Q: Has anyone managed to get MSDTC transactions working between a local machine and a database that resides on an Azure Virtual Machine?
I read this: which suggests MSDTC is not supported on 'SQL Azure' - but is SQL Azure the 'SQL Databases' option, not the 'Virtual Machines' option which may happen to have a SQL database on there? It is unclear: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/894b6087-35ab-4f4f-aa19-f81ee56dc6bf/msdtc-with-the-new-virtual-machines?forum=WAVirtualMachinesforWindows
I found the following article: http://sanganakauthority.blogspot.co.uk/2014/02/definitive-steps-to-configure-msdtc-on.html - but this is related to Azure VMs on the same virtual network.
There are enough articles out there which give me hope that IT IS possible, as they seem to imply it. E.g. http://thoughtsofmarcus.blogspot.co.uk/2013/03/msdtc-error-after-cloning-virtual.html, http://www.jamescrowley.co.uk/2012/06/23/msdtc-gotchas-with-virtual-machines/
I have tried the following, from reviewing numerous articles:
Checked MSDTC service is Started, and set to Automatic.
Checked Local DTC settings in Component Services on both machines: http://technet.microsoft.com/en-us/library/cc731495.aspx
Restricted the port range 5000-5050 for MSDTC in Component Services: http://support.microsoft.com/kb/300083.
Set/verified the registry entries for the above as described in this article: http://support.microsoft.com/kb/306843
Added inbound and outbound rules for port 135 and a range of 5000-5050 on the firewall on both machines (and tried disabling the firewall completely)
Uninstalled/reinstalled MSDTC on the Azure VM, checking the CID is unique: http://msdn.microsoft.com/en-us/library/aa561924.aspx
Added endpoints to the Azure VM in the management portal, 135 and 5000-5050, using this helpful article: http://fabriccontroller.net/blog/posts/adding-multiple-endpoints-to-your-windows-azure-virtual-machines-by-using-a-csv-file/
Added host names to the hosts file (even though ping doesn't work on Azure anyway). http://blogs.msdn.com/b/distributedservices/archive/2008/11/12/troubleshooting-msdtc-issues-with-the-dtcping-tool.aspx
Tried to add ICMP to the firewall to let me ping the Azure VM but this didn't work, didn't expect it to though... (http://feedback.windowsazure.com/forums/217313-networking-dns-traffic-manager-vpn-vnet/suggestions/3346609-icmp-support-for-azure-websites-roles-cloud-serv).
Ran dtctester.exe, output was an error: Error: SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state.
Attempted to run dtcping.exe, received the message RPC pinging exception -->1753(There are no more endpoints available from the endpoint mapper.) - the ports and the firewall settings should be fine.
Set/verified the TurnOffRpcSecurity registry entry (clutching at straws now): http://support.microsoft.com/kb/839187
Any ideas?
SOLUTION
Initial solution was to set up a Cloud Service with the Web Site on it connecting to the database on a separate Virtual Machine, both residing on the same Azure Virtual Network. You have to add the Virtual Network first before you create the Virtual Machines.
Then I was getting annoyed by the Cloud Service resetting itself, I had originally published it from Visual Studio but wanted to tweak it and those tweaks were being undone. So then I switched it to a Virtual Machine (so 2 VMs in total).
Then I was breaking my subscription credit limit, so I ended up with 2 Virtual Machines, one with Web Site, one with Database, both on separate Azure subscriptions on separate Virtual Networks, but with a Virtual Gateway between them. This is a bit convoluted but works perfectly, this guide is brilliant for that: http://blogs.technet.com/b/aviraj/archive/2014/05/16/microsoft-azure-configure-cross-subscription-vnet-to-vnet-connectivity-in-azure.aspx
Related
I have a Linux Virtual Machine (Debian 9) deployed in Azure with Service Endpoints for Sql enabled and properly added -if I navigate the portal towards the VNet and enter the Service Endpoints tab, I can clearly see the Sql Service Endpoint listed. Just FYI, the reason for the Service Endpoint is that the VM has a dynamic IP, so I can't just whitelist it in the DB resource's configuration.
On the other hand, I have an 'Azure Database for MySQL server' deployed in the same resource group, same location and whatnot, but I can't seem to connect to it.
The steps I take when I try to connect are as follow:
I connect to the VM through SSH.
In my VM I have mysql-server installed
I write mysql --host <fully qualified server name> --user <server admin login name>#<server name> -p
I get the following error: "ERROR 9002 (28000): Server is not ready for incoming connections."
I've been reading the documentation and searching in forums for a reason why this might be happening, but I simply cannot seem to make it work. I have tried changing the status of the "Allow access to Azure services" option in the Connection security tab of the DB resource, but it doesn't seem to matter.
Could anyone have any idea of how I might go about solving this??
You said you enabled the SQL endpoint on the virtual network, but did you add a VNET rule to the instance (Attach an existing VNET)? You can find this in Azure Database for MySQL server -> Connection Security -> VNET Rules -> Attach existing VNET.
If you can't see your VNET listed then there is a mismatch between the regions of your SQL server and your VNET: They must be deployed to the same one. Additionally check that you have a General Purpose or Memory Optimized server, this feature is not available in Basic tier.
If all of this is in place, try enabling Diagnostics on the SQL Server, try logging in again a few times, then view the log file and post anything strange.
Following on from the latest Azure maintenance, we cannot remote desktop to one of our VMs and fix potential issue on the IIS server of this machine. Everything was working fine for over 1 year.
The Agent status is now set to "Not Ready" when looking at the properties of the VM in the Azure portal.
We obviously tried to restart the machine but no effect. We cannot redeploy the machine to another node as the VM agent seems to be down.
The outbound NSG rules do not block outbound connection to internet (so that the machine should be able to write to its azure storage).
This user seems to have a similar issue on a VM scale set: Azure VM scale sets not accessible and cannot restart
Any idea on how to resolve this issue ?
In azure, i created 3 Windows server VM i.e. one for Azure Backup Server (let say BackupServer), one for Active Directory on VM (let say ADServer), and last SQL Server on Windows Server(let say SQLServer) . All three are on same Domain. Now while adding SQLServer to Protection Group in Azure Backup Server Configuration, then it is giving me error as attached in the screenshot.
Tried many links available on the internet but no luck.
Any suggestions?
But is it ok to disable firewalls for security concern?
You are right, disable firewall just for test, we should follow this official article to config firewall settings for DPM.
By the way, Azure VM have NSG to block outside network traffic.
I have one question regarding Azure connection from corporate networks.
I have created a VM and a database on azure. I can connect to the DB and RDP to the VM from my home machine. But when I am in office, I cannot connect any of them. This is the error I am getting.
I thought my office proxy is causing the problem, I removed proxy connection but that did not help. I created an instance on AWS and tried connecting to the Azure VM and DB from inside that instance. But that did not help either.
From this, I can think of only one reason that Azure does not allow incoming connection from corporate networks for free tier. I have allowed incoming request from everywhere in the rule of Azure VM and DB.
My azure subscription is free tier.
Can anyone tell me if that is correct or what is the correct way to solve this problem?
UPDATE: The question is not relevant anymore. The problem was with our office network. I have created a NAT to RDP to azure machine and everything is working fine.
I suspect that the Azure firewall is restricting access to your SQL server. As for your VM, you may have some ACLs set up which are restricting access.
To enable the SQL firewall rules:
https://azure.microsoft.com/en-us/documentation/articles/sql-database-configure-firewall-settings/
To check the ACLs on your Virtual Machine endpoints:
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/
I was onsite at a client location which disallowed outbound RDP traffic. They set up a SOCKS proxy and installed a SOCKS client on my machine with limited rules to allow RDP to Azure.
I have a azure cloud cluster with an sql availability (2 sql machines and one quorum) group and a listener on port 51101. The cluster also contains several other VMs, all on the same virtual network.
I'm having problem connecting to the listener, and the problem is not SQL specific, since I can't even telnet to the port. The weird thing is that this happens only when connecting from a machine on the same virtual network. If I try to connect from my local non-azure machine, everything works fine. It also works if it's an azure machine on a different network.
Here's what I have:
- Firewall rules for the port. I even tried disabling the firewall completely on all the machines
The port has a load balanced endpoint on the Azure portal. Note that the same problem applies to all the ports that were open by default by Azure (RDP and WinRmHttps) - I can telnet to those ports from my machine, but not from a machine on the Virtual Network.
I can reach the SQL intance directly (If I use the instance name instead of the listener)
Here's my virtual network configuration:
Any suggestions for the cause of the problem, or some ways to debug this are welcome.
Just in case anyone runs into this, I found the answer here:
Keep in mind that your application, in case is deployed in Azure,
cannot reside in the same Cloud Service with SQL Server VMs otherwise
routing in Azure will fail: it’s highly recommended to use a dedicated
Cloud Service containing only the SQL Server VM;
Once I put the connecting machine on a separate service, everything worked.
Try these standard techniques for debugging listeners: http://www.eraofdata.com/verifying-and-troubleshooting-sql-server-listener-connectivity/ Azure won't treat them any differently if you are using a Virtual Network and a single Cloud Service.
Have you don't a netstat on the machine the listener is on to see if anything is listening on that TCP port?