Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Troubleshoot Azure Inbound Security Rule Not Working

Tags:

dns

azure

I created a new Windows Server 2012 R2 virtual machine in Microsoft Azure. Among other things installed on that virtual machine is a web site hosted in IIS, but I can't seem to get IIS on that server to respond externally.

I am using the Resource Manager, so on my Public IP Address, I configured the DNS name (from Configuration), so the full DNS name is myapp.eastus2.cloudapp.azure.com where myapp is my actual app.

Then, on my Network Security Group, I added an Inbound security rule with the following settings:

  • Name: HTTP
  • Priority: 1020 (there are no conflicting rules higher in priority)
  • Source: Any
  • Protocol: Any
  • Source port range: * (it was 80, but changed it after reading this post: Connection timeout port 80 on new Azure VM with NSG rules configured, but I would still think 80 should work)
  • Destination: Any
  • Destination port range: 80
  • Action: Allow

It doesn't matter if I try to access it by DNS name or the IP directly, I just get a timeout error. I can navigate to the web site on the local machine using either the machine name (e.g. http://myapp) or localhost. I also cannot navigate to the web site from the local machine using the full name (e.g. http://myapp.eastus2.cloudapp.azure.com).

Moreover, I'm really at a loss as to where to even troubleshoot this. Clicking on the Audit Logs only seems to show actual edits to the item (makes sense) and I did turn on Diagnostics for the NSG (like in this article: https://github.com/Azure/azure-content/blob/master/articles/virtual-network/virtual-network-nsg-manage-log.md), but it doesn't seem to be logging anything when I hit the endpoint (there are no new blobs in my storage account).

Anyone have any ideas?

like image 833
Paul Haag Avatar asked Apr 04 '16 22:04

Paul Haag

People also ask

How troubleshoot if the user is unable to connect to Azure VMs?

Quick troubleshooting stepsCheck Network Security Group rules / Cloud Services endpoints. Review VM console logs. Reset the NIC for the VM. Check the VM Resource Health.

How do you add an inbound security rule in Azure?

Create an inbound security ruleSelect your new network security group. Select Inbound security rules from the left menu, then select Add. You can limit the Source and Source port ranges as needed or leave the default of Any. You can limit the Destination as needed or leave the default of Any.

1 Answers

It definitely was the NSG. Thanks to Michael B for suggesting I disassociate it. When I did that, everything started working. However, that didn't answer the underlying issue. I found, eventually, that deleting the rule and recreating it with exactly the same values worked. Go figure.

like image 66
Paul Haag Avatar answered Sep 20 '22 02:09

Paul Haag
Sign in to Comment

Related questions

Good example of combining WPF + WCF + Entity Framework [closed]
Azure Queues Creation Best Practice and Scale
Uploading a file to storage on Azure using cmdets
MongoDB on Azure: VM or Worker role?
ServiceBus RetryExponential Property Meanings
Azure blob storage: Shared access signature for multiple containers?
Cannot connect to Azure Ubuntu VM - Public Key Denied
Putting message into azure queue
Azure Cloud Service Deployment
HDInsight: HBase or Azure Table Storage?
"To sign into this application the account must be added to the domain.com directory"
How to get Hangfire started ("always on") in Azure shared hosting?
Azure Mobile service : where is application key
Hit Highlighting in Azure Search Service
Verifying JWT from Azure Active Directory
Azure WebJobs: Is it possible to retrieve the Host Url programmatically in the console app?
how to schedule a stored procedure in AZURE
How to change a clustered index in Entity Framework 6.1 Code First model and apply it to an Azure database
Design in Query Editor disabled for Azure databases
Unable to get Azure storage key from storage resource in ARM template

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!