销售电话: 1-800-867-1380

 none
Configuring Endpoint ACL throws an error when Local Port and Probe Port are the same

    常规讨论

  • Update 10/05/2013  This issue has been resolved and the workaround below is no longer needed. You can now configure endpoint ACLs where the probe port and local port are the same.

    Note that the configuration specified in the workaround below still works as well.

    See also Managing Access Control Lists (ACLs) for Endpoints.

    ------------------------------------------------------------

    If you have upgraded to the latest Windows Azure PowerShell - June 2013 (0.6.15), you can view the Endpoint ACL'ing support for Virtual Machines. When configuring your ACL on an endpoint, it is possible that you may get the following error:

    "Windows Azure does not allow ACL configuration on an endpoint that has the same port number for Local Port and Probe Port. Configure the custom probe to use a different port, and then configure the ACL." 

    Here are the scenarios where this can occur:

    1)       You are applying ACL on a load balanced endpoint which has the same port number for local port & probe port.

    2)       You are adding an endpoint (with an ACL) to a load balanced endpoint set where the port number for the probe port and the local port are the same.
    3)       You are adding a new endpoint (load balanced) to a VM, which has - a) The same probe port & local port & b) Endpoint ACL configuration.
     
    For Example, the following configuration for an endpoint will throw the error mentioned above
     
    LBSetName                : SQLEndpoint-LB
    LocalPort                : 1433
    Name                     : SQLEndpoint
    Port                     : 1433
    Protocol                 : tcp
    Vip                      : 137.116.141.80
    ProbePath                :
    ProbePort                : 1433
    ProbeProtocol            : tcp
    ProbeIntervalInSeconds   : 15
    ProbeTimeoutInSeconds    : 31
    EnableDirectServerReturn : False
    Acl                      : {Rule Description}
     
    Workaround
     

    With the new Windows Azure PowerShell release, you can use the Set-AzureLoadBalancedEndpoint cmdlet to modify the settings of a load-balanced endpoint. To work around the problem, you can change the probe port of the endpoint as shown in the example below. Note the change in the ProbePort setting from 1433 to 59999.

    Defining an ACL configuration object

     
    PS C:\> $acl = New-AzureAclConfig
     
    Setting the ACL rule on the configuration object
     
    PS C:\> Set-AzureAclConfig -AddRule -ACL $acl Permit 168.61.69.228/32 1 "Rule Description"
     
    Ensure that the LocalPort & ProbePort have different port numbers when the ACL is applied on a load balanced endpoint.
     
                PS C:\> Set-AzureLoadBalancedEndpoint -ServiceName MySQlService -LBSetName SQLEndpoint-LB -Protocol TCP -PublicPort 1433 -LocalPort 1433 -ProbeProtocolTCP -ProbePort 59999  -DirectServerReturn 0 -ACL $acl -ProbeIntervalInSeconds 15 -ProbeTimeoutInSeconds 31




    2013年6月4日 0:23