Public ip connectivity and log issue.

Question

Hello,

I have a CA server with port 8443 open, which also accepts REST requests. I've configured the NSG to allow outbound TCP traffic for the full 0-65K range and inbound TCP on port 8443, yet there's still no connectivity (both nc and REST) on that port. However, port 22 functions as expected. This could be an issue with the CA server, but the fact that it hangs instead of immediately rejecting connections suggests otherwise.

On a related note, I set up an NSG flow log to capture all traffic to troubleshoot this, but when attempting to query 'IPv4 NSG Flow Log Search,' I encounter the following error: 'where' operator: Failed to resolve table or column expression named 'AzureNetworkAnalytics_CL' Request id: 14963faf-13d7-4c72-8311-347ab6aa9642' I'm a bit stuck and would appreciate any help troubleshooting this.

Many thanks

Ryan

Answer 1

Could be a number of things to include host-based firewall (e.g. Windows Defender Firewall) on the CA server. You can use Test-NetConnection on the CA server itself to see if the TCP listener on 8443 is working first then gradually move the testing further out (e.g. from adjacent server in same subnet, then server in different subnet but same VNet, all the way out to the actual clients. The connection troubleshooter feature of Network Watcher can help as well.