I provisioned a Windows Server 2012 vm in Azure. When I try to connect to it via FileZilla FTP client I get a Could not connect to server error.
Here's what I have tried so far:
Added inbound rule for FTP (TCP/21) in the Azure portal
In IIS, configured FTP Firewall Support. Set Data Channel Port Range to 7000-7002, External IP Address of Firewall to my vm's public IP, added 7000, 7001 and 7002 to inbound rules, did a net start/stop ftpsvc
The step I'm missing in your description, is enabling "FTP server" rules in Windows firewall.
They are created during IIS server installation, but are disabled by default. You have to enable them.
Quoting my guide to Installing a Secure FTP Server on Windows using IIS:
An internal Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535, when IIS FTP server is installed.
The rules are not enabled initially though. To enable or change the rules, go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and locate three “FTP server” rules. If the rules are not enabled, click on Actions > Enable Rule.
If you do not have them, for whatever reason, you have to create them manually. For port 21 and the data ports (in your case 7000-7002).
Related
I am trying to connect to a FTP server hosted on azure VM using IIS I can connect but I keep getting the following error:
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
Could you disable the firewall and try FTP to a different server?
Do you have an NSG (Network Security Group) associated with your VM ?, If yes then you'll need to open port 21/990 to access your FTP Server
Use Azure Powershell to setup the ports and check for the status.
Azure now have an FTP VM in the marketplace that fully setups FileZilla FTP Server https://azuremarketplace.microsoft.com/en-gb/marketplace/apps/cloud-infrastructure-services.filezilla-ftp-server
Setup instructions: https://cloudinfrastructureservices.co.uk/install-filezilla-secure-ftp-server-on-azure-server-2016/
You need to add an additional port range, which the ftp server will choose from for each ftp connection.
While the Windows firewall is automatically configured with rules for the ports 21, 990 and 1024-65535, when IIS FTP server is installed, the rules are not enabled initially.
To enable or change the rules, go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and locate three "FTP server" rules. If the rules are not enabled, click on Actions > Enable Rule.
https://winscp.net/eng/docs/guide_windows_ftps_server
Refer to the suggestion mentioned here: Cannot list directory on IIS FTP server on Azure, even after configuring Azure inbound rules and Windows firewall
Additional information: https://serverfault.com/questions/279286/how-to-resolve-ftp-error-failed-to-retrieve-directory-listing-for-administrato
If you are using passive mode the server opens a random unprivileged port above 1023. Therefore in order to work you would need to open up a range of ports in Azure. If you need this to work in passive mode your best bet is to use an FTP server where you can configure the passive mode port range, and then create the corresponding inbound port range rule in Azure (and in the OS). If you have any alternatives I wouldn't do it, since the fewer ports you expose the better.
I've setup a VM and installed IIS. I checked that the firewall rules were enabled for HTTP and HTTPS. Furthermore, in Azure Portal, I've enabled the two predefined inbound security network group rules for HTTP and HTTPS.
When in the VM, I can go to localhost and see the default Web page of IIS Default Web Site.
Inbound security rule in Network Security Group
Anybody know how to go about figuring out how to make this work?
Thx
You should add port 443 and port 80 to azure VM windows firewall inbound rules.
Are the Source port ranges on your inbound rules set to 80/443 or * (i.e. all source ports)?
Try changing them to * with only the destination ports set to 80 or 443 respectively.
Ex:
Refer How to open ports to a virtual machine with the Azure portal for more details.
There are two ways to make your site accessible from the Internet.
Use the public IP address which is associated to the virtual machine's NIC.
Configure DNS for your VM machine (e.g. web.southeastasia.cloudapp.azure.com). This DNS is bounded to the associated public IP Address.
Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/portal-create-fqdn
In your IIS, just configure binding to make sure the incoming request from the Internet is recognized by IIS.
You also need to make sure you have no rule in Network Security Group (NSG) blocking port 80. Or if there is a NSG, you need to create an inbound rule to allow port 80.
I Azure Windows VM, apart from configuring the NSG rule, we should also create a Windows firewall rule to allow inbound TCP connections on the required port. Just RDP into your windows VM, open Windows Defender Firewall and add the rule
I have a Windows Server 2012 virtual machine provisioned on Azure. I installed Neo4j server on this virtual machine and I'm accessing the Neo4j browser on localhost:7474.
However I cannot access the browser outside using my virtual machine's public IP e.g <machineIP:7474>
Here's what I have done so far:
In the Azure portal, I added inbound rules for the NSG to allow http and https ports 80 and 443 (I have done the same on a Linux virtual machine also hosted in Azure and I can access the browser just fine)
I also added an inbound rule in Windows Firewall to allow Port 80 and 443 as well
What possibly blocks me from accessing the virtual machine's IP from the outside?
You have to add TCP port 7474 to the firewall in the Azure portal:
change your neo4j-server.properties
set
org.neo4j.server.webserver.address=0.0.0.0
To remotely access Neo4j installed on a Windows VM in Azure, these are the changes you'll need to make:
In the Azure portal, add TCP port 7474 to the Endpoints of your Windows VM
On your Windows VM, in the Windows Firewall Advances Security, add a new Inbound Rule for port 7474
Change the conf/neo4j.conf and uncomment this line:
org.neo4j.server.webserver.address=0.0.0.0
Note: In case you also want full access to Neo4j's browse interface including Bolt, then also add port 7687 both in the Azure Endpoints and the Windows Firewall.
I have created a CentOS 7.1 VM using Resource Manager deployment model.
I am not able to access the application using a browser on a machine connected to internet.
However I am able to access the application on same machine and other VM on same virtual network using private IP address.
I configured Network Security Group and allowed port 80 and 443 in Inbound Rules.
Well, it turned out that I needed to open ports under "Inbound Security Rules" and needed to open all in "Source Port Range". For doing so, i needed to put * there and in Destination port for https - 443 etc.
This * thing was the catch which i was missing in all the Inbound security rules for allowing the ports.
I have created an ssrs report inside an Azure Virtual Machine (SQL Server 2012 SP1 on Windows Server 2012). When I try to view the report from the Virtual machine it opens up in the browser with a proper url like
http://mysamplevm/ReportServer/Pages/ReportViewer.aspx?%2fMySampleReport&rs:Command=Render
When I try to open the same url from my local machine, it says webpage is not available. I have completed the following settings too.
Created Inbound & Outbound rules in Virtual Machine Firewall for port numbers 80 and 443.
Created end points for the same port numbers in azure management portal.
You shall access the report server via the public DNS Name - this is sort of http://mysamplevm.cloudapp.net/ReportServer/Page, and not http://mysamplevm/. You can get this when you navigate to the dashboard of your VM in the management portal - right hand links are named Quick glance, the second is DNS Name.
Because your computer has no idea how to find mysamplevm.
While astaykov is correct regarding the URL, there are two more steps you need to go through to make your report server accessible from outside your VM:
Open HTTP/HTTPS endpoint for your VM in Azure management portal
Open a firewall port:
Open Windows PowerShell on your Virtual Machine
Run the following (for port 80):
New-NetFirewallRule -DisplayName “Report Server (TCP on port 443)” -Direction Inbound –Protocol TCP –LocalPort 80
Now you can access your report server from remote computers through:
http://yourservername.cloudapp.net/reportserver
You have to log into the VM and open windows firewall advanced settings. In Inbound settings, allow port 80 to accept connections.
In addition to what DivineOps has mentioned. In Azure portal (new version), you have to go into NSG to configure firewall rules.
For me, I had to configure inbound rules, both on VM (via RDP) and via Azure portal for it to be accessible.