I have a azure cloud cluster with an sql availability (2 sql machines and one quorum) group and a listener on port 51101. The cluster also contains several other VMs, all on the same virtual network.
I'm having problem connecting to the listener, and the problem is not SQL specific, since I can't even telnet to the port. The weird thing is that this happens only when connecting from a machine on the same virtual network. If I try to connect from my local non-azure machine, everything works fine. It also works if it's an azure machine on a different network.
Here's what I have:
- Firewall rules for the port. I even tried disabling the firewall completely on all the machines
The port has a load balanced endpoint on the Azure portal. Note that the same problem applies to all the ports that were open by default by Azure (RDP and WinRmHttps) - I can telnet to those ports from my machine, but not from a machine on the Virtual Network.
I can reach the SQL intance directly (If I use the instance name instead of the listener)
Here's my virtual network configuration:
Any suggestions for the cause of the problem, or some ways to debug this are welcome.
Just in case anyone runs into this, I found the answer here:
Keep in mind that your application, in case is deployed in Azure,
cannot reside in the same Cloud Service with SQL Server VMs otherwise
routing in Azure will fail: it’s highly recommended to use a dedicated
Cloud Service containing only the SQL Server VM;
Once I put the connecting machine on a separate service, everything worked.
Try these standard techniques for debugging listeners: http://www.eraofdata.com/verifying-and-troubleshooting-sql-server-listener-connectivity/ Azure won't treat them any differently if you are using a Virtual Network and a single Cloud Service.
Have you don't a netstat on the machine the listener is on to see if anything is listening on that TCP port?
Related
How to create 2 connected virtual machines in Windows Azure to be able to deploy Two-Tier-Architecture solution ?
Let me clarify the scenario, Currently I am using 1 virtual machines in Windows Azure where I have the SQL Server 2008 DB installed AND the ASP.NET solution.
However, I want to create a very simple Two-Tier-Architecture where the SQL Server 2008 DB is installed on Server1, and the ASP.NET solution is deployed on Server2.
So, How to accomplish that? I mean, How to connected those two separate virtual machines? And how they can work together to run one single solution?
Could you please help me out in this scenario ?
Thanks !
Seems like a lot of attention being given to Virtual Networks. That's fine, but... if all you're trying to do is create a multi-tier app with a handful of VMs working in conjunction with each other, you can simply create multiple VMs within the same cloud service (that is, they all live in xyz.cloudapp.net).
They'll all sit behind a single public IP address, but consider your case where you have a web server and a database server:
Expose ports 80 and 443 specifically for the web server(s) (you can have multiple, and load-balance the ports across these VMs
Don't expose any public ports for the database server
Once deployed to the same cloud service, each VM in the cloud service can talk directly to any other VM in the cloud service, using the host name you assigned to it.
You can also deploy your web and database tiers to different cloud services, and still communicate between them without a Virtual Network. If you open, say, port 1433 on your database server, now your web tier can simply open a connection to yourdb.cloudapp.net:1433. Of course, this means the entire world can do the same, but... you can apply an endpoint ACL (access control list) on yourdb.cloudapp.net port 1433, and allow only the public VIP of your web tier's cloud service.
You'd need a Virtual Network if your web and database tiers are in separate cloud services and you don't want any exposed ports on your data tier, and you don't want to go through the built-in load balancer.
You should utilise Virtual Networking (http://www.windowsazure.com/en-us/services/virtual-network/). Additionally you can configure the two machines as part of a single Cloud Service to ensure they are encapsulated together and available publicly via a single cloudapp.net address. Note that to benefit from the Azure SLA you should run two instances of each tier (web / DB).
Note that you can't add an existing VM to a new Virtual Network.
You can create a virtual network and then add both servers in the same network if they are on different cloud services (which is the default when using quick create). But you can't do this to servers that have been created so you will need to detach your disks create 2 new servers in the new network and then reattach your disks to the new servers.
If you are planning on using a DC then create 2 subnets in your virtual network and put your DC in one and the servers in the other as you don't want your DC getting a different IP.
I'm new to Azure (strike 1) and totally suck at networking (strike 2).
Nevertheless, I've got two VMs up and running in the same virtual network; one will act as a web server and the other will act as a SQL database server.
While I can see that their internal IP addresses are both in the same network I'm unable to verify that the machines can communicate with each other and am sort of confused regarding the appropriate place to address this.
Microsoft's own documentation says
All virtual machines that you create in Windows Azure can
automatically communicate using a private network channel with other
virtual machines in the same cloud service or virtual network.
However, you need to add an endpoint to a machine for other resources
on the Internet or other virtual networks to communicate with it. You
can associate specific ports and a protocol to endpoints. Resources
can connect to an endpoint by using a protocol of TCP or UDP. The TCP
protocol includes HTTP and HTTPS communication.
So why can't the machines at least ping each other via internal IPs? Is it Windows Firewall getting in the way? I'm starting to wonder if I've chose the wrong approach for a simple web server/database server setup. Please forgive my ignorance. Any help would be greatly appreciated.
If both the machines are in the same Virtual Network, then just turn off Windows Firewall and they will be able to ping each other. Other way is to just allow all incoming ICMP traffic in Windows Firewall with Advanced Settings.
However there is a trick. Both the machines will see each other by IP Addresses, but there will be no name resolution in so defined Virtual Network. Meaning that you won't be able to ping by name, but only by direct IP address. So, if want your Website (on VM1) to connect to SQL Server (on VM2), you have to address it by full IP Address, not machine name.
The only way to make name resolution within a Virtual Network is to use a dedicated DNS server, which you maintain and configure on-premises.
This article describes in details name resolution scenarios in Windows Azure. Your particular case is this:
Name resolution between virtual machines and role instances located in
the same virtual network, but different cloud services
You could potentially achieve name resolution, if you put your VMs is same cloud service. Thus you will not even require dedicated virtual network.
If your VMs are inside a Virtual Network in Azure, then you have to make sure two things.
Required Port is enabled.
Firewall is disabled on the server.
I was trying to connect to one VM where SQL Server DB was installed, from another VM. I Had to enable 1433 port in the VM where SQL was installed. For this you need to add an MSSQL endpoint to the VM on the azure management portal. After that i disabled windows firewall. Then i was able to connect to the VM from another.
In the new portal I created several new VM's.
During deployment I can get an option to create a stand alone machine or connect to another machine.
But whatever choice I make there is no connectivity between the machines.
Is is possible to connect them to the same VMnwetwork/VLAN?
I want to test two servers in a setup in which they communicate with each other.
Yes, you have 2 options here:
Create a Virtual Network
Add the VM in an existing Cloud Service (mainly used for load balancing)
Note that pinging might not work without opening a port on the Windows Firewall (source)
I would like to host a firebird database in an Azure virtual machine.
Normally, I would indicate in a program a connection like this:
hostname:databasename
....to connect to remote host. In azure, you cannot do that.
I would need to connect with something like:
?.cloudapp.net:someport:databasename
The client would be talking to ?.cloudapp.net thinking that someport is the port to communicate with the database server.
So it seems I would need a proxy to login-connect to windows azure cloud resources and the client would then use the proxy to talk with the database server. This looks like a hassle - are there any alternatives?
I'm not entirely sure of your Cloud architecture in Azure, but assuming you have one VM with your DB installed you should be able to open up a a public endpoint (via the portal manage.windowsazure.com for your Cloud Service) and connect to that via it's public IP address & the port).
Windows Azure does have more advanced features that allows you to connect to specific VM's within a Cloud Service via Port Forwarding.
Michael Washam has a great blog post on this 'Windows Azure Virtual Machines':
http://michaelwasham.com/2012/06/08/understanding-windows-azure-virtual-machines/
The architecture of cloud services makes endpoint configuration
interesting. Since each cloud service has a single public IP address
but multiple virtual machines can reside in it how do you address
individual servers directly in a non-load balanced fashion?
Port forwarding allows you to configure an endpoint on a specific VM
listening on any of the ephemeral ports that will then be forwarded to
the correct internal port.
Here is my scenario:
I have three Windows VMs on Windows Azure (which is at its preview stage right now) and all the VMs are connected to each other, in other words they are under the same cloud service. What I need to do now is that I will use one VM only for Redis and the other two VMs need to talk to it. I don't wanna open up the redis to the whole World for several reasons and one of them is that I don't want to talk to it through the load balancer. I want my VMs to talk to it directly (as explained here: Bypass the load balancer when communicating servers between each other).
I consider using MSOpenTech implementation of Redis. Any I idea how I can configure a structure like this?
Running Redis on A Windows Azure Virtual Machine (Windows or Linux) is exactly same as any other machine so I don't think you will met any problem there.
If you have one instance of Virtual Machine it is not configured through Load Balancer and you can see that when you will add endpoint to your VM. Only if you have more then 1 instances of a virtual machine, and then you add endpoint, then you will have a chance to configure the load blanacer for that specific endpoint. In your case as you want to run Redis on one single VM, you are really not behind load balancer.
IF you want to have your all 3 machines talking to each other you can create a virtual network and provision all 3 machines withing this VNET so they can talk to each other the way you want.
I figured this out by trying it out. Here is the solution:
SignalR with Redis Running on a Windows Azure Virtual Machine