locked
Unable to connect a VM to ASDK network RRS feed

  • Question

  • Hello,

    So I am in the process of setting up an internal lab using ASDK.

    BGPNAT VM only does outbound NATing and not inbound.

    So I built a Hyper-V VM inside ASDK (Let's call it MyVM). I kept it on the Sdn Switch. I assigned it an IP in the 192.168.200.x range (actually tried several different IPs). I checked the IPs of the inbuilt AzS VMs, and made sure there was no clash with them.

    MyVM can't ping any of the other ASDK VMs. I even turned off the firewall of a AzS VM and MyVM still can't ping it.

    But all the ASDK VMs can ping each other on the same network. I configured the NIC of MyVM like the NICs of other AzS VMs. Is there something I am missing here? I thought maybe we are not allowed to use any of the IP ranges that are used by ASDK, so tried a 10. range for MyVM. Still no help.

    How do I make MyVM talk to the AzS VMs?

    Thanks in advance for your help.

    Wednesday, December 5, 2018 11:27 AM

All replies

  • We are investigating your issue and will reply ASAP.

    To expedite this investigation, please provide the following information:

     

    Build/Version:  

    Get-Content "C:\CloudDeployment\Configuration\Version\version.xml"

     

    Directory type: 

    Azure AD or ADFS

     

    Hardware: 

    How many CPU Cores, RAM, Get-Disk output

     

    Network: 

    Static or DHCP.

     

    The method used to access the Internet:

    NAT, Web Proxy, Transparent  Proxy, DMZ or Closed

    Also, where exactly did you build the HyperV VM? was it in a VM that you spun up through the ASDK, or did you spin the VM up directly on the ASDK?

    Also, are you trying to communicate with VMs that you deployed to a VNET using Azure Stack, or are you trying to communicate with the administration VMs that Azure Stack creates?

    Wednesday, December 5, 2018 8:50 PM
  • Build/Version:  

    Get-Content "C:\CloudDeployment\Configuration\Version\version.xml"

    ð  1.1809.0.90

    Directory type: 

    Azure AD or ADFS

    ð  One ASDK box is connected to AAD

    ð  Second ASDK box is installed using -UseADFS switch, so ADFS mode

    ð  I noticed the issue on both setups.

     

    Hardware: 

    How many CPU Cores, RAM, Get-Disk output

    ð  Two 10 core Intel Xeon Processors

    ð  RAM - 128GB

    ð  Disk:

    Number Friendly Name Serial Number                    HealthStatus         OperationalStatus      Total Size Partition

                                                                                                                 Style

    ------ ------------- -------------                    ------------         -----------------      ---------- ----------

    8      DELL PERC ... 00b3bd9d0f5caa7d23008e1743604609 Healthy              Online                  558.38 GB MBR

    9      Msft Virtu...                                                           Healthy              Online                     120 GB MBR

    10     SU1_Volume    {9ecc9edb-886b-4eaa-ad72-ae19... Healthy              Online                    3.44 TB GPT

    Network: 

    Static or DHCP.

         

    ð  Static

     

    The method used to access the Internet:

    NAT, Web Proxy, Transparent  Proxy, DMZ or Closed

    ð  Transparent Proxy

    Also, where exactly did you build the HyperV VM? was it in a VM that you spun up through the ASDK, or did you spin the VM up directly on the ASDK?

    ð  Spun up a VM directly on the ASDK

    Also, are you trying to communicate with VMs that you deployed to a VNET using Azure Stack, or are you trying to communicate with the administration VMs that Azure Stack creates?

    ð  The purpose to do all this is, we wanted to test ADFS federation. We have an on-prem environment simulated outside of ASDK, and we then found out that BGPNAT VM does not do routing for inbound traffic. So, a federation trust was not possible. I then logged onto ASDK host, opened Hyper-V manager and created a VM. It is connected to the Sdn Switch. Then to test connectivity I assigned the NIC an IP in 192.168.200.x range. Tried pinging AzS-DC01 and AzS-ADFS01, and it fails. I then assigned MyVM an IP in 10.10.10.x range, ping fails again. I did notice that the AzS VMs can ping each other on 192.168.200.x range.

    ð  Additional information: We do have proper Azure Stack appliance (not ASDK) setup as well in our company. So far all the Azure Stack appliance setups have been done using ADFS. Those were done with the help of OME of course. Also, we are asked for certificates, network setup, DNS etc in advance and in ASDK this is not the case. We are keen on setting up an environment in ASDK because it is easier to do RnD on this and wipe and re-install if necessary, this flexibility is not available on Azure Stack Appliance.



    • Edited by AT713 Thursday, December 6, 2018 9:47 AM
    Thursday, December 6, 2018 9:42 AM
  • it is possible to have Azure Stack use your on-prem ADFS. You can find examples Here on how to integrate an existing ADFS enviornment to Azure Stack. 

    Please let me know if this answers your question, if not we can continue looking into getting a custom VM talking with stack's management VMs. 

    Thursday, December 6, 2018 9:11 PM
  • Right, we are able to integrate On-Prem ADFS with Azure Stack Appliance (Full GA version Azure Stack).

    The issue is with ASDK (The dev Kit)

    In Azure Stack Appliance - You provide certificates, DNS forwarder information before hand. Then after OME install the appliance, they provide you with Azure Stack DNS IP to use. The network is also configured before hand in accordance Azure Stack Appliance requirements, including routing. So, this takes care of the communication bit properly.

    In ASDK - You dont perform any of the above tasks. You just install ASDK with -UseADFS switch (I used powershell to install ADFS). Then There is a BGPNAT VM that is built in ASDK, which does NATing for the outbound traffic and does not handle inbound NAT (This is also confirmed in Microsoft documentation). So, we thought we will bring a server inside Hyper-V, install it on the sdn switch and it should then be able to talk to ASDK VMs. We noticed this is not working. The VMs wont ping.

    Friday, December 7, 2018 9:37 AM
  • Unfortunately this is not a supported scenario, but this is possible. You can find a blog Here about someone else who was able to get this working, and how they did it. 
    Friday, December 7, 2018 7:52 PM