I tried to configure a VPN with default values (10.0.1.x) with a point-to-site feature configured.
Azure Websites has been configured too, using the new Azure portal, to point to the Point-to-Site of the VPN.
When a try to contact SQL server of my VM in Azure (Iaas) fails, while locally on the VM I can do it.
I also configured an end point for the port 1433 on the VM with the relative firewall configuration.
Is there a way to check where is the issue using the website ?
Thanks a lot.
Fabio
Related
can anyone help with some azure vm issues. I wished to connect a domain server VM and a ordinary server VM and use active directory synchronization. But every time I deploy new VM from azure portal, it always have the DNS name status as not configured. I really don't understand why. I set the DNS server with the private IPs of the VMs on the vNet. Thanks for replies and advise. VM DNS name not configured
As the comment stated, the DNS name for that VM is actually associated with the public IP attached to that VM. You can follow this step to create FQDN for an Azure VM.
If you want to join the Azure VM to your local domain, you can follow this link:
The main steps are as follows:
Establish cross-site connectivity using Azure site-to-site VPN connections
Configure a custom DNS server
Provision a VM with a custom DNS server
Join the Azure VM to the on-premises Active Directory domain
If you intend to join a Windows Server virtual machine to an Azure Active Directory Domain Services managed domain, read this tutorial.
I am trying to connect an on-premises laptop with dynamic external IP to our Azure SQL Server. To do this, I created a virtual network gateway and connected the laptop to the gateway. Also, I added a private endpoint to the SQL server. After this, I can successfully connect to the SQL server IP using telnet, and if I resolve the SQL server FQDS in hosts file, I can connect to the server via SSMS. But without hosts file, the laptop always tries to connect to the SQL server via its public endpoint/address.
I found the following article: https://techcommunity.microsoft.com/t5/azure-database-support-blog/azure-sql-db-private-link-private-endpoint-connectivity/ba-p/1235573 The article is great. It recommends using your own DNS server to resolve the SQL server FQDN to the local IP. Unfortunately, the laptop does not have access to any custom DNS, so this solution does not suit.
There are two questions:
Is there any possibility to establish connection between an on-premises computer with dynamic IP and an Azure SQL server using a private endpoint but without own DNS server?
If the answer to the first question is "No", is there another way to connect an on-premises computer with dynamic IP to an Azure SQL server using any other Azure application(s)?
First of all, you can not use FQDN without DNS service. So you indeed need a custom DNS server in using FQDN of the server in connection strings for your clients to connect from on-premise VM to the Azure SQL server.
Since you are using a laptop, the DNS servers used by your computer are most likely specified by your ISP. You have no more control over it or ask your ISP to configure the DNS forwarder. Otherwise, you need to deploy a DNS server in your internal network. Currently, in this scenario, the best method is to use the HOSTS file on the local machine to override the Public DNS.
However, if you don't like using the HOSTS file, you can provision an Azure VM as the DNS server in the same Azure virtual network as the virtual network gateway.
Main steps:
Deploy an Azure VM, and RDP to that VM and run the PowerShell commands to install the DNS server role.
Install-WindowsFeature -Name DNS -IncludeManagementTools
Get-WindowsFeature *DNS*
Add Azure DNS (168.63.129.16) as a forwarder on your custom DNS server according to the step 5 in this blog. If you do not want to use forwarder you can also create a forward lookup zone and added manually the host to match the FQDN. You could read On-premises workloads using a DNS forwarder for more details.
After you have configured the DNS server and set the DNS forwarder. You could change the DNS server of Azure VNet to your Azure VM's private IP address.
Restart your Azure VM and re-download the VPN client package and re-connect the VPN connection to make the networking update. Check the DNS server on the local VPN client machine and set the DNS server to the custom DNS server in the TCP/IP settings. Then you will look up your private IP address via the default FQDN of Azure service.
In my example, I am using Azure storage account but it works the same with Azure
SQL database when using a private endpoint on the Azure and P2S VPN connection.
In this way, it requires that there are not any other VPN connections except the
P2S VPN connection on the local machine.
Then you could resolve the Azure SQL server FQDN to the private IP address of the private endpoint. However, it perhaps does not have a better performance to connect to Azure SQL Server with a VPN connection than directly connect to it through the public Internet and public DNS sevice.
If I deploy RRAS server in azure and also have file server, domain controller etc. How can I create S2S VPN connection with this config. What will I need on prem to create a tunnel?
In Azure VM, RRAS role is not supported and hence it is not recommended for Production work loads.
Here is the reference: https://support.microsoft.com/en-in/help/2721672/microsoft-server-software-support-for-microsoft-azure-virtual-machines
So I've created a VM Win Server 2016 on Azure. I've created a VPN connection between Azure VM (Which is AD DC) and a test windows machine. I can ping AD IP (but not domain, only IP), RDP into machine etc.. however when I try to join domain it's not recognized. So it's probably DNS issue on Azure but I've been unable to resolve it? What to do? How to proceed? The idea is to be able to connect remote machines via Point to Site VPN to AD DC on Azure.
Thanks
You need to have your DC listed as a DNS server if you are doing AD integrated DNS Or have a public record so that the Azure DNS servers can advertise it. Make sure you have done the step - Reset the DNS server for the Azure virtual network. You can also refer to http://msdn.microsoft.com/en-us/library/azure/jj156090.aspx for guidance and http://azure.microsoft.com/en-us/documentation/articles/virtual-networks-install-replica-active-directory-domain-controller/ for steps.
I've created a VPN connection between Azure VM (Which is AD DC) and a
test windows machine.
Could you please tell me which kind VPN do you deployed?
If you select S2S VPN, we can change the test windows machine's DNS to Azure VM's private IP address, then try to ping the domain name, if we can ping it, we can join this test vm to the AD DC.
If your VPN is P2S, we should change the test windows machine's DNS to the Azure VM P2S virtual IP address(get from p2s), then try to ping the domain name, and join to it.
I have one question regarding Azure connection from corporate networks.
I have created a VM and a database on azure. I can connect to the DB and RDP to the VM from my home machine. But when I am in office, I cannot connect any of them. This is the error I am getting.
I thought my office proxy is causing the problem, I removed proxy connection but that did not help. I created an instance on AWS and tried connecting to the Azure VM and DB from inside that instance. But that did not help either.
From this, I can think of only one reason that Azure does not allow incoming connection from corporate networks for free tier. I have allowed incoming request from everywhere in the rule of Azure VM and DB.
My azure subscription is free tier.
Can anyone tell me if that is correct or what is the correct way to solve this problem?
UPDATE: The question is not relevant anymore. The problem was with our office network. I have created a NAT to RDP to azure machine and everything is working fine.
I suspect that the Azure firewall is restricting access to your SQL server. As for your VM, you may have some ACLs set up which are restricting access.
To enable the SQL firewall rules:
https://azure.microsoft.com/en-us/documentation/articles/sql-database-configure-firewall-settings/
To check the ACLs on your Virtual Machine endpoints:
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
I was onsite at a client location which disallowed outbound RDP traffic. They set up a SOCKS proxy and installed a SOCKS client on my machine with limited rules to allow RDP to Azure.