i've trouble getting proper access to my servers services.
It's an "new" ubuntu vm so that i can't access it via the old "manage" portal.
I cannot change the endpoint settings for this vm because the entry "endpoints" is missing, what can i do to fix this? Or am i supposed to use iptables / ufw? Because that's doesn't seem to be the case since i can access my server via ssh and either iptables nor ufw have entries for ssh.
Thanks in advise for helping informations.
Azure Resource Manager (ARM) is quite new addition to the Azure, so some things are only doable via Powershell at this time.
Please consider the following explanation on how to attach a Load Balancer to your Resource Group and then configure what we called "endpoints":
http://blog.itaysk.com/2015/08/03/azure-load-balancer-in-resource-manager-arm/
Related
I have an Azure VM that I can access through Bastion in the Azure Portal without issue, but I would like to access this through my local native RDP client (in Windows). I have the following config:
Local account (un/pw) setup to access
Setup a NSG rule to restrict source and destination IP and port 3389 (for RDP).
Selected "Standard" Bastion (required for Native client RDP support)
I have tried the following:
Followed this guide to kick off from PowerShell/Azure CLI: https://jeffbrown.tech/azure-bastion-rdp-native-client/. However I am getting this error (BiFrostVMUnAvailableCredentialsException) :
Tried using RDP client directly w/IP:Port - I assume this doesnt work b/c some Azure account/tunneling magic needs to happen.
Temporarily opened up the NSG rule to allow traffic from any sources (not restricted to my VPN IP), and it prompts me for un/pw and I get a slightly different auth error. So this option seems to get further along than the others.
So what am I missing?
Also, relates to this question, but I think my scenario is slightly different.
Did you configure a subnet for Bastion?
I don't see anything about that in that guide you mentioned. I'm not an expert by any means, but I remember the subnet was something important when I deployed my test.
Apparently, it was necessary to add an RDP rule for the 3389 port in the nsg and allow the bastion subnet otherwise bastion would not connect at all, not even the browser version.
Is the VM domain joined? try adding the FQDN
I hope you got this solved by now.
nsg rule example
I have a Linux Virtual Machine (Debian 9) deployed in Azure with Service Endpoints for Sql enabled and properly added -if I navigate the portal towards the VNet and enter the Service Endpoints tab, I can clearly see the Sql Service Endpoint listed. Just FYI, the reason for the Service Endpoint is that the VM has a dynamic IP, so I can't just whitelist it in the DB resource's configuration.
On the other hand, I have an 'Azure Database for MySQL server' deployed in the same resource group, same location and whatnot, but I can't seem to connect to it.
The steps I take when I try to connect are as follow:
I connect to the VM through SSH.
In my VM I have mysql-server installed
I write mysql --host <fully qualified server name> --user <server admin login name>#<server name> -p
I get the following error: "ERROR 9002 (28000): Server is not ready for incoming connections."
I've been reading the documentation and searching in forums for a reason why this might be happening, but I simply cannot seem to make it work. I have tried changing the status of the "Allow access to Azure services" option in the Connection security tab of the DB resource, but it doesn't seem to matter.
Could anyone have any idea of how I might go about solving this??
You said you enabled the SQL endpoint on the virtual network, but did you add a VNET rule to the instance (Attach an existing VNET)? You can find this in Azure Database for MySQL server -> Connection Security -> VNET Rules -> Attach existing VNET.
If you can't see your VNET listed then there is a mismatch between the regions of your SQL server and your VNET: They must be deployed to the same one. Additionally check that you have a General Purpose or Memory Optimized server, this feature is not available in Basic tier.
If all of this is in place, try enabling Diagnostics on the SQL Server, try logging in again a few times, then view the log file and post anything strange.
I've been trying to setup my Azure Network security group to accept connections to my Octopus Tentacle, but with no success.
I know the Tentacle is properly working because I can connect using localhost, all that's left is to be externally available.
Could anyone shine a light on the necessary rules at the Network security group? Find below my own rules.
Kind regards and thanks in advance!
Open Windows Firewall on your VM. And add an allowed access for
"10933" TCP port. (10933 the default port between Octopus server and tentacle)
If your Octopus Server and tentacle are not on the same Azure
resources and still couldn't telnet the Tentacle, You must add an "Inbound
security rule" for the same 10933 TCP port which used by your VM's
network security group.
Optional:You should give a static IP and domain name to your VM on Azure. Your Network admin should configure it a IP restricted access.
For testing the connectivity. You should use "telnet client". Open cmd and write this. If there is no connection error/timeout it's working .
telnet yourtentaclesextrenalIPaddress 10933
You should add the endpoint and firewall settings on your virtual machine firewall (not the Azure you mentioned). This is the official tutorial on how to set up the Tentacle. Also take a look if your OS you want to launch Tentacle on is supported (the same link).
I am trying out the Free Trial Microsoft Azure.
Basically I created an VM running Windows Server 2008 SP1.
There, I am running GeoServer, being able to access the geoserver from the local browser (eg: http://localhost:8080/geoserver/web)
Now, how to access this from a public browser? It has a public IP 13.93.154.109
which I can't even ping it, not to say to access it.
What did I miss out?
Note: I tried both classic/non-classic VM, result is the same.
Also, I am aware that there is an OpenGeo Suite out there for Azure. But it costs a lot. What I am trying to do is, to share the VM with the other existing product.
Thanks in advance.
localhost-from-vm
P.S: I am able to ping 13.93.154.109:3389 using PsPing instead of normal Ping.
You need to open the port 8080 to allow traffic on your VM.
Depending on how you have created the VM, it can be done in different ways:
If you have used the Classic workflow, you need to add an endpoint to your cloud service: https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-windows-classic-setup-endpoints/
If you have used the Azure Resource Manager workflow, you need to create an inbound rule in the network security group: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-create-nsg-arm-pportal/#create-rules-in-an-existing-nsg
I haven't been able to RDP to my newly created CentOs 7 Azure VM.
In my attempt to accomplish this I followed the steps listed here:
https://blogs.msdn.microsoft.com/cloud_solution_architect/2015/05/02/remote-desktop-to-your-linux-azure-virtual-machine/
To summarize, I've installed GNOME Desktop, VNC Server, and xrdp. The instructions above talk about adding an endpoint, but since I'm using the Resource Manager deployment model, there's no settings or menu items where I can create one. Instead I added inbound rules to my network security group to allow traffic to ports used by xrdp and vncserver. Rdp and VNC viewer both timeout when I attempt to connect.
Additionally, I used the sudo netstat -ant command to confirm that both ports (for xrdp and vncserver) are both in the "LISTEN" state.
What am I missing here?
Thanks in advance.
This is a common problem I've seen when defining Azure NSGs. For your inbound Azure NSG rules, the source port needs to be "*" because your client will use a random port on the client side.