There are many factors that can affect the connectivity between your Azure VMs, which can result in dropped network packets and intermittent connectivity problems. Many of these factors are out of your control, but there are also some issues you can troubleshoot and resolve on your own. Here are the best tips we have found to help you troubleshoot connectivity problems between Azure VMs.
Get more details about the problem
One of our customers reached out to us with a pretty simple request: Can you tell me about troubleshooting connectivity problems? When you’re trying to track down an issue, sometimes it’s best to reach out directly to someone who’s been in your shoes. So we got back in touch with them and asked what they meant by troubleshooting. Specifically, they had three questions: 1) Where do I start? 2) How do I verify if there is a network connection?
Check your network
Make sure your on-premises network is configured correctly, including making sure that all firewalls and load balancers are properly configured. Remember, all communication between your on-premises network and Azure happens over port 443. Your VPN server or appliance needs to have a public IP address assigned to it so you can verify connectivity. In addition, you’ll need to make sure your SSL certificate is issued by a trusted CA; otherwise, authentication will fail. Finally, check with your network admin because they may need to temporarily open ports 22 (SSH) and 80 (HTTP) on their firewall/load balancer to allow incoming connections from Azure endpoints.
The Ping Test
Before you go too deep into troubleshooting a connectivity problem, run a ping test to make sure it’s not just connectivity. A simple ping command can help you solve many problems—and save your organization from some pretty costly outages. If you can reach a website with an internet connection but one of your other machines or services is having issues connecting to it, that’s not a DNS issue (as most people assume). It’s most likely caused by something on your network preventing the traffic from reaching its destination. Ping works because it sends packets to another IP address and waits for those packets to get there; if they don’t arrive, either something is blocking them or they aren’t going there at all.
Check Your Firewall
When you have connectivity problems, try checking to see if a firewall is blocking traffic. In Windows, launch Windows Firewall with Advanced Security and look at rules in Inbound Rules and Outbound Rules. Check that all rules allow inbound and outbound access as needed. To check firewall rules in Linux-based systems, check your settings in iptables or ufw. Also, when troubleshooting connectivity issues between on-premises resources and Azure services, remember that firewall ports may need to be opened to allow traffic through; refer to your organization’s firewalls documentation for more information about ports used by particular services. Make sure all of these are open before troubleshooting any further!
RDP to your VM
If you’re having trouble getting a virtual machine to connect to your corporate network, there’s a good chance it’s because of networking problems. The best way to troubleshoot your connection is to use RDP (or remote desktop) to connect directly to your VM and test from there. If you get an error when you try to connect, that’s useful information! It means you have some sort of network problem on your corporate side—something about how IT has set up their virtual private networks isn’t working with what Microsoft has set up in their clouds.
Does your subnet have access to the internet?
If your virtual machine (VM) is located in a private subnet, it will not have access to internet traffic. You can still connect to other Azure resources, but you cannot connect to public IP addresses on internet or anything external. One of your network interfaces should be connected to a public subnet if you need internet access on any of your VMs. The easiest way to make sure all of your IP addresses are publicly routable and visible externally is by deploying all of them into a public subnet that has a default route back out to an Internet gateway. That will allow you access outbound and inbound on port 80 through either your VM’s external IP address or via its private IP address.
Restart Network Services
If you’re dealing with connectivity issues, one of your first steps should be to restart your network services. This will re-establish connections and flush out any lingering errors or misconfigurations that may be affecting your systems. Rebooting can also help you address issues related to OS or driver updates, network configurations, or changes made by malicious software. Check on Windows Update: Windows 10/8/7 is pre-installed with a number of networking tools, including an update system that notifies you when new drivers and security updates are available. On other operating systems, if you see a notification from Windows Update in System Tray, it’s likely an application called Automatic Updates is at work—which means another potential source of connectivity problems.
Run Remote Desktop as Administrator
Whether you’re logging into your PC remotely or a server, sometimes you need to run Remote Desktop as an administrator. By default, remote desktop connections run as a standard user on your host machine. That means that when you log in via remote desktop, you’ll have limited access to system files and settings. If you encounter problems connecting to Windows services that require administrator-level permissions, one fix is simply adding yourself (or your user account) to the local Administrators group on your host computer. Just don’t forget to log out of any other accounts on that machine and close down all apps before restarting your computer—that way it will be easier to troubleshoot what caused any problems with your connection in the first place.
Check Application Logs
If you’re having problems establishing a connection with your VM, start by looking at its logs. When you’re inside an Azure region, logging is enabled on new resources automatically. These log files will give you an idea of what’s happening from a high level; try searching for common error messages in Google to see if it’s anything that might help solve your problem. If something looks fishy, double-check the connection string and make sure everything is spelled correctly. Finally, search Stack Overflow and check out forums where other people are talking about VM connectivity problems—you might get some helpful advice!
Ensure that you can resolve DNS names from other clients
DNS resolution is an important part of network connectivity. If you can’t resolve DNS names, then your clients can’t communicate with each other. One common issue that people encounter with resolving DNS names from other clients is duplicate IP addresses. For example, if you run two instances of a virtual machine in Azure using Dynamic Host Configuration Protocol (DHCP), then both machines will likely get assigned the same IP address automatically. When one of those machines tries to connect to another client on its local network, it may be unable to do so because all packets destined for that IP address are also going to reach your VM – which will obviously cause problems. To fix this, use cloud-init scripts or custom scripts in your VM before turning on DHCP or allowing other clients access via NAT.
English
0 Comments