In azure, i created 3 Windows server VM i.e. one for Azure Backup Server (let say BackupServer), one for Active Directory on VM (let say ADServer), and last SQL Server on Windows Server(let say SQLServer) . All three are on same Domain. Now while adding SQLServer to Protection Group in Azure Backup Server Configuration, then it is giving me error as attached in the screenshot.
Tried many links available on the internet but no luck.
Any suggestions?
But is it ok to disable firewalls for security concern?
You are right, disable firewall just for test, we should follow this official article to config firewall settings for DPM.
By the way, Azure VM have NSG to block outside network traffic.
Related
I have created a DMZ subnet on Azure and have everything (inbound/outbound) locked down using NSGs. Currently I have a linux VM running and my azure backup is failing for the VM. I went and added Azure Backup service tag for both inbound and outbound rules but the backup are still failing.
Any thoughts on any specific ports or other servers I need to open up on the NSG?
I appreciate any help I can get.
Thanks everyone!
Microsoft Azure Backup makes use of port 443 (Https). Azure Backup service tag can also be used when backing up locked down VMs using MARS agent however the MARS agent can only be installed on Windows machines. So, backing up Linux Azure VMs with MARS agent is not supported as of now.
Following on from the latest Azure maintenance, we cannot remote desktop to one of our VMs and fix potential issue on the IIS server of this machine. Everything was working fine for over 1 year.
The Agent status is now set to "Not Ready" when looking at the properties of the VM in the Azure portal.
We obviously tried to restart the machine but no effect. We cannot redeploy the machine to another node as the VM agent seems to be down.
The outbound NSG rules do not block outbound connection to internet (so that the machine should be able to write to its azure storage).
This user seems to have a similar issue on a VM scale set: Azure VM scale sets not accessible and cannot restart
Any idea on how to resolve this issue ?
I need to understand whether is it possible to add AWS Virtual machine to custom domain controller of Azure.
I have created Active Directory Domain controller in one of the Virtual machine of Azure. Now I have created few virtual machines on AWS (Amazon Web Services). I want to add these machines into Azure custom Domain controller.
Is it possible and if yes, then can someone please guide me on how to do that?
I don't think it is possible with AWS now, but you could try and create a Site-to-Site VPN and test, most likely will not work, but who knows, you might try to replicate your Azure VM DNS network configuration on your AWS VM and see if it helps.
Here's the networking guide for Azure AD Services.
I have tested joining Linux VMs across a Site to Site VPN and they work OK (it was to Azure Active Directory Domain Services, machines could join and users log on).
As the above answer notes however DNS is the killer here. With the Linux boxes I was able to use local config files to save needing to replicate the DNS zone, for Windows boxes you could try hacking the hosts file with some #pre #dom entries but in reality I think you would need a zone replica in your AWS DNS servers for it to work reliably.
For a pet project I'm attempting to spin up a VM on Azure that can run as my webserver, providing an Umbraco powered site, as well as some other web applications (such as a forum + planner) that require PHP. Now I've followed the steps of every guide out there, but I cannot get an external connection through to the VM's IIS and I can't find out why.
I'm hoping someone else has been through the pain that I'm currently experiencing and might point me in the direction of whatever setting I'm missing.
Spun up the VM with Server 2012 R2.
Configured it to run IIS.
Installed Umbraco, disabling the default web site and setting the Umbraco site as my default on port 80.
Checked that http://localhost maps to Umbraco - this works.
So after I had it running internally, I started tackling the external connection setup.
Navigated to the Network Security group, and added the inbound Http rule on Port 80.
Disabled Windows Firewall entirely for the sake of testing.
Added a custom dns name to the front of the xxx.[azurecloudappurl].com
Now my requests resolve but then timeout and I can't see why or where? Has anyone else experienced this? Every guide states that it should be as easy as this.
As you can visit localhost on your VM env, so it seems there is no problem with your env on VM.
Have you added the endpoint with 80 port of your VM server on Azure manage portal? As by default, the endpoint with 80 port is not opened.
You can refer to How to set up endpoints on a classic Azure virtual machine for how to add an endpoint on Azure VM.
In addition to #Gary Liu's answer if you are doing it on Azure Portal(and not on classic one).
For any new VM added through Azure exists a Network Security Group (NSG). Ports need to be opened in order to make them accessible from outside the VM. Specifically to allow your VM to serve requests coming to port 80 you need to enable HTTP port in Network Security Group. Here are the steps:
Search for VM Name on Azure portal.
Select the VM by Clicking on VM Name.
Click on Network Interfaces from left menu and select(double click) the listed one. This will show overview of Network Interface.
Now click on Network Security Group.
Click on Inbound Rules.
Add new rule selecting service as HTTP(TCP/80).
Voila done!
And here is the answer to manage an inbound rule
Q: Has anyone managed to get MSDTC transactions working between a local machine and a database that resides on an Azure Virtual Machine?
I read this: which suggests MSDTC is not supported on 'SQL Azure' - but is SQL Azure the 'SQL Databases' option, not the 'Virtual Machines' option which may happen to have a SQL database on there? It is unclear: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/894b6087-35ab-4f4f-aa19-f81ee56dc6bf/msdtc-with-the-new-virtual-machines?forum=WAVirtualMachinesforWindows
I found the following article: http://sanganakauthority.blogspot.co.uk/2014/02/definitive-steps-to-configure-msdtc-on.html - but this is related to Azure VMs on the same virtual network.
There are enough articles out there which give me hope that IT IS possible, as they seem to imply it. E.g. http://thoughtsofmarcus.blogspot.co.uk/2013/03/msdtc-error-after-cloning-virtual.html, http://www.jamescrowley.co.uk/2012/06/23/msdtc-gotchas-with-virtual-machines/
I have tried the following, from reviewing numerous articles:
Checked MSDTC service is Started, and set to Automatic.
Checked Local DTC settings in Component Services on both machines: http://technet.microsoft.com/en-us/library/cc731495.aspx
Restricted the port range 5000-5050 for MSDTC in Component Services: http://support.microsoft.com/kb/300083.
Set/verified the registry entries for the above as described in this article: http://support.microsoft.com/kb/306843
Added inbound and outbound rules for port 135 and a range of 5000-5050 on the firewall on both machines (and tried disabling the firewall completely)
Uninstalled/reinstalled MSDTC on the Azure VM, checking the CID is unique: http://msdn.microsoft.com/en-us/library/aa561924.aspx
Added endpoints to the Azure VM in the management portal, 135 and 5000-5050, using this helpful article: http://fabriccontroller.net/blog/posts/adding-multiple-endpoints-to-your-windows-azure-virtual-machines-by-using-a-csv-file/
Added host names to the hosts file (even though ping doesn't work on Azure anyway). http://blogs.msdn.com/b/distributedservices/archive/2008/11/12/troubleshooting-msdtc-issues-with-the-dtcping-tool.aspx
Tried to add ICMP to the firewall to let me ping the Azure VM but this didn't work, didn't expect it to though... (http://feedback.windowsazure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet/suggestions/3346609-icmp-support-for-azure-websites-roles-cloud-serv).
Ran dtctester.exe, output was an error: Error: SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state.
Attempted to run dtcping.exe, received the message RPC pinging exception -->1753(There are no more endpoints available from the endpoint mapper.) - the ports and the firewall settings should be fine.
Set/verified the TurnOffRpcSecurity registry entry (clutching at straws now): http://support.microsoft.com/kb/839187
Any ideas?
SOLUTION
Initial solution was to set up a Cloud Service with the Web Site on it connecting to the database on a separate Virtual Machine, both residing on the same Azure Virtual Network. You have to add the Virtual Network first before you create the Virtual Machines.
Then I was getting annoyed by the Cloud Service resetting itself, I had originally published it from Visual Studio but wanted to tweak it and those tweaks were being undone. So then I switched it to a Virtual Machine (so 2 VMs in total).
Then I was breaking my subscription credit limit, so I ended up with 2 Virtual Machines, one with Web Site, one with Database, both on separate Azure subscriptions on separate Virtual Networks, but with a Virtual Gateway between them. This is a bit convoluted but works perfectly, this guide is brilliant for that: http://blogs.technet.com/b/aviraj/archive/2014/05/16/microsoft-azure-configure-cross-subscription-vnet-to-vnet-connectivity-in-azure.aspx