解决Azure的入站安全规则不工作 [英] Troubleshoot Azure Inbound Security Rule Not Working
问题描述
我微软Azure创建了一个新的Windows Server 2012 R2的虚拟机。在安装的虚拟机上的其他事情是IIS托管的一个网站,但我似乎无法得到IIS服务器上从外部回应。
I created a new Windows Server 2012 R2 virtual machine in Microsoft Azure. Among other things installed on that virtual machine is a web site hosted in IIS, but I can't seem to get IIS on that server to respond externally.
我现在用的资源管理器,所以在我的公网IP地址,我配置的DNS名称(从配置),因此完整的DNS名称是myapp.eastus2.cloudapp.azure.com的myapp的地方是我的实际应用程序。
I am using the Resource Manager, so on my Public IP Address, I configured the DNS name (from Configuration), so the full DNS name is myapp.eastus2.cloudapp.azure.com where myapp is my actual app.
然后,在我的网络安全组,我加入以下设置入站安全规则:
Then, on my Network Security Group, I added an Inbound security rule with the following settings:
- 名称:HTTP
- 优先级:1020(有优先级更高没有冲突的规则)
- 来源:任何
- 协议:任何
- 源端口范围:*(这是80后,但阅读这篇文章后,改变了它:<一href=\"http://stackoverflow.com/questions/33133448/connection-timeout-port-80-on-new-azure-vm-with-nsg-rules-configured\">Connection新的Azure虚拟机超时80端口与核供应国集团的规则配置,但我还是觉得应该80工作)
- 目标:任何
- 目标端口范围:80
- 操作:允许
- Name: HTTP
- Priority: 1020 (there are no conflicting rules higher in priority)
- Source: Any
- Protocol: Any
- Source port range: * (it was 80, but changed it after reading this post: Connection timeout port 80 on new Azure VM with NSG rules configured, but I would still think 80 should work)
- Destination: Any
- Destination port range: 80
- Action: Allow
这不要紧,如果我尝试通过DNS名称或IP直接访问它,我只是得到一个超时错误。我可以导航到使用任一计算机名在本地计算机上的网站(例如的http://的myapp </A>)或本地主机。 //myapp.eastus2:我也不能使用全名(例如: HTTP本地计算机浏览到该网站.cloudapp.azure.com )。
It doesn't matter if I try to access it by DNS name or the IP directly, I just get a timeout error. I can navigate to the web site on the local machine using either the machine name (e.g. http://myapp) or localhost. I also cannot navigate to the web site from the local machine using the full name (e.g. http://myapp.eastus2.cloudapp.azure.com).
此外,我真的不知所措到哪里,甚至解决此。点击审核日志只似乎显示实际编辑的项目(有意义),我并打开诊断为核供应国集团(喜欢这篇文章中:<一href=\"https://github.com/Azure/azure-content/blob/master/articles/virtual-network/virtual-network-nsg-manage-log.md\" rel=\"nofollow\">https://github.com/Azure/azure-content/blob/master/articles/virtual-network/virtual-network-nsg-manage-log.md),但它似乎并没有被记录任何东西,当我打的端点(有我的存储账户没有新的斑点)。
Moreover, I'm really at a loss as to where to even troubleshoot this. Clicking on the Audit Logs only seems to show actual edits to the item (makes sense) and I did turn on Diagnostics for the NSG (like in this article: https://github.com/Azure/azure-content/blob/master/articles/virtual-network/virtual-network-nsg-manage-log.md), but it doesn't seem to be logging anything when I hit the endpoint (there are no new blobs in my storage account).
任何人有什么想法?
推荐答案
这绝对是核供应国集团。感谢Michael B代表建议我撇清了。当我这样做,一切都开始工作。然而,这并没有回答根本问题。我发现,最终,删除该规则,使用完全相同的价值再造它的工作。进入数字。
It definitely was the NSG. Thanks to Michael B for suggesting I disassociate it. When I did that, everything started working. However, that didn't answer the underlying issue. I found, eventually, that deleting the rule and recreating it with exactly the same values worked. Go figure.
这篇关于解决Azure的入站安全规则不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!