Azure Point to site connection Error 80070057 - azure

I created my virtual network, gateway, and certificates. I upload my management certificate and created my VPN client. I successfully installed the VPN client. When I attempt to connect I get the following error:
"Custom script (to update your routing table) failed (80070057)."
Tried in 3 different computers (2 windows 7 and 1 2008 R2).
I've been looking around and found that the connection is done if I delete the SetRoute part in the .cms file installed by the client (user\AppData\Roaming\Microsoft\Network\Connections\Cm\myConection\myConnection.cms); I then have to set manually all routes and gateways. It works but it's not what I need, because I need the installer.
Any ideas?

Check your firewall or routing table on your router if you are using one, try to connect from another location to see whether it is because of your network architecture or not. if all OK and the problem not fixed, try to another range of IP in azure portal for you VPN subnet, sometimes it has conflicts with your local network.

Related

Azure hybrid connections "No such host is known"

I have a simple Asp.Net Core Azure Web App that needs to make a http get request to an on-premise Rest service. This Rest service is hosted on IIS with bindings set only for port 443. I've setup a new Hybrid Connection in Azure and added it to the Web App. At the on-prem side, I've installed Hybrid Connection Manager and entered the connection string for the Hybrid Connection - this now shows as "Connected".
Problem is, when executing the line of code that makes the get request, the following error is thrown:
System.AggregateException: One or more errors occurred. (No such host is known) ---> System.Net.Http.HttpRequestException: No such host is known ---> System.Net.
There's an interesting blog post here: Microsoft Blog which states that the connections should be setup without using the fully qualified domain name (FQDN) - server name suffixed with organisation.co.uk. However, as far as I can tell, the SSL certificate for the Rest service requires the FQDN - otherwise it presents the error
There is a problem with this website’s security certificate
Does anyone know how to troubleshoot and work around this problem?
The first error is probably a DNS issue. As that blog mentioned
If you are using a fully-qualified domain name, you need to ensure
that it’s a name that can be resolved within your local network. (In
some cases, customers are running DNS in the local network, and it’s
that local DNS service that resolves the name.)
So, If you have to use FQDN in the connection string for the Hybrid Connection. You could use an FQDN which only could be resolved by local DNS service.
Alternatively, you could try to edit the hosts file to make DNS lookup preferably inside the on-premise network. Add a line in Rest service server hosts file (located in %WINDIR%\system32\drivers\etc) mapping the IIS server's IP to a name.
For example:
192.168.0.50 serverFQDN
More details, Refer to this.

Prevent client from using internet via my RRAS VPN

I have a windows server 2016 running in Azure with RRAS VPN + NAT.
I use this RRAS VPN to be able to RDP to my other VM's in the virtual network.
However, when I connect my client (windows 10) computer to the RRAS VPN, my internet will stop working on the client (because internet access is blocked on the RRAS VM).
How can I prevent the client from trying to use the internet that my RRAS VPN VM provides? I tried disabling the use-default-gateway checkbox, but then I can no longer connect to my other VM's in the virtual network.
Thanks!
According to this link it seems that when you disable the "use-default-gateway checkbox" that the default routes are not added to your machine. In specific:
If “User default gateway on remote network” is turned on, the VPN client on successful VPN tunnel connection adds the default route on VPN interface with highest precedence. This way all the IP packets (except those destined to local subnet) go to VPN server. If this parameter is turned off, the default route is not added on VPN tunnel. This scenario will require user to add specific network specific route on the VPN interface – in order to reach the corpnet resources
So, you are left with editing your routes manually to ensure that they work. You can do this pretty easily in windows by working with the route table. The following article gives the basics of how to set this.
Essentially you will want to run something like this:
route ADD <azure network> MASK <azure mask> <azure gw ip>
After you have done this, you should be able to use the internet (via your local configuration) and access to your Azure servers (via the route you created above).

Enable local Internet when connected to Azure VPN via VPN Client

I have an Azure (Classic) VNet with Point-to-Site enabled. I went through uploading a certificate and downloading the VPN Client. When I connect to the VPN, I am able to access all my resources fine, but this disables my local Internet access.
I found and went through this article which seemed applicable (if very cumbersome): http://www.diaryofaninja.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage
I am unable to connect using the custom connection I created with it as it tells me the certificate is incorrect (though the .pbk it is based off works fine).
I suppose I could jump through some hoops to get internet to pipe through the VPN, but I really don't want that. I need to be able to hit the VMs in my VNet from an application that I am running locally, and I want to be able to pull the CDNs in over my local internet connection.
This shouldn't be this hard, should it?
Thanks,
~john
Have you ensured that the VPN address range you have defined in Vnet doesn't overlap with your LAN IP ranges? Say if your local workstation has private IP range in 192.168.x.x range, you can try setting VPN address range in 172.16.x.x range.

How to setup a Azure VPN on the client side for internet access purposes (Google behind GFW)?

I'm trying to setup a VPN for internet access purposes (I'm in china behind the the great firewall) but I'm not an networking expert.
Someone out of China who has an Azure subscription created a package for allowing me to connect to that VPN with the related pfx certificate and so far everything, seems to be good, the connection can be achieved with a server located in Europe, the VPN server is 172.16.0.1 the VPN Client is within a range 172.16.0.X.
About the package creation he followed: http://blogs.msdn.com/b/kaevans/archive/2015/06/05/configure-a-point-to-site-vpn-connection-to-an-azure-vnet.aspx
However, when I'm connected to the VPN I do not have any way to access to Google, I'm struggling to affirm whether it is a configuration on my side or just the GFW that is messing up. I'm struggling about my configuration cause it seems that there is no real connection with that newly defined connection:
I can ping the related server server when I'm connected to the VPN but there is no way to get access to google.com, however the DNS resolution name lookup seems to work at least.
Being connected to the VPN the lookup operation gives a me an appropriate result
and while I'm not connected to the almighty VPN:
I can still ping the VPN server when connected and vice versa when I'm not, which is quite normal:
Is there any way to check and settle that the internet access is passing through the VPN? I'm also thinking whether this can result from a routing issue, but when checking route print I obtain the following list, but I don't really see anything wrong:
Unfortunately Azure VPN Gateway drops any packets destined for the internet. It is not supported.

How do I connect to an AD domain controller in Azure?

I'm working through an Azure tutorial on MSDN as suggested by #BrentDaCodeMonkey. Basically, I'm trying to learn how to set up a Windows domain, so I can use it for a some other SQL Server tutorials. See my previous question here.
I'm running into a problem where I cannot connect my servers to my Active Directory Name Controller. When I try to add my domain name to the server in System Properties, I get an error message instead of the Windows Security popup dialog.
An Active Directory Name Controller (AD DC) for the domain "corp.ejm.com" could not be contacted. Ensure that the domain name is typed correctly. [...] The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Name Controller (AD NC) for domain "corp.ejm.com"; The error was: "This operation returned because the timeout period expired."
Note that I am able to verify the DC's IP address, with nslookup in the command prompt.
Complicating this issue is that the tutorial instructions don't exactly match what I'm seeing in Azure. For example, I'm not allowed to use Windows Server 2008 R2 SP1 when setting up SQL Server virtual machines. I had to use Windows Server 2012 for those, but still used 2008 for the DC. I thought that the problem might be a conflicting operating systems, so I tried running the tutorial again using Windows Server 2012 for everything. Same error message.
Also note: the tutorial says that I should use the example domain, corp.contoso.com. I used my own example domain instead, corp.ejm.com. I'm wondering if this has something to do with it. My example domain is not registered on the Internet.
Connect to the DC VM and find out its IPAddress (10.*).
Go to the virtual network configuration and set the DNS server IP Address to that.
Also make sure you use this IP Address during step #8 in install SQL VMs section.
Now try joining the SQL VMs to the domain.
Hope this helps.

Resources