1
00:00:01,040 --> 00:00:05,410
So if we want to do a test connection to my domain controller,

2
00:00:05,410 --> 00:00:08,840
and then normally I'll give it a port,

3
00:00:08,840 --> 00:00:12,420
and it will attempt a TCP port connection at that

4
00:00:12,420 --> 00:00:16,120
address and then give you the results, as you can see here.

5
00:00:16,120 --> 00:00:21,650
And what you want to look for is True or False on TcpTestSucceeded.

6
00:00:21,650 --> 00:00:27,410
Now, this most likely is due to Firewall running on that domain controller,

7
00:00:27,410 --> 00:00:31,300
and it's obviously not set up as an HTTPS web server either.

8
00:00:31,300 --> 00:00:32,540
You see what I mean?

9
00:00:32,540 --> 00:00:34,750
Another thing you can add when you're doing network

10
00:00:34,750 --> 00:00:38,510
troubleshooting with Test‑NetConnection is add,

11
00:00:38,510 --> 00:00:41,640
let's see, InformationLevel Detailed.

12
00:00:41,640 --> 00:00:45,630
That's very much like the verbose flag that you can add to

13
00:00:45,630 --> 00:00:47,550
your PowerShell commands and pipelines.

14
00:00:47,550 --> 00:00:52,240
In here it just gives you a little bit more latency metric data.

15
00:00:52,240 --> 00:01:00,130
Now, there was one about route, get, let me try a help Get‑NetRoute ‑Examples.

16
00:01:00,130 --> 00:01:01,910
Let's see if there's any examples here.

17
00:01:01,910 --> 00:01:03,040
A couple of them.

18
00:01:03,040 --> 00:01:04,230
Let's see.

19
00:01:04,230 --> 00:01:06,720
This command gets all the routes for the computer.

20
00:01:06,720 --> 00:01:07,780
So that's kind of cool.

21
00:01:07,780 --> 00:01:12,520
If we do a Get‑NetRoute and pipe that to Format‑List ‑Property *,

22
00:01:12,520 --> 00:01:17,840
that would be the equivalent of dumping the route table for the local computer.

23
00:01:17,840 --> 00:01:22,140
Looks like we can look at route entries only for particular interfaces,

24
00:01:22,140 --> 00:01:27,040
for protocols, IPv4, IPv6, so on.

25
00:01:27,040 --> 00:01:31,310
So it looks like, wow, there are a lot of options here for getting that route.

26
00:01:31,310 --> 00:01:35,940
I'm going to hit Q to dump out of there and cls to clear my screen.

27
00:01:35,940 --> 00:01:38,800
I don't want to belabor this too much, I would encourage you,

28
00:01:38,800 --> 00:01:40,740
in your lab environment,

29
00:01:40,740 --> 00:01:44,330
to test out with some of those PowerShell commands and so on.

30
00:01:44,330 --> 00:01:51,140
Ipconfig, I always throw on /all so I can get all adapters worth of information.

31
00:01:51,140 --> 00:01:54,220
And we want to verify the correct IP address.

32
00:01:54,220 --> 00:01:56,090
We can, at a glance,

33
00:01:56,090 --> 00:02:01,060
see whether that IP address has been statically assigned or dynamically.

34
00:02:01,060 --> 00:02:06,140
DHCP Enabled here tells me that this is a static IP address.

35
00:02:06,140 --> 00:02:10,240
Our way out of my subnet's going to be through a default gateway.

36
00:02:10,240 --> 00:02:12,610
Then we can verify name resolution.

37
00:02:12,610 --> 00:02:16,970
All of that is important to know because I know in my own troubleshooting work,

38
00:02:16,970 --> 00:02:19,340
my first question is going to be,

39
00:02:19,340 --> 00:02:24,940
is the problem localized to a single machine or multiple machines?

40
00:02:24,940 --> 00:02:26,500
And if it's a single machine,

41
00:02:26,500 --> 00:02:31,010
I'm going to focus the bulk of my troubleshooting effort on that single machine.

42
00:02:31,010 --> 00:02:32,550
If it's a bunch of machines,

43
00:02:32,550 --> 00:02:36,160
then it's going to most likely be a more systemic issue so I'm going to want to

44
00:02:36,160 --> 00:02:39,550
look at a higher level of abstraction like go to the switch,

45
00:02:39,550 --> 00:02:42,460
router level, the server level, and so on,

46
00:02:42,460 --> 00:02:43,360
and so forth.

47
00:02:43,360 --> 00:02:44,640
Okay?

48
00:02:44,640 --> 00:02:47,120
So, I think that's pretty good for now.

49
00:02:47,120 --> 00:02:50,500
Let's go out into Azure and kick the tires a little bit.

50
00:02:50,500 --> 00:02:55,440
Let me go out to my monitorvm virtual machine.

51
00:02:55,440 --> 00:02:58,400
And for your Linux and Windows Server VMs,

52
00:02:58,400 --> 00:03:00,910
you can go to the Networking blade under Settings.

53
00:03:00,910 --> 00:03:03,940
This leaves nothing to the imagination.

54
00:03:03,940 --> 00:03:08,640
Now you have to remember that the software or host‑level firewall is

55
00:03:08,640 --> 00:03:11,580
going to be enabled on these unless you've disabled it,

56
00:03:11,580 --> 00:03:14,190
but here, in Azure Resource Manager,

57
00:03:14,190 --> 00:03:17,120
we're not able to see the host‑level firewall,

58
00:03:17,120 --> 00:03:18,530
the software firewall.

59
00:03:18,530 --> 00:03:20,820
Instead we've got our network security groups,

60
00:03:20,820 --> 00:03:21,790
which, as you can see,

61
00:03:21,790 --> 00:03:27,940
I've got one here called monitorvm‑nsg that's attached to the network interface.

62
00:03:27,940 --> 00:03:33,440
This VM, actually surprisingly, has a public, an incident‑specific public IP.

63
00:03:33,440 --> 00:03:37,040
The private IP is coming from system DNS.

64
00:03:37,040 --> 00:03:40,000
We can go to the network interface for the VM,

65
00:03:40,000 --> 00:03:45,030
and as long as the VM is running, we can change its IP configuration,

66
00:03:45,030 --> 00:03:47,740
put the VM on another subnet.

67
00:03:47,740 --> 00:03:53,440
We can come in and adjust Public and Private IP addresses here.

68
00:03:53,440 --> 00:03:56,840
Now actually the VM could be stopped to do a lot of that work.

69
00:03:56,840 --> 00:04:00,300
To view the routing table, down here under Support + troubleshooting,

70
00:04:00,300 --> 00:04:01,510
Effective routes,

71
00:04:01,510 --> 00:04:05,310
the only way that you can see the routing table of the VM

72
00:04:05,310 --> 00:04:08,570
is when it's online because the routing table is dynamic

73
00:04:08,570 --> 00:04:11,640
in memory on that machine, all right?

74
00:04:11,640 --> 00:04:14,440
Takes a little while to load up the routes.

75
00:04:14,440 --> 00:04:18,030
These are routes that have been dynamically injected by Azure.

76
00:04:18,030 --> 00:04:21,540
I don't have any user‑defined routing going on.

77
00:04:21,540 --> 00:04:25,780
And it's saying here, if we're within 10/16 for our destination,

78
00:04:25,780 --> 00:04:27,610
stay on the virtual network.

79
00:04:27,610 --> 00:04:30,840
And if none of these other route entries match,

80
00:04:30,840 --> 00:04:36,020
we have the default route of 0.0.0.0/0 go out to the public internet.

81
00:04:36,020 --> 00:04:36,300
So,

82
00:04:36,300 --> 00:04:39,770
here we see an example of those service tags I told you

83
00:04:39,770 --> 00:04:43,240
about before that can be really useful, all right?

84
00:04:43,240 --> 00:04:44,710
Let's see, what else do we have?

85
00:04:44,710 --> 00:04:50,640
Let's go back to the monitorvm, and let's go down under troubleshooting.

86
00:04:50,640 --> 00:04:52,640
Where is it?

87
00:04:52,640 --> 00:04:55,130
There's a command called Run command.

88
00:04:55,130 --> 00:04:56,690
Let me just search the settings.

89
00:04:56,690 --> 00:04:59,040
There it is under Operations.

90
00:04:59,040 --> 00:05:01,640
For troubleshooting things like network connectivity,

91
00:05:01,640 --> 00:05:04,750
I'm sure we'll come back to this in the next couple of lessons,

92
00:05:04,750 --> 00:05:10,340
but this is a convenient way to run a preconfigured PowerShell script.

93
00:05:10,340 --> 00:05:15,260
And Microsoft created these, I believe, to help their own support desk,

94
00:05:15,260 --> 00:05:19,240
really, when they have common things that they want to check.

95
00:05:19,240 --> 00:05:23,800
How about PowerShell remoting, how about getting the IP configuration?

96
00:05:23,800 --> 00:05:28,210
Let's actually select the IPConfig command script and click Run.

97
00:05:28,210 --> 00:05:31,180
Azure will inject that script into the VM,

98
00:05:31,180 --> 00:05:33,760
run it under system credentials,

99
00:05:33,760 --> 00:05:38,340
and then put our output right here in the portal where we can verify it.

100
00:05:38,340 --> 00:05:42,890
So this would be an alternative to making a Bastion connection or

101
00:05:42,890 --> 00:05:48,000
some other administrative connection to the VM. It's a more convenient way to go.