I'm facing strange problem in Azure, I'm having 3 VMs (Domain Controller, Application server and Database Server). I've joined the 2 servers correctly to the domain Controller.
after a while i discovered that I'm not able to ping from one o the servers (DB Server) to the other servers. it reply Destination host unreachable and connection time out.
the other 2 servers are working fine between each other but not the third one.
to investigate I tried
1. Shutdown the firewall on the 3 machines. No luck
2. enable the ping rule in the firewall. No luck
3. I'm not able to telnet from this server to the RDP port to any of these servers, while I'm able to do so from the other 2 servers.
4. I tried nslookup command to see if I can communicate with the DNS Server or not. it fails with time out
Keeping in mind that
1. the 3 virtual machines are in the same virtual network and same sub-net.
2. I'v added the DNS server to the DNS Servers in the Azure Portal.
any help ?!
Sounds like perhaps the you have a machine that's no registered with the DNS server. You should be able to check this by doing an nslookup -all to get details on the machine's DNS settings. Make sure its resolving to the proper DNS machine.
It seems that the Public Endpoints are down in state so telnet and ping won’t work. you can try to recover this machine by following the steps in this blog post http://blogs.msdn.com/b/mast/archive/2014/11/20/recovering-azure-vm-by-attaching-os-disk-to-another-azure-vm.aspx
Hope that helps.
Related
So a little background of what I'm trying to accomplish. I'm basically trying to setup a Windows File Server using GCP VM Windows Instance. I have the VM setup and I have created a VPN connection between our office network and to the GCP VM network.
Now I'm trying to communicate between the two different subnets and I have to admit I'm kinda lost.
My office subnet is 192.168.72.0/24 and my GCP IP is 10.123.0.0 with my server being at 10.123.0.2
If I understand networking correctly I need to setup a route between 192.168.72.0 to 10.123.0.2? Or do I just need to create a firewall rule?
I'm using a SonicWall Firewall to establish the VPN connection to the GCP network.
I think I've been working at this too long for one day. I'm steaping away for a bit.
Thanks in advance.
If you set up a Site to Site, you should not need to include a route, you will if you setup a Tunnel Interface. But to me, it sounds like you just need to do a site to site. I dont think the tunnel will come up without the correct subnets, but just verify that the tunnel is up and then I would setup a packet monitor to see what route the traffic is taking when you try to ping from 192.168.72.0/24 to IP is 10.123.0.0.
I have a server that has both Apache and IIS running simultaneously.
Both apps are configured on different ports and both apps use HTTPS.
The app on Apache (port 433) is accessible on any computer on the network, but I can't get the IIS app (port 4433) to work. It says: This site can’t be reached
I can ping the server.
I'm trying to access both websites with IP address of the server and port after it.
The IIS app works on the server, both with localhost address and server IP address.
I have tried all the solutions I found:
1. disabling firewall
2. allowing just the port I needed through the firewall
3. allowing anonymous access in IIS
4. different ports (4433, 7200...)
Nothing seems to work.
I will be grateful for any help.
I assume your IIS binding looks something like this:
Specifically, "All Unassigned" for the IP address, and no host name defined.
If that is what you have, then it sounds like a firewall problem. i.e. The traffic is not reaching your server.
The easiest way to check this is to turn off Apache and change the IIS binding to use port 443. If it works, then you know it's just the other port that doesn't work.
You can also use something like Wireshark to actually see if any traffic on port 4433 is making it to your server (you can use the filter tcp.port == 4433). If you don't see any traffic there even though you've made a request from another computer, then something is blocking it.
And when I say "firewall", I don't mean Windows Firewall. I mean either a router or dedicated firewall appliance that would need to be configured to allow traffic to that port.
I have a bit of a bizarre problem. I have a Hyper-V VM and I cannot connect to it via IP address on the host computer.
I intend to use it as an SQL server to host a database for a website while I test it, and the first step I can see in this endeavour is to make sure the IP addresses work externally.
Other PCs on the LAN appear to be able to connect just fine via the IP address on Remote Desktop. I cannot do so. I also cannot connect through SQL Management Studio (named pipes or TCP/IP). Although named pipes gives an error relating to being denied access as opposed to IPs which are just not found.
I have tried pinging both ways:
VM => Host : Always gives a "Destination Host Unreachable" error
Host => VM: Always gives a "Request Timed Out" error
As for netstat -a -n, I can see that the VM is listening to 3389 (default Hyper V port, which makes sense).
Regarding Firewalls, all have been turned off on all machines. I can tell that the firewall is not the issue.
If you need any more information to help me to diagnose and treat the problem, please ask me as I would like to get this sorted as quickly as possible.
Thanks a lot in advance.
Which windows server version do you use?
Windows Server 2016 blocks insecure RDP connections (https://support.microsoft.com/en-us/help/4295591/credssp-encryption-oracle-remediation-error-when-to-rdp-to-azure-vm).
Since RDP uses CredSSP you have to install the current Windows Patches.
Do you can ping the DNS server by IP address from your VM?
Is ICMP (ICMP = the thing you need for ping) on your host enabled?
Here is a Checklist for ICMP:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc749323(v=ws.10)
Solved,
Just switched to another physical computer and it was fine.
On my computer I have deployed my web site on IIS. If I access this website locally with :8080 works perfect, but when I try to access this site from another machine or my Android phone I get 'The site can't be reached. my_ip_address took too long to respond ERR_CONNECTION_TIMED_OUT –' this error.
I have tried solutions from this question, but nothing worked for me. Need some help!
There are few factors which can affect the accessibility of the site hosted on your local computer:
Is the client machine (including your phone) in the same network as the Server (In this case your site)
Is the firewall configured to allow connections on port 8080
Have you tried accessing the server using the IP Address. For e.g. http://192.168.0.1:port
Steps to isolate
Ping the server Ip from the client machine and see if it is able to connect to it.
ping 192.168.0.1
If the above fails, then I would assume that you are not on the same network. If it succeeds then check if the port is open.
You can also use nmap to see whether the ports are open or not
nmap -p 8080 kaushal.com
If the above fails, then open the port in your Firewall configuration and then try again.
Try this and share the results.
I did a script that launch several amazon instances with the same security group which is the default one, with ICMP and all the TCP/UDP connection allowed... so no firewall problem.
I am running an ubuntu 11.4 64 bits ami working fine.
Usually in the bunch of machine I launch some do not respond to any ping or telnet connection. They can ping other machines but cannot be pinged. The other machines can ping each other in two directions without any problem, but usually one or two just don't respond to any ping. There is no difference in the way I launch them, so I don't understand where this bug comes from...
How to avoid this problem and recover from it without restarting the EC2 instance?
Thanks a lot tender developpers :D.
try this
Log into AWS account.
Click on Security Groups. Choose the required security group.
Click on the Inbound tab.
Create a new rule:
Custom ICMP rule
Type: Echo request
Source: 0.0.0.0/0
0.0.0.0 will allow everyone to ping your server. You can specify your own addresses if you want.
Assuming all the instances you launch have the same security group and same ami, you need to contact amazon about this.
https://forums.aws.amazon.com/thread.jspa?threadID=22640