Just installed azure connect on my localhost, but it won't connect. I see my machine dbates-HP as a active endpoint in my vistual network/connect section on my azure portal and organized it into a group.
I can see in the azure connect portal that the machine endpoint is active, and that it refreshes since the last connected updates.
My local connect client lists the following diagnostics messages:
Policy Check: There is no connectivity policy on this machine.
IPsec certificate check: No IPsec certificate was found.
Also tried with firewall turned off.
Duncan
In some scenarios getting Windows Azure connect to working becomes very complex. I have worked on multiple such scenarios and found most common issues are related with network settings. To start investigate you need to collect the Azure Connect logs first from your machine and try to figure the problem out by yourself. I have described some info about collecting log here:
http://blogs.msdn.com/b/avkashchauhan/archive/2011/05/17/collecting-diagnostics-information-for-windows-azure-connect-related-issues.aspx
To open a free Windows Azure support incident please use link below:
https://support.microsoft.com/oas/default.aspx?gprid=14928&st=1&wfxredirect=1&sd=gn
Have you "linked" your Azure role with the machine group you created? The message "There is no connectivity policy on this machine" suggests that you haven't defined (in portal) to whom this machine should connect to.
Related
My team have created an IR in an on-premises VM and we are trying to create a Linked Service to an on-prem DB using that IR
Whenever we click on Test Connection in the Linked Service, the connection fails and IR goes into a limited state
We also whitelisted the IPs provided by Microsoft for IR ADF and also checked the network traces and all seems fine there
Also, we stopped and restarted the IR, uninstalled and installed it again but still the problem resists
Have anyone faced a similar kind of issue?
As this has been a long time we are facing this issue which has now become a blocker for us
Thanks!
This is observed when nodes can't communicate with each other.
You can Log in to the node-hosted virtual machine (VM). Go to Applications and Services Logs > Integration Runtime, open Event Viewer, and filter the error logs. If you find the error System.ServiceModel.EndpointNotFoundException or Cannot connect to worker manager
Follow the official documentation with detailed steps for Troubleshooting Error message: Self-hosted integration runtime node/logical self-hosted IR is in Inactive/ "Running (Limited)" state
As it states:
try one or both of the following methods to fix:
- Put all the nodes in the same domain.
- Add the IP to host mapping in all the hosted VM's host files.
I ran into same issue. Our organization has firewall rules preventing specific ports or url's from outside network. We added Data factory services tags with internet facing in Route table, and IR then connected successfully.
I am trying to migrate a VM from VMWare to Azure portal. the VM appliance is configured . But the hosts are not recognized . What is the solution for this.
When you mention 'Hosts are not recognized', are you unable to discover them via the Portal? or do you receive any specific error message? Are you using agentless or agent-based migration? Please do more details on your scenario:
Couple of things you could try to isolate the issue:
Review the "Status" in the Azure Portal.
If this doesn't work and you're discovering VMware servers:
Verify that the vCenter account you specified has permissions set
correctly, with access to at least one VM.
Azure Migrate can't discovered VMware VMs if the vCenter account has
access granted at vCenter VM folder level. Learn more about scoping
discovery. Kindly review the requirement and common app discovery errors to tackle any errors you may be receiving.
I have looked for documentation on the right set of steps to get an agent within our network to deploy to a service fabric cluster (also within our network) using gMSA.
The error received is "##[error]Could not ping any of the provided Service Fabric gateway endpoints."
The same agent can connect to the cluster using PowerShell just fine. What's worse, there is a development cluster on the agent itself and it cannot even connect to that.
There is nothing about how to ensure an on-prem agent can connect to an on-prem machine if using the online version (Azure DevOps) and gMSA for the Service Connection. If anyone has had success in this area or has pointers to better documentation, it would be greatly appreciated.
I'd think your agent service needs to run under the gMSA identity, not under system identity or network service. reinstall it\reconfigure it to use gMSA identity and it should work
In Azure, I turned on IP restrictions for:
Web App (Networking > Access Restrictions)
SQL server (Firewalls and virtual networks > Add client IP)
SQL database (Set server settings)
The solution still builds locally and in DevOps (aka Team Foundation Server).
However, Azure App Service Deploy now fails:
##[error]Failed to deploy App Service.
##[error]Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer
("MYSITENAME.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer.
Error: The remote server returned an error: (403) Forbidden.
Error count: 1.
How can I deploy through the firewall?
Do I need a Virtual Network to hide Azure resources behind my whitelisted IP?
The REST site scm.azurewebsites.net must have Allow All, i.e. no restriction. Also, Same restrictions as ***.azurewebsites.net should be unchecked.
It does not need additional restriction because url access already requires Microsoft credentials. If restrictions are added, deploy will fail the firewall, hence the many complications I encountered.
I think the answer is incorrect as you might face data ex-filtration and that's the reason Microsoft provide the feature to lock down SCM portal (Kudu console)
There is also a security issue on Kudu portal as it can display the secret of your keyvault (if you use keyvault) and you don't want someone in your organisation to access the Kudu portal for example.
You have to follow this link
https://learn.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops
It will provide you Azure DevOPS IP range that you need to allow on the SCM Access restriction.
Update: To make it works as expected and to use App Service Access Restriction (same for an Azure Function), you need to use the Service Tags "AzureCloud" and not the Azure DevOPS IP range as it's not enough. on the Azure Pipeline logs, you can see the IP blocked so you can see that it's within the ServiceTags "AzureCloud" in the Service Tags JSON file
It's not really clear on the MS Doc but the reason is that they struggled to define a proper IP range for Azure DevOPS Pipeline so they use IPs from AzureCloud Service Tag.
https://www.microsoft.com/en-us/download/details.aspx?id=56519
In my case I was deploying using Azure DevOps and got the error. It turned out the app service where my API was being deployed to, had the box checked "Same restrictions as xxxx.azurewebsites.net", under access restrictions or IP restrictions. you need to allow scm.azurewebsites.net.
Try adding the application setting WEBSITE_WEBDEPLOY_USE_SCM with a value of false to your Azure App Service. This was able to solve my issues deploying to a private endpoint.
In my case it was because the daily quota was overpassed.
So the solution in this case is either wait or pay more (scale up) the app service
In my case this was because the wrong agent (Windows Hosting) was being used when I should have been using a self hosted internal agent... so I needed to change it at the following location
I have been following this example
http://www.windowsazure.com/en-us/develop/net/tutorials/web-site-with-sql-database/
and I could not connect to windows azure database. It gives me the following error
"A network-related error occurred while establishing a connection to SQL Server. The server was not found or was not accessible."
I have the IP address set, and made a firewall role already.
Any ideas :(
First test whether your ISP (Internet Provider) or corporate system administrator is not blocking outgoing connections on port 1433! This is very common issue with accessing SQL Azure from own laptop/computer.
To test firewall setting just navigate to the web management portal for your SQL Azure Instance. It has a default address:
https://[your_server_name].database.windows.net/?langid=en-us
This will open web management (Silverlight) portal for your SQL Azure Server. You can use to test whether you have correctly configured Firewall Rules on the Azure side. If you have done so, you will be able to log-in from the browser. Note that even if it uses the browser the management portal still respects the Firewall rules for the SQL Azure database.
If cannot log-in from the SQL Azure management portal, then check again your real IP address and make sure it matches the firewall rules.
If you can login from the portal, but not from Visual Studio - then check with your system administrators (or Internet provider support line) whether they have blocked outgoing connections on port 1433. If this is the case you cannot do anything, but just work from the web portal.