How to setup Azure VM to run a public service

Question

The organisation I work for is trying to move away from hosting our own VMs and move them all into the cloud, namely into Azure. Its all new to us, and so the first item I'm trying to tackle is setting up a VM which hosts the license server for an automation application we use.

Creating a Windows VM in the Azure resource manager was easy. And with the license server installed on that VM, I find that it can serve licenses to the automation application instances on the other Azure VMs I've created.

The problem though:

We can only have one license server current, so this license server in the cloud, still needs to service the automation applications we run on our local machines.

The license server just needs the TCP/UDP port 7266 open, so I've made sure that port is open on the Windows instance, as well as gone into the Azure NSG to ensure that an inbound and outbound rules have been added to allow that port.

My understanding is that for the new Azure VMs in the resource manager (i.e. not classic) don't need endpoints. I've added the public IP in Azure with a DNS name, and that resolves from our network to match the public IP of the targeted Azure VM.

But regardless of whether I use the DNS or the specific IP address, our machines consistently get:

ERROR: No connection could be made because the target machine actively refused it [::ffff:40.115.76.87]:7266

I'm hoping someone is familiar enough to assist me in how to configure an Azure VM to make a service publicly accessible from outside Azure.

The Azure forums haven't offered any new options for me to try other that the inbound rules. I'm guessing i'm missing something simple?

Answer 1

To verify if a port is reachable from client side, we can use a tool called PortQuery. It's a GUI based tool which is easy to use. If you are using Linux, please use the nmap to check if the port is reachable from the client.

If the port is unreachable, then please check the following details:

1. Is the outbound traffic blocked by on-premises firewall?

2. Does the NSG has been configured properly? Note: NSG can be associated with both of NIC and Subnet. Please check if both of them has been configured properly.

3. Is the local firewall of the VM has been configured properly to allow the access from internet?

If the port is reachable, it means that the configuration of network is correct. And we should troubleshoot this issue on application-level.

BTW, I totally agree with @BrunoFaria that the licensing server should not be exposed to internet if it is not designed for that. You need to establish a site-to-site VPN between the Azure and your on-premises network, so that your local clients can reach the licensing server by its' private IP.