Share via

Public ip connectivity and log issue.

Ryan Tuck 25 Reputation points
2025-02-11T14:00:10.7066667+00:00

Hello,

I have a CA server with port 8443 open, which also accepts REST requests. I've configured the NSG to allow outbound TCP traffic for the full 0-65K range and inbound TCP on port 8443, yet there's still no connectivity (both nc and REST) on that port. However, port 22 functions as expected. This could be an issue with the CA server, but the fact that it hangs instead of immediately rejecting connections suggests otherwise.

On a related note, I set up an NSG flow log to capture all traffic to troubleshoot this, but when attempting to query 'IPv4 NSG Flow Log Search,' I encounter the following error: 'where' operator: Failed to resolve table or column expression named 'AzureNetworkAnalytics_CL' Request id: 14963faf-13d7-4c72-8311-347ab6aa9642' I'm a bit stuck and would appreciate any help troubleshooting this.

Many thanks

Ryan

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,645 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
588 questions
Accepted answer
  1. chrischin 240 Reputation points Microsoft Employee
    2025-02-11T18:43:42.6466667+00:00

    Could be a number of things to include host-based firewall (e.g. Windows Defender Firewall) on the CA server. You can use Test-NetConnection on the CA server itself to see if the TCP listener on 8443 is working first then gradually move the testing further out (e.g. from adjacent server in same subnet, then server in different subnet but same VNet, all the way out to the actual clients. The connection troubleshooter feature of Network Watcher can help as well.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Tuck 25 Reputation points
    2025-02-12T19:00:44.12+00:00

    Hi Ganesh, Apologies for the slow reply, it would appear i made an assumption that the server was listening (it is not!). Thanks for you help ganesh and prompt response.

    Many thanks

    Ryan

    1 person found this answer helpful.
    0 comments
  2. Ganesh Patapati 3,605 Reputation points Microsoft Vendor
    2025-02-11T16:39:05.7366667+00:00

    Hi Ryan Tuck

    Greetings!

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    1. Could you please confirm if the services are enabled on port 8443?

    If any services are not enabled on port 8443 on the destination virtual machine, it is expected that we will not receive any response from the destination server.

    If any service has been enabled, please provide the details below to further troubleshoot the issue.

    1. Can you please share the traffic flow from source to destination?
    2. could you please confirm windows defender is allowing the traffic on port 8443?
    3. Could you please check if you are receiving a response on the port when the source and destination are in the same subnet?

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.