The following forum(s) are migrating to a new home on Microsoft Q&A (Preview): Azure Virtual Machines!

Ask new questions on Microsoft Q&A (Preview).
Interact with existing posts until December 13, 2019, after which content will be closed to all new and existing posts.

Learn More

Public IP Address with VM's and Network Security Group RRS feed

  • Question

  • I have been having an issue with a Resource Group that has 2 VM's with NIC's (windows server 2019) a NSG, a public ip, load balancer, a vnet. this was all set up a few months back at first it worked great it was deployed using an Arcgis Deployment tool. when i began using it i had a few issues with the arcgis installations the vms were sort of set up as clones of one another that caused some issues, so i uninstalled all of the arcgis. The public ip address still was working after i did the uninstalls over the course of a couple days couple hours here and there i installed and set up the Arcgis during this time is when the public stopped working. i did temporarily shut down the vm's for a few days when i knew i was not going to be able to use them. since that time i have not been able to establish a connection to the public ip address ip or DNS i am still able to RDP on to one of the VM's but not the other from the outside no matter what rules i put in place nothing seems to make a difference. 
    Tuesday, October 22, 2019 10:23 PM

All replies

  • Few things you can try

    1) Ensure the Network Security Groups are open on the NICs to allow traffic on port 3389. Sounds like you did this but worth double checking

    2) Check to see if there is a NSG on the Subnet Level. You can have NSGs on both the NIC and the Subnet and if they both don't allow 3389 traffic it will be blocked

    3) You said you can RDP to one of the VMs, are all VMs in the same virtual network? If so, RDP to the one VM then once inside, attempt to RDP to the other 3 VMs using their internal IP address. This will tell us if it is just an issue with public access or all access

    4) Check the Boot Diagnostics to get a screenshot of the VMs you cannot connect. Are they fully booted?

    5) Lastly, check this doc for some additional steps you can try

    Some additional information I would like to know if the above does not help

    - Did the VMs work prior to installing Arcgis? I am not familiar with that product but if it worked before and not after it is likely the software closing off the internal firewall which we can fix. 

    - What is the error message you get when you try to RDP? Please be specific as depending on the error we can take different approaches to fix the issue. 

    Tuesday, October 22, 2019 11:02 PM
  • 1) so i have add a rule to the NSG to try and get access to the second VM though i am getting a nothing responded response when i try to connect this is also the same with the 443 rule that i have that was in place before and used to work.

    2) so the NIC's are both in the same subdomain and the NSG is connected to the subdomain as well. Both of the NIC's have the NSG connected they role over to the NSG if want to add any rules to the NIC.

    3) so yes i can RDP remotely (internet) get on to VM1 once on that machine i can RDP to VM2 over the intranet using the computer name or ip address.

    4) all of the resources are running from what i can see in the portal of azure. 


    so the VM's worked in a similar manner as to know though i was able to connect over a browser to the server as a web server that is the part that has broken. the DNS names have all kind of broken though computer names still work when on the network. the internal firewalls are off (for the time being trying to limit complications). 

    i think that this has become about the RDP to second VM (VM2) that i would like to be able to connect to over the internet with RDP with out going through VM1. though that is not may largest issue right now. the big issue is the being able to use a browser and get to the web server.  on the note i am able to get to the web server (IIS) that is on both machines from the other machine. though i can't from the internet.

    Wednesday, October 23, 2019 6:03 PM
  • I totally agree. We want to make sure you can connect from the internet on both VMs. But this gives us some good information. 

    Since you can connect to the internal IP address and not the public we can confirm the VM is up and running and accepting connections which is good. 

    Can you check the local firewall of the second VM?It is possible something got modified during the setup which disabled the ports for 80, 443 and 3389 when connecting externally. 

    Wednesday, October 23, 2019 6:13 PM
  • Firewall is off and remote assistance is on
    Wednesday, October 23, 2019 6:28 PM
  • Thanks for checking that. 

    Can you email me at and provide me with the following: 

    - SubscriptionID

    - Name of both Virtual Machines

    - Resource Group of both Virtual Machines

    - Link to this thread

    I can take a look at the backend and see if I can find the reason why you cannot connect. 

    Wednesday, October 23, 2019 6:31 PM