(There are no more endpoints available from the endpoint mapper.) - the ports and the firewall settings should be fine.
Set/verified the TurnOffRpcSecurity registry entry (clutching at straws now): http://support.microsoft.com/kb/839187
Any ideas?
SOLUTION
Initial solution was to set up a Cloud Service with the Web Site on it connecting to the database on a separate Virtual Machine, both residing on the same Azure Virtual Network. You have to add the Virtual Network first before you create the Virtual Machines.
Then I was getting annoyed by the Cloud Service resetting itself, I had originally published it from Visual Studio but wanted to tweak it and those tweaks were being undone. So then I switched it to a Virtual Machine (so 2 VMs in total).
Then I was breaking my subscription credit limit, so I ended up with 2 Virtual Machines, one with Web Site, one with Database, both on separate Azure subscriptions on separate Virtual Networks, but with a Virtual Gateway between them. This is a bit convoluted but works perfectly, this guide is brilliant for that: http://blogs.technet.com/b/aviraj/archive/2014/05/16/microsoft-azure-configure-cross-subscription-vnet-to-vnet-connectivity-in-azure.aspx