I'm trying to access my ACS instance from ADFS v2.0 inside a VM on Azure - only, it doesn't resolve the address:
https://myacsname.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml
Playing around it seems like it won't resolve sites like http://windowsazure.com either. However I can get to many other sites just fine (Microsoft.com, Bing, Google, etc.)
Anybody come across this before?
Kind regards,
Nick
Edit: It seems like this only occurs on VMs that are using my own DNS (which I setup with the AD DS role). What needs to be changed from the default configuration for my DNS to get these particular sites?
Aha! Figured it out, I think.
I setup my forest with the root domain 'cloudapp.net' after following a tutorial.
When I installed DNS it took control of name resolution for any sites hosted on Azure (cloudapp.net). Removing cloudapp.net from the Forward Lookup Zones fixed this for me (though I expect it will break something with AD?). Perhaps it would be better to use a different root domain.
Have you looked to set up your own Virtual Network? I solved this before using/controlling my own DNS servers. This allows you to route traffic with the DIP (private network) or VIP (routing through outside the data center).
Good info here:
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/AZR209
Related
everyone.
I recently bought a domain on azure and I can't bind it to an app service (web app).
When I try to bind a domain it says "App Service Domain is in a broken state. Please navigate to the App Service Domain resource and delegate to Azure DNS before adding hostname."
When navigating to the domain at https://resources.azure.com, it looks my dnsZoneId is assigned to another resource group and I don't know how to change it.
I tried to delete the DNS zone and recreate it but I can't bind the dns back from https://dcc.secureserver.net
Can Anyone help me please?
Thanks in advance
Newest
About how to change your dnsZoneId to another resource group, you can read this post. I think it useful to you.
PRIVIOUS
Under normal circumstances, this problem does not occur, because when you successfully purchase a domain in azure, all information and services of the domain name are hosted on azure.
There is a similar case here, you can refer to it. May be helpful to you.
If there is a problem, I guess the reason is:
Some of your misoperations may cause the domain name service or settings to be configured incorrectly, making it unusable. (This probability is relatively low)
It may be the domain management service of azure, there may be a problem in your region. It may take a while to try again, or transfer the domain name to godaddy for management. (The reason for this is because I have encountered it in godaddy before, but it was solved after migrating the domain name to Tecent in China)
If the above operations have been tried and cannot be solved, please raise a ticket in the portal for help.
I set up a simple asp.net web forms test site for learning Azure, with a simple DB. Works fine locally. I deployed it to Azure. Then went through learning curve on the need to separately deploy the DB, link the resource, check connection strings and so on.
There's an issue, where the program on the site gets an error. I'm going through many paths to try to diagnose it. This question is about one specific path.
Several articles say that for the website to use the DB, I have to add the IP address of the website to the allowed IP addresses of the DB server.
https://azure.microsoft.com/en-us/documentation/articles/sql-database-create-configure/
However, I can't find the IP address for my FREE Azure website. When I researched this, it looks like there is no available fixed IP address for free websites.
So either:
1) I need to know where to get the IP address for the free website, or
2) there is some way to use Azure SQL in free websites without having to
designate an allowed IP address, or
3) something completely different.
Any help with this would be appreciated.
Thanks!
UPDATE: Below is all I see on the database configuration page, i.e. no firewall rules. However, I became convinced that the "Allowed IP Address" requirement must be finessed automagically in Azure, and so that was likely NOT the problem, which made me look more closely at the connection string, which WAS the problem. Basically one day of newbie learning curve, which I'll have to sleep on and try to understand more tomorrow.
There's an option to allow Azure services when you configure the database firewall. Check if that's checked. Also, posting the actual error message will help.
You don't need to do that for things that are hosted within the Azure platform.
Under the Azure SQL Server Firewall (Preview Portal) settings, ensure that the Allow access to Azure services is turned on:
Alternatively, via the Old Portal, the setting is found via:
Databases -> Servers -> Configure
I configured two AD controllers and a WINS server in Azure each with static IP's and then turned them off for the weekend. Now that I turn the machines back on, all of the NIC's are setup to obtain an IP automatically.
When I go back into the NIC and reconfigure it for a static IP, I get an error message that the IP address I entered for the network adapter is already assigned to another adopter which is no longer present in the computer. Then it asks me if I want to remove the static IP configuration for the absent adapter.
What is happening here? Is there something I am configuring incorrectly that forces my configured static NIC's to change? Do I want to answer yes and reconfigure the card yet again, or is there a better way to go about this.
Thanks.
I'm going to answer my own question just in case someone is doing a network search looking for an answer and winds up here.
The issue centers on, for me at least, the differences between what is required for setting up bare metal AD environments as opposed to AD environments in Azure. In bare metal we are used to configuring inside of the NIC. In Azure, you work in two places. You create your AD's with DNS and then you use the Azure powershell to configure the AD controller's static IP and then you go back to your virtual network and register the DNS servers that were created.
There are some things happening behind the scenes in Azure that make this work. So, just create your AD's with DNS. Get the IP that was assigned by DHCP and register it with the Azure powershell and then list the name of the AD and it's IP in the virtual network and you are done.
Hope this helps.
We're thinking of changing our web hosting plan mode from Shared to Standard but are not sure what will happen with the dns registrations I've set up for my sites. Would a move result in a new ip-adress forcing me into changing all my dns-registrations?
If you are using a custom domain (e.g. www.yourdomain.com) and pointing that via a cname to the actual Azure url (e.g. yourproject.azurewebsites.net) then you shouldn't need to change your dns. If you are pointing to an IP then you may have to change your dns.
Really depends on how you have setup your dns currently, could you elaborate on the records you have?
There is a good article on the Azure help area discussing this very topic:
http://azure.microsoft.com/en-us/documentation/articles/web-sites-custom-domain-name/
Check out the 'CNAME or Alias record' section in particular.
Use CNAME records instead. That way you don't have to worry about it.
Is it possible to use an Azure virtual machine that's setup as a domain controller to manage virtual machines hosted on other Azure subscriptions?
Personally I have never tried this before, but do not immediately see an issue with it.
I assume your Domain Controller is deployed using Microsoft's guidelines including assigning a static IP address?
With the ability to connect one VNet to another VNet (See: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-configure-vnet-to-vnet-connection/) you can create the required network connectivity.
What you probably need to do is use your own DNS server for name resolution (See: https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-name-resolution-for-vms-and-role-instances/) in all connected VNets. I would recommend running DNS on your Domain Controller.
One thing to consider however is the generated traffic for authentication and name resolution. Do know that Azure is charging for traffic traversing from one Azure region to another.
Hope this helps you moving forward.
in this scenario is it required to create DNS server per subscription or one DNS server is enough for multiple subscription.