You are browsing the archive for VNet.

Configuring VNet peering through the Azure Portal resulted in a Peering Status – Failed

12:19 pm in Azure, Azure Networking, Azure portal, Azure PowerShell, VNet, VNet peering by Wim Matthyssen

Virtual network peering is a mechanism that seamlessly connects two Azure virtual networks (VNets). Once peered, the virtual networks appear as one, and resources can be accessed from both VNets via their private IP Addresses.

While creating a new peering through the Azure Portal, it resulted in a created VNet Peer with a PEERING STATUS Failed. Deleting the Peering also failed. Probably something went wrong in the back or the Portal was stuck and giving failure, showing the Failed status as a result. Like in most cases when you are troubleshooting Azure issues, Azure PowerShell comes to the rescue.

By running below PowerShell script (copy and save as .ps1), I was able to get the resources updated using the get and set command, which successfully Connected the VNet peer.

PowerShell script

clip_image002

I hope the above script comes in handy whenever you face the same issue. Till next time.

Wim Matthyssen (@wmatthyssen)

Creation of an Azure VPN gateway failed due to associated NSG

8:53 am in Azure, Cloud, GatewaySubnet, NSG, VNet, VPN gateway by Wim Matthyssen

 

A VPN gateway is a specific type of virtual network gateway that sends encrypted traffic between your virtual network (VNet) and your on-premises location across a public connection. You can also use a VPN gateway to send traffic between virtual networks across the Azure backbone.

While deploying such a gateway trough the Azure portal, the creation took a very long time and in the end the deployment Failed.

clip_image002

In the Activity log the following Error Code was showed.

OnlyTagsSupportedForPatch

clip_image004

clip_image006

After some troubleshooting and reviewing the complete VNet deployment, which was done through Azure PowerShell, I finally found out what caused the gateway deployment to fail.

An important remark is mentioned in the Microsoft technical documentation for creating a Site-to-Site connection in the Azure portal. It states that you may not associate a network security group (NSG) to the gateway subnet, which in my case was causing the issue.

clip_image008

The Azure PowerShell script used to setup the VNet and all of its Subnets also created NSGs for all subnets, the GatewaySubnet included.

To resolve the issue, I deleted the Failed gateway and set the Network security group for the GatewaySubnet to None.

clip_image010

clip_image012

Afterwards the creation of the gateway succeeded without any issues.

 

Conclusion

When you create a gateway subnet for your VNet you should never associated a NSG to it. This is not supported and the gateway will stop functioning as expected or completely fail. Always set the NSG to ‘None’. The gateway subnet also needs to be named ‘GatewaySubnet’ to work properly and never deploy any VMs or anything else to it.

Wim Matthyssen (@wmatthysen)