Accidentally enabled Firewall - SSH connections to port 22 are refused - linux

I have a remote Azure Ubuntu VM where firewall wasn't enabled. While changing the configurations I accidentally enabled the firewall but forgot to allow port 22 for SSH. Only port 443 is allowed in firewall.
It's a very lame mistake but I cannot SSH into my VM. The SSH connection is refused every time. Is there a way out of this?

Unfortunately currently (August 2016) it is not possible to do that on Azure. The only way to fix it would be to download the VHDs for the VM, boot them locally in Hyper-V, VMConnect to them, fix the problem and upload them back to Azure.
It is an often requested feature here: https://feedback.azure.com/forums/216843-virtual-machines/suggestions/3761826-virtual-machine-console-access

Most VM providers provide a form of console access via the control panel where your VM instances are managed. This usually requires you to log into the control panel. The console then allows access the same way a screen and keyboard would. You can use this to open port 22 in your firewall.

You could use the "CustomScriptExtension" VM extension to run the command necessary to repair the firewall rule.

Related

Unable to connect to Azure VM through RDP but able to connect through Bastion

I was able to connect to Azure VM through RDP earlier but now suddenly I'm unable to connect to VM through RDP.
I tried to connect through Powersell.
Even powershell script was able to connect earlier but not working now. Myself didn't changed anything in Azure VM.
I'm getting below errors.
But I'm able to connect to VM through Bastion.
WinRM is already enabled in Azure VM.
I tried by creating new Azure VM and enabled RDP port 3389 but still getting same connection issue.
How to resolve issue.
When debugging RDP issues one tool I use to test connectivity from a windows client is:
start
run
cmd
telnet ip port
e.g telnet 99.99.99.99 3389
noting you may need to install the telnet client from windows features tool
Try this from multiple locations with different public addresses (including from the VM itself in some circumstances but clearly not for your issue).
Does it connect to the RDP Server listening port ?
If the answer is yes then you know the server is listening.
If the answer is no then the port is likely blocked, service is not available or a routing issue could be the cause.
Thinking out loud review the resources you have sitting in front of the VM:
window firewall (Disabling all firewall profiles is a more foolproof way of troubleshooting than setting the RDP-specific firewall rule, see REF)
local network outbound traffic blocks
firewall in front of the vm
Ref:
https://learn.microsoft.com/en-us/azure/virtual-machines/troubleshooting/enable-disable-firewall-rule-guest-os

Azure Windows VM - RDP issues

I currently need to run some windows-specific software for part of a workflow, and I can't run it on my personal computer.
I have got the free account at Azure, so I thought I would use the remote windows machine. I created the VM, and I can see the login screen on Boot Diagnostics.
However, I can't connect to RDP. Tried several issues and solutions (all provided on Azure docs), to no avail.
A few steps I already did:
Checked network configs. Tried different external ports for RDP (if somehow the RDP port could be blocked somewhere). I also tried basic configuration, advanced configuration.
Re-created the external IP's. The machine can't be pinged, and I don't seem to be able to trace routes for them.
Re-deployed the machine, deleted and created a new machine.
Switched and tried different Linux RDP connectors, and even used a friends Windows computer to try to connect, to no avail.
I could gladly use any help troubleshooting this.
My machine is currently running Linux Mint, on the eduroam Wifi networks.
Thanks in advance, and feel free to ask for any additional information or configuration.
Properly, you could check if the RDP port is blocked on NSG(vm nic level or subnet level NSG), you could follow this to open the port.
Also, you could verify if the networking connectivity issue from your local computer to Azure following by Using Telnet to Test Port 3389 Functionality. For example, run telnet VMpublicIP 3389 in CMD as the administrator account.
If the RDP port is already enabled in NSG, see Troubleshoot an RDP general error in Azure VM and Troubleshoot Azure VM RDP connection issues by Event ID
Tried on another network and it worked. It seems eduroam blocks RDP even when it is on other ports.

Azure VM Remote Desktop Can't Connect

Following a how-to book's guide on setting up a VM through the Azure Portal and getting the error when trying to connect
Remote Desktop can't connect to the remote computer for one of these reasons: 1) Remote access to the service is not enabled 2) The remote computer is turned off [Verified through the Azure Portal it is turned on because Start is faded, while Restart and Stop are not] 3) The remote computer is not available on the network.
The error occurs before I'm able to enter any credentials - it doesn't find the IP at all. The RDP file details (IP removed of course):
full address:s:[IPAddress]:3389
prompt for credentials:i:1
administrative session:i:1
What I've tried:
Even though the How-To book doesn't show where/how to specify a port, when I download the RDP file from the Connect option, it specifies the port 3389. The book seems to imply that simply downloading this file and connecting will work and there's no need to specify the port. I get the above error.
Flushed DNS on my computer, ipconfig /flushdns
In the Network Security Group option for the VM, I verified that port 3389 allowed any source and wasn't specific.
I did miss associating the subnet part of the Network Security Group to a virtual network, so I did associate my NSG with the default subnet set up for my Virtual Network.
From the Quick start option, I don't see how to connect to this either; I'm guessing, I need to specify a different port, but don't see where to do it here either => Update: this appears to be in the Network Security Group's Inbound security rules in the Azure portal.
Boot Diagnostics option shows the login screen. A ping to the IP address fails four times with "Request timed out."
Note: this is not a Virtual Machine (classic).
just wanted to share what worked for me.
After receiving an error prompt:
Connect is disabled for this virtual machine because of the following
issues: Network interface 'vmwindows1094': Network security group
'VMWindows10-nsg' does not have inbound security rule that allows port
3389. VMWindows10-nsg
I have added an inbound port rule. Under VM > Settings > Add inbound port rules.
Port: 3389 Protocol/Source/Destination: Any (this can be configured based on your security rules) Action: Allow
On the Azure portal, Select your VM -> Settings -> Boot diagnostics. Make sure that you can see the login screen. You might need to enable diagnostics (under Monitoring section) if not enabled already.
If you don't see the login screen, trying the 'Redeploy' option under 'Support and Troubleshooting' section of settings.
If you can see that the machines has booted correctly, the connectivity issue might be because of a firewall at your end or on the VM. See if you can ping the machine. If you are behind a corporate firewall, try connecting from elsewhere and check your PC's firewall.
Creating a new Virtual Machine on the new portal now creates a NSG (Network Security Group) along with the VM. You should be able to find it under all resources, same name as you VM. Make sure that there is an Inbound rule configured for Remote desktop (it is created by default but might be worth checking).
I had the same problem but adding an inbound security rule was not sufficient (although it is also needed).
I had to go to virtual machines > (myVm) > Reset password and then choose Reset configuration only
Try checking your VM has enough memory.
I had tried all of above suggestions and still didn't manage to access.
After trying many times I managed to get in a message appeared saying:
Your Computer is low on memory
Not 100% sure that was the reason though.
I faced the same issue. I had created an Azure VM but wasn't able to connect to it using RDP.
The culprit was a default "Inbound Port Rule" due to which all the inbound traffic was being blocked.
The solution is to create a new rule by clicking the "Add Inbound Port Rule" and allow traffic from port 3389. Make sure that the priority of this new rule is greater than the "DenyAllInBound" rule otherwise our new rule will not have any effect.
After adding the rule, try connecting to the VM using its public IP in RDP and you should be able to connect.
This worked for me, hope it helps you as well.

Setup Azure Network security group rules for Octopus Tentacle?

I've been trying to setup my Azure Network security group to accept connections to my Octopus Tentacle, but with no success.
I know the Tentacle is properly working because I can connect using localhost, all that's left is to be externally available.
Could anyone shine a light on the necessary rules at the Network security group? Find below my own rules.
Kind regards and thanks in advance!
Open Windows Firewall on your VM. And add an allowed access for
"10933" TCP port. (10933 the default port between Octopus server and tentacle)
If your Octopus Server and tentacle are not on the same Azure
resources and still couldn't telnet the Tentacle, You must add an "Inbound
security rule" for the same 10933 TCP port which used by your VM's
network security group.
Optional:You should give a static IP and domain name to your VM on Azure. Your Network admin should configure it a IP restricted access.
For testing the connectivity. You should use "telnet client". Open cmd and write this. If there is no connection error/timeout it's working .
telnet yourtentaclesextrenalIPaddress 10933
You should add the endpoint and firewall settings on your virtual machine firewall (not the Azure you mentioned). This is the official tutorial on how to set up the Tentacle. Also take a look if your OS you want to launch Tentacle on is supported (the same link).

Cannot RDP to CentOs 7 Azure VM

I haven't been able to RDP to my newly created CentOs 7 Azure VM.
In my attempt to accomplish this I followed the steps listed here:
https://blogs.msdn.microsoft.com/cloud_solution_architect/2015/05/02/remote-desktop-to-your-linux-azure-virtual-machine/
To summarize, I've installed GNOME Desktop, VNC Server, and xrdp. The instructions above talk about adding an endpoint, but since I'm using the Resource Manager deployment model, there's no settings or menu items where I can create one. Instead I added inbound rules to my network security group to allow traffic to ports used by xrdp and vncserver. Rdp and VNC viewer both timeout when I attempt to connect.
Additionally, I used the sudo netstat -ant command to confirm that both ports (for xrdp and vncserver) are both in the "LISTEN" state.
What am I missing here?
Thanks in advance.
This is a common problem I've seen when defining Azure NSGs. For your inbound Azure NSG rules, the source port needs to be "*" because your client will use a random port on the client side.

Resources