排除Azure入站安全规则无法正常工作 [英] Troubleshoot Azure Inbound Security Rule Not Working
问题描述
我正在使用资源管理器,所以在我的公共IP地址,我配置了DNS名称(从配置),所以完整的DNS名称是myapp.eastus2.cloudapp.azure.com其中myapp是我的实际应用程序。
然后,在我的网络安全组中,我添加了一个入站安全规则,具有以下设置:
- 名称:HTTP
- 优先级:1020(优先级较高的规则没有冲突规则)
- 资料来源:任何
- 协议:任何
- 源端口范围:*(它是80,但在阅读这篇文章后更改:配置了NSG规则的新Azure VM上的连接超时端口80,但是我仍然认为80应该工作)
- Destin执行:任何
- 目标端口范围:80
- 操作:允许
如果我尝试通过DNS名称或IP直接访问它,我只是得到一个超时错误。我可以使用机器名称导航到本地机器上的网站(例如 http:// myapp )或本地主机。我也无法使用全名从本地机器导航到网站(例如 http:// myapp。 eastus2.cloudapp.azure.com )。
此外,我真的很失望,甚至在哪里甚至排除故障。单击审核日志只显示对项目的实际编辑(有意义),并且我打开NSG的诊断程序(如本文中所述: https://github.com/Azure/azure-content/blob/master/articles /virtual-network/virtual-network-nsg-manage-log.md ),但是当我点击端点(我的存储帐户中没有新的blob)时,似乎没有记录任何东西。 / p>
任何人都有任何想法?
这绝对是NSG。感谢Michael B建议我取消它。当我这样做,一切都开始工作。但是,这并没有解决潜在的问题。我发现,最终删除规则并用完全相同的值重新创建它。去图。
I created a new Windows Server 2012 R2 virtual machine in Microsoft Azure. Among other things installed on that virtual machine is a web site hosted in IIS, but I can't seem to get IIS on that server to respond externally.
I am using the Resource Manager, so on my Public IP Address, I configured the DNS name (from Configuration), so the full DNS name is myapp.eastus2.cloudapp.azure.com where myapp is my actual app.
Then, on my Network Security Group, I added an Inbound security rule with the following settings:
- Name: HTTP
- Priority: 1020 (there are no conflicting rules higher in priority)
- Source: Any
- Protocol: Any
- Source port range: * (it was 80, but changed it after reading this post: Connection timeout port 80 on new Azure VM with NSG rules configured, but I would still think 80 should work)
- Destination: Any
- Destination port range: 80
- Action: Allow
It doesn't matter if I try to access it by DNS name or the IP directly, I just get a timeout error. I can navigate to the web site on the local machine using either the machine name (e.g. http://myapp) or localhost. I also cannot navigate to the web site from the local machine using the full name (e.g. http://myapp.eastus2.cloudapp.azure.com).
Moreover, I'm really at a loss as to where to even troubleshoot this. Clicking on the Audit Logs only seems to show actual edits to the item (makes sense) and I did turn on Diagnostics for the NSG (like in this article: https://github.com/Azure/azure-content/blob/master/articles/virtual-network/virtual-network-nsg-manage-log.md), but it doesn't seem to be logging anything when I hit the endpoint (there are no new blobs in my storage account).
Anyone have any ideas?
It definitely was the NSG. Thanks to Michael B for suggesting I disassociate it. When I did that, everything started working. However, that didn't answer the underlying issue. I found, eventually, that deleting the rule and recreating it with exactly the same values worked. Go figure.
这篇关于排除Azure入站安全规则无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!