Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, December 4, 2018 7:51 PM
I have a windows VM setup and added an inbound port rule allowing communication on port 80. However when I try navigating with the public ip address I cannot connect. So I connected to the VM and setup a test Hello World HTML file. I am able to successfully navigate to this via localhost/test. However when I go to {public ip address}/test I still get connection issue.
Any thoughts?
All replies (13)
Tuesday, December 4, 2018 11:00 PM âś…Answered
Creating a second VM and trying again would be an option to see if it is something with this specific deployment.
Maybe try something like this link to ensure the correct settings are in place
/en-us/azure/virtual-machines/windows/tutorial-iis-sql
You can also check if their is a NSG on the Subnet level instead of just the NIC level.
To do that you go to the VNET associated with your VM -> Subnets
From there you can see if there is a NSG on the subnet. If there is the Subnet NSG will override the NIC NSG and could block traffic.
You can also try connecting from a different network. If you are trying to connect from a company network sometimes particular settings can prevent access to Azure VMs.
Tuesday, December 4, 2018 9:04 PM
Make sure to add a firewall rule inside the VM as well to allow port 80 connections. Then you just need to ensure that the site you are hosting in the VM is listening on Port 80 as well. Without that there is nothing to respond to the HTTP request.
Tuesday, December 4, 2018 9:37 PM
I believe all of this is complete. However, to double check I changed the port on the IIS website, firewall rule and inbound port rule to use port 81. Still says connection cannot be made.
Tuesday, December 4, 2018 9:39 PM
I would check if the port is listening using PSPING
/en-us/sysinternals/downloads/psping
something like .\psping.exe PUBLICIP:PORT
Tuesday, December 4, 2018 9:53 PM
Its showing that the port is blocked: "This operation returned because the timeout period expired.". I am simply unsure why its blocked. I have add inbound port rule in the portal and added firewall rule on the VM. I've tried a number of other ports and all of them keep blocked.
By default there is a DenyAll rule but its priority not as high.
Tuesday, December 4, 2018 10:02 PM
I ran netstat -ant|findstr 81 and it shows the following:
TCP 127.0.0.1:81 0.0.0.0.0 Listening InHost
Doesn't this mean it is listening and should be picked up by telnet or psping?
Tuesday, December 4, 2018 10:19 PM
Yes it looks like it's listening.
Try turning off the Windows Firewall completely and testing the connection. This should eliminate if it is a firewall issue or not.
The deny all rule at the end is there by default as you mentioned, as long as it is the last rule to be applied it won't cause a problem.
Tuesday, December 4, 2018 10:54 PM
I turned off entire Firewall rule and no change.
I'm not really sure anymore. I may try redeploying as I've wasted hours on this.
Wednesday, December 19, 2018 8:25 PM
I got pulled away from this but started reviewing again today. When I run Network Water - IP flow verify on the VM with port 8081 it says Access Allowed. However, when I run telnet with this port is states "Could not open connection to the host, on port 8081: Connect failed". Can anyone explain this?
Wednesday, December 19, 2018 8:50 PM
Thanks for confirming and the extra info.
At this point I think we should get you in contact with a support engineer to work with you 1:1 to get this sorted out.
Do you have the ability to open a technical support ticket? If not, you can email me at [email protected] and provide me with your SubscriptionID an link to this thread.
I can enable your subscription for this request.
Wednesday, December 19, 2018 9:48 PM | 1 vote
Thank you. I just sent you an email.
Wednesday, December 19, 2018 10:56 PM
My fault. I didn't know this but our company recently changed there Firewall settings. Hence, when I tried this at home it worked! Sometimes the simplest answers are the solution. Thank you for all the help!
Thursday, December 20, 2018 1:09 AM
Thanks for the update Ben! Those pesky corpnet firewalls :)