1
00:00:00,740 --> 00:00:05,260
Lastly, let's troubleshoot Azure VM connection issues. Now,

2
00:00:05,260 --> 00:00:10,240
what if you're experiencing client connectivity issues to your Azure VMs?

3
00:00:10,240 --> 00:00:14,020
These client connections could be administrative connections where you

4
00:00:14,020 --> 00:00:19,680
want to come in on remote desktop protocol TCP port 3389.

5
00:00:19,680 --> 00:00:22,080
If it's a Linux VM, or, let's face it,

6
00:00:22,080 --> 00:00:25,460
you may want to do SSH on Windows Server as well,

7
00:00:25,460 --> 00:00:29,670
then your management port is going to be TCP 22 by default. But those

8
00:00:29,670 --> 00:00:35,190
connections can also be pure client connections from other servers, from

9
00:00:35,190 --> 00:00:40,500
client devices who need to consume resources on the server, etc. Here are

10
00:00:40,500 --> 00:00:45,170
some tools that you can turn to in Azure. Network Watcher is an entire

11
00:00:45,170 --> 00:00:49,440
basket load of troubleshooting tools principally for virtual networking.

12
00:00:49,440 --> 00:00:54,060
In the context of an Azure VM, we can access connection troubleshoot to

13
00:00:54,060 --> 00:00:58,840
get a deeper idea of why that client connection can't reach the VM.

14
00:00:58,840 --> 00:01:01,950
If we think maybe it's network security group‑related,

15
00:01:01,950 --> 00:01:06,090
maybe there's a security rule that's getting in the way, after all, Azure VMs

16
00:01:06,090 --> 00:01:11,080
can have NSG protection at two scopes, at the network interface scope, as

17
00:01:11,080 --> 00:01:15,060
well as the virtual network subnet scope, there are a couple of tools in

18
00:01:15,060 --> 00:01:19,970
Network Watcher for that. Particularly, there's NSG Diagnostic. In the

19
00:01:19,970 --> 00:01:24,400
context of Azure Resource Manager in the VM, there's a convenience that

20
00:01:24,400 --> 00:01:28,850
Microsoft gives us. It's basically a collection of scripts called run

21
00:01:28,850 --> 00:01:34,940
commands where you can do, say, an ipconfig, you can get RDP client settings,

22
00:01:34,940 --> 00:01:39,480
just enables you to get some metadata from a VM that may

23
00:01:39,480 --> 00:01:43,040
otherwise be inaccessible under your normal means.

24
00:01:43,040 --> 00:01:44,300
Could be a routing issue,

25
00:01:44,300 --> 00:01:47,820
particularly if you're implementing user‑defined routes in your virtual

26
00:01:47,820 --> 00:01:52,340
networks. There we've got Network Watcher Next Hop. And then last, but

27
00:01:52,340 --> 00:01:54,720
not least, never forget the host firewall.

28
00:01:54,720 --> 00:01:58,890
I don't know how many times I've worked with customers and clients and students,

29
00:01:58,890 --> 00:02:03,120
all of the above, and in troubleshooting Azure VM connectivity,

30
00:02:03,120 --> 00:02:05,310
we crossed out all of the other tools.

31
00:02:05,310 --> 00:02:07,040
Everything was looking good.

32
00:02:07,040 --> 00:02:09,930
And then I asked, almost as an aside, well,

33
00:02:09,930 --> 00:02:14,600
what about Windows Defender Firewall, or, Linux, what about UFW? And then

34
00:02:14,600 --> 00:02:19,410
it's, oh, okay, yeah. Never forget about the host firewall that's running

35
00:02:19,410 --> 00:02:25,000
in the guest OS environment of those Azure VMs. Now let's get to our demo.