Azure Virtual Machine not accessible after RDP port changed - azure

I've changed RDP port to 8080 in registry on my Azure Virtual Machine (Windows Server). Now it is not accessible from outside, I cant connect it.
Azure VM is managed by Resource Manager (not Classic VM).
UPDATE:
Turning secuiruty rules so allow all not helped.

I've changed RDP port to 8080 in registry on my Azure Virtual Machine
(Windows Server)
We can use CustomScriptextension to check if RDP listening on port 8080.
netstat -ant | findstr "8080"
If your port not listening on Port 8080, we may need to restart RDP service.
If RDP listening on port 8080, we can use CustomScriptextension to disable windows firewall.
netsh advfirewall set allprofiles state off
About Extension, we create a ps1 file with the command, and upload it via Azure portal.

Azure has to know to allow traffic through to your VM. By default, on a Windows VM, only RDP is open. But you (for some reason) changed the RDP port in Windows Server. You need to do this with the network interface as well, via the VM settings (which has nothing to do with Windows itself):
Via Settings, go to Network Interfaces
Select your network interface and go to Network Security Group
From network security group, add an inbound rule for port 8080 (or modify the existing RDP rule to be port 8080).

It used to be possible to change your RDP port in Classic portal using endpoints. but in RM portal you cannot change your RDP port.
If you are trying to secure your box or by pass the security firewall to connect to your box, I recommend using Azure Load Balancer NAT rules, you can create a NAT rule to translate a custom port to 3389, and then you can only allow connectivity from LB to your VM, this a trick I use when I want to by pass the corporate's firewall, for example port 443.
Make sure you attach the LB to your VM from the NAT rule section

To access any port from public ip client -
Enable port in Azure firewall (if installed)
Enable Port in Network Security Group (add inbound rule) rule like 8080 -> 8080 or rule like 80 -> 8080
Enable Port in Windows Firewall of VM (on azure) -- most important if port is other than 80 and 443. - e.g. 8080, 8090 etc..

Related

Web server on Azure VM

I've installed a Windows 2012 R2 VM (free tier) and enabled all ports for external communication (including port 80).
I logged in to my VM and installed nginx webserver (I've also tried to python development server).
I can access the website internally on the VM (using 127.0.0.1 or the internal address of the server 10.1....) but when trying to access it from outside, using the external IP address (which is also the IP address I used in order to login to my server using RDP) I get no response.
Can you please help me understand what I'm doing wrong?
Thanks!
As #evilSnobu points out from his comments, the short answer is to allow the TCP port 80 in the windows firewall on windows VM itself.
Usually, we could login to that Windows VM and run the CMD command netsh advfirewall set allprofiles state off to disable the windows firewall temporarily. Then we can use telnet tool to check if TCP 80 port can be connected.
When we face the same issue no response outside of Azure VM. we can try one or more of the followings:
There is an NSG at the subnet level or NIC level as well which is not allowing data through.
There is a firewall on the VM itself (windows firewall etc.)
There is nothing listening on that port. It should be listening on 0.0.0.0 instead of 127.0.0.1 when you use netstat -ano in the windows CMD.
The service is not staring when you verify the port listening.
Outbound traffic with a specific port is denied from your local machines.
Hope this helps.

Can't open Azure VM Port

I'm trying to open port 8080 on an Azure VM so that I can access SSAS through Power BI from my local computer. I have added an inbound rule to the network security group on azure portal as per https://learn.microsoft.com/en-us/azure/virtual-machines/windows/nsg-quickstart-portal and I've also added an inbound rule on the firewall of the VM itself.
However, when I go to canyouseeme.org it can't see port 8080.
Any ideas what I'm doing wrong?
You also have to make sure that the firewall running on the virtual machine itself is disabled, or allows the specific ports you are interested in.
See here:
https://wiki.u-gov.it/confluence/display/SCAIUS/How+to+disable+firewall+inside+a+linux+virtual+machine
According to your description, I suggest you could check as the following steps:
1.Check Azure VM NSG, port 8080 should be open.
Note: The link you provided is open port on Vnet subnet, You also need open port on VM's nic.
2.Open port on your VM's Windows Firewall.
3.Port 8080 should be listening on your VM. You could use netstat -ant|findstr 8080 to check it. If it is not listening, maybe you need check your configuration. This link maybe helpful.
Note: The port should listen on 0.0.0.0. If it is listening on 127.0.0.1, it only could access inside VM.
1)Go to VM & open desired port in local firewall setting
Control Panel\System and Security\Windows Defender Firewall
click link -Advanced settings->Inbound rules ->New Rules
select Port option and add your desired port
2)Also On azure, In VM networking, whitelist the port
3 ) netstat -ant|findstr
Above steps worked for me.
The solution was to redeploy the VM after opening the ports on the Azure portal.

Cannot access Neo4j browser on a Windows Server

I have a Windows Server 2012 virtual machine provisioned on Azure. I installed Neo4j server on this virtual machine and I'm accessing the Neo4j browser on localhost:7474.
However I cannot access the browser outside using my virtual machine's public IP e.g <machineIP:7474>
Here's what I have done so far:
In the Azure portal, I added inbound rules for the NSG to allow http and https ports 80 and 443 (I have done the same on a Linux virtual machine also hosted in Azure and I can access the browser just fine)
I also added an inbound rule in Windows Firewall to allow Port 80 and 443 as well
What possibly blocks me from accessing the virtual machine's IP from the outside?
You have to add TCP port 7474 to the firewall in the Azure portal:
change your neo4j-server.properties
set
org.neo4j.server.webserver.address=0.0.0.0
To remotely access Neo4j installed on a Windows VM in Azure, these are the changes you'll need to make:
In the Azure portal, add TCP port 7474 to the Endpoints of your Windows VM
On your Windows VM, in the Windows Firewall Advances Security, add a new Inbound Rule for port 7474
Change the conf/neo4j.conf and uncomment this line:
org.neo4j.server.webserver.address=0.0.0.0
Note: In case you also want full access to Neo4j's browse interface including Bolt, then also add port 7687 both in the Azure Endpoints and the Windows Firewall.

remote desktop to an azure VM (created by the new portal - portal.azure.com) over the port 443

I have a Virtual Machine created in the new azure portal (portal.azure.com)
Now I can connect to by using the Remote Desktop by the port 3389, without any problems.
I am asking for a guide to setting my virtual machine can be remoted over the port 443 also (since the working network just allows outcoming 443 only)
With the classic portal, I just need to add an "end point" and that works.
However with the new portal, in the "network security group", I tried to modify the "inbound security rules", changed the default value 3389 to 443, but I got no luck.
Edited: captured screenshots
New VM created as "Azure Resource Manager" (ARM) have different options and features but they lost end-points. Endpoints, in classic deployment, allowed to remap internal ports to external ports, changing the value.
Now, in ARM, to have a similar behaviour, you have to use LoadBalancer. Read at the end of https://blogs.msdn.microsoft.com/mast/2016/02/04/azure-networking-public-ip-addresses-in-classic-vs-arm/ for an example to map external 50000 to internal 80.
As I understand them, Network Security Groups don't actually do any port mapping, just allow/deny access to certain ports. If you want the RDP server to still listen on 3389 and for external RDP requests to go to 443, you'll need to use Azure Load Balancer with NAT rules (https://azure.microsoft.com/en-us/documentation/articles/load-balancer-get-started-internet-arm-ps/#create-lb-rules-nat-rules-a-probe-and-a-load-balancer). Alternatively, you could configure your RDP server to listen on port 443. It's up to you which you prefer :).

How to open ports on azure virtual machine?

I set a new port by Add EndPoints option but it does not open that specific port on azure virtual machine.... i checked using following link
can any one tell me how to resolve this issue?
http://postimg.org/image/wb5rid6ib/
TCPSockets endpoint is not open on my virtual machine
Add-AzureEndpoint opens a port at the Azure firewall not your at your VM's side. That means after opening the port in Azure, you have to open the port at your VM's individual firewall, too. Depending on your operating system that could be done differently. E.g. in Windows Server you would configure the Windows Firewall.
More precisely, Add-AzureEndpoint create a port forwarding rule from the specified public port to the private port you have specified for your VM.

Resources