Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Thursday, August 8, 2019 9:59 AM
Hi All, I am new in Azure platform. We have 2 issues between on premises & Azure platform. Please guide me on those issues-
Issue#01: As a beginner, we have seen some videos / KB to create site to site VPN create.Now we have successfully created S2S with on premises network device. We can ping on premises VM IP from Azure vm. But we are unable to ping Azure VM IP from on premises VM. In NSG, we allowed all port for any any connections in inbound outbound setting. We have also checked that no blocking in on premises network device.
Issue#02:For DC-DR Active Directory testing, we have an on premises Active Directory (DC site). We have created a VM in Azure and add the server to our test domain. After that we have promoted the Azure VM as a domain controller (DR site). The problem is from the on premises AD we are unable to resolve DR Active Directory DNS server IP. Also we are facing replication issues. When object is created in DR AD ( Azure VM ) then objects are not showing on premises AD. but when we create object in on premises AD, objects are showing in DR AD ( Azure VM). We have allowed all port in NSG but no luck.
I hope experts will guide me to solve those issues.
Thursday, August 8, 2019 11:16 AM
Hi,
can i know which Firewall you have on-premises and os version? did you try to RDP with IP address instead of name?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. My blog: http://cloudskillz.wordpress.com/
Thursday, August 8, 2019 11:18 AM
1. Sounds like it's an OS based issue on the Azure VM so. Have you checked firewall settings within OS? Could you try telnet to a port instead of ping?
2. Have you added the local DC as the DNS server for the vnet your Azure server is running in? You will need to do that for it to work successfully initially. Once working, you can update it to use itself as the DNS server for the vnet.
Thursday, August 8, 2019 11:20 AM
Sounds like a routing issue for the first problem.
Either your on premises FW doesn't allow site -> Azure VPN connections, or the Azure setup isn't configured to allow routes between the Azure mapped VPN subnet and your azure Subnet.
MikeM
Thursday, August 8, 2019 3:42 PM
This is our test environment. There is no FW between on-prem to Azure. We have only Mikrotik Router & we have configure S2S VPN with this router and connection status is okay.
The OS version is Windows Server 2016 STD version Azure VM & on-prem both. We can RDP from both side. But unable to ping from on-prem VM to Azure VM (AD- DR site) IP. Azure to on-prem VM IP, we can ping.
Thursday, August 8, 2019 3:49 PM
It sounds like there isn't a default route in your Azure routing rules, that deal with routing from your Azure VM subnet to your on-site subnet range, which is accessed via a site to site VPN. Your Mikrotik Router is your on-prem FW.
MikeM
Thursday, August 8, 2019 3:49 PM
1 . May be but i am not understanding since i am new in Azure platform. We have disabled the all windows FW setting in Azure VM (ADDS- DR site) as well as On-prem VM (ADDS- DC site) but result is same unable to ping & resolve DR site AD integrated DNS server IP. Telnet is not also working.
2. Yes, We have added both DNS server IP (onprem AD+ Azure VM AD) in Vnet setting but unable to ping & resolve DR site AD integrated DNS server IP from on-prem AD server.
Thursday, August 8, 2019 3:56 PM
We have just created S2S between Azure & on-prem router. From Azure network connection setting it's showing connected. Also data in & data out showing in the console. Is there any other setting need we configure for this ping & ADDS DR DNS IP resolve ?
We have followed the bellow URL for S2S configuration-
Thursday, August 8, 2019 4:02 PM
For the DNS part, you will need to set up DNS forwarding on site, to forward the on site queries to the Azure DNS, and visa versa.
I'm not an expert in these things, but maybe you need to take a basic look at some documentation, such as:
/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances
/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-virtual-network
MikeM
Thursday, August 8, 2019 4:06 PM
Hi Mike ,
Can you guide me how to configure Azure routing rules, that deal with routing from your Azure VM subnet to my on-site subnet range? If you share some URL, that will help me.