Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 7, 2016 8:31 PM
I've just provisioned a RHEL7.3 box but I'm unable to use yum as it's stuck trying to install policycoreutils-python from the provisioning script.
I did attempt the RHUI Infra update script as suggested in [1] however curl also timed out in this script when fetching azureclient.rpm.
I also tried hitting rhui1 through 4 through my browser on my machine, but they all failed to respond.
[1]: https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-update-infrastructure-redhat
Edit: I can also access http://www.google.com and http://www.microsoft.com with no issues from the server
All replies (6)
Thursday, December 8, 2016 1:26 AM
Hello,
Please confirm the followings.
• The VM can only access the RHUI with Azure assigned public IP address, so please make sure the traffic from VM is sent to Internet WITHOUT any intermediates, such as proxy, VPN gateway and so on. These intermediates may alter the source IP address of packets from VM.
• If the VM is behind a firewall, such as Azure NSG, Virtual Firewall from third-party, please make sure following IP addresses are whitelisted.
# Azure Global
13.91.47.76
40.85.190.91
52.187.75.218
52.174.163.213
# Azure US Government
13.72.186.193
# Azure Germany
51.5.243.77
51.4.228.145
Best Regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, December 9, 2016 5:07 PM
Hi Andy
Thanks for your reply, just to double check I've added explicit outbound rules over HTTP and HTTPS for all 4 Azure Global RHUI endpoints. Using nslookup on the RHEL box itself I get 52.174.163.213 for all rhui-*.microsoft.com endpoints.
Using curl as a test, I can easily receive HTTP respones from "http://www.google.com" and "http://www.microsoft.com".
Example:
[jake.hendy@jakehendy-prod ~]$ curl "https://www.microsoft.com" -sv
* About to connect() to www.microsoft.com port 443 (#0)
* Trying 92.122.218.59...
* Connected to www.microsoft.com (92.122.218.59) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=www.microsoft.com,OU=One Microsoft Way,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
* start date: Oct 26 00:00:00 2016 GMT
* expire date: Oct 27 23:59:59 2018 GMT
* common name: www.microsoft.com
* issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.microsoft.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache
< ETag: "6082151bd56ea922e1357f5896a90d0a:1425454794"
< Last-Modified: Wed, 04 Mar 2015 07:39:54 GMT
< Accept-Ranges: bytes
< Content-Length: 1020
< Content-Type: text/html
< Date: Fri, 09 Dec 2016 17:07:24 GMT
< Connection: keep-alive
<
<html><head><title>Microsoft Corporation</title><meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7"></meta><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta><meta name="SearchTitle" content="Microsoft.com" scheme=""></meta><meta name="Description" content="Get product information, support, and news from Microsoft." scheme=""></meta><meta name="Title" content="Microsoft.com Home Page" scheme=""></meta><meta name="Keywords" content="Microsoft, product, support, help, training, Office, Windows, software, download, trial, preview, demo, business, security, update, free, computer, PC, server, search, download, install, news" scheme=""></meta><meta name="SearchDescription" content="Microsoft.com Homepage" scheme=""></meta></head><body><p>Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:<a href="http://www.microsoft.com/en/us/default.aspx?redir=true">United States English Microsoft Homepage</a></p></body></html>
* Connection #0 to host www.microsoft.com left intact
Monday, December 12, 2016 12:23 AM
Hello Jack,
Thanks for the update.
According to your test, the firewall should allow the outbound traffic for HTTP and HTTPS.
I have another question, how does the VM get to the Internet?
Does it go to Internet directly, or it connects to your on-premise network via Site-to-Site VPN first, and then goes out to the Internet through the on-premise Internet line.
If the latter, the original source public IP address of traffic from VM may be altered, and the RHUI will deny the traffic, because the VM can only access the RHUI with Azure assigned public IP address.
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, December 13, 2016 10:31 PM
Hello Andy
Thanks for your reply.
VM goes straight to the internet. Traceroutes to any website timeout while I can actually curl the site. The public IP addresses are in the UK South region, is it possible RHUI is not available for UK South?
Thanks,
Jake
Tuesday, December 13, 2016 10:48 PM
Spun up a new VM in EU West, pretty much the same configuration. Works fine...
Wednesday, December 14, 2016 12:45 AM
Hello Jake,
I created a VM in UK South, and it also can't reach to RHUI infrastructure. I recommend to create a support request by clicking the link below.
https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview
Regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].