Cisco CCNA, Routing, Switching, Packet Tracer, Linux, Security, Photoshop, Flash, Windows Server, and Web Game Programming. Is it possible to use Windows Firewall to block specific web sites for all browsersWindows Azure SQL Database Connectivity Troubleshooting Guide Tech. Net Articles United States EnglishThe information provided in this article are intended to help troubleshoot some of the common connectivity error messages that you would see while connecting to Windows Azure SQL Database. Important Note  To troubleshoot common connectivity issues with SQL Azure database, check the recently published. Troubleshoot connection problems to Azure SQL Database guide walk through at  http support. Note For more information on handling connection losses while your application runs, see. Connection Management in Windows Azure SQL Database. Common Connectivity Errors. Can you help me guys with my problem I am using Windows 7 and I get 169. IP address. What would be the problem Can you please gave me a stepbystep procedure 192. Router IP Address. Get a default username and password from our list or use own login credentials to login 192. Windows Update Ip Address Range Firewall Router' title='Windows Update Ip Address Range Firewall Router' />Internal IP address or NAT address and NAT IP discovery tool. Yes no problem 1. The subnet mask is not used for routing, it is used to determine which part of its OWN IP address represents the network ID and host ID. Fix Obtaining IP Address Android WiFi Problem. This is a common problem in android. The name of the issue says it all. Android fails to obtain an IP. A transport level error has occurred when receiving results from the server. Provider TCP Provider, error 0 An existing connection was forcibly closed by the remote host. System. Data. Sql. Client. Sql. Exception Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding. The statement has been terminated. An error has occurred while establishing a connection to the server. When connecting to SQL Server 2. SQL Server does not allow remote connections. Error Microsoft SQL Native Client Unable to complete login process due to delay in opening server connection. A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Return to Top. Verify SQL Server Management Studio Version. If you can not connect to SQL Database from SQL Server Management Studio SSMS, it could be the SSMS version. The SQL Server Management Studio from SQL Server 2. R2 with SP1 and SQL Server 2. R2 Express with SP1 can be used to access, configure, manage. SQL Database. Previous versions of SQL Server Management Studio are not supported. The links to get the latest updates available in SQL Server 2. R2 SP1 are Return to Top. Verify Azure Firewall Settings and Service Availability. When a computer attempts to connect to your SQL Database server from the. Internet, the SQL Database firewall checks the originating IP address of therequest against the full set of firewall settings. Note to Windows Users To update the firmware, you may be required to turn off the firewall settings for the IPTools program IPSE. Open Windows Firewall by clicking. If the IP address of therequest is not within one of the ranges specified, the connection attempt isblocked and does not reach the SQL Database server. Being blocked by the SQLAzure firewall is usually self evident because the service returns aspecific error message similar to the one below C SQLCMD Ult user lt server Plt password Slt server. Cannot open server ljvt. Client with IP address 1. To enable access, use the SQL Database Portal or runspsetfirewallrule on the master database to create a firewall rulefor this IP address or address range. It may take up to five minutes forthis change to take effect. Note SQL Azure Portal has been replaced by. Windows Azure Platform Management Portal. To ensure that the SQL Database firewall is correctly configured, performthe following steps. Login to Windows Azure Platform Management Portal, select your SQL Database server and then click Firewall Rules. Verify that the SQL Database firewall is    configured to allow remote connections from the IP addresses that you    will be connecting from On the Databases tab of your portal, select the database that you are trying to access and click the Test Connectivity button. This will prompt for your username and password to use when connecting. If the connection fails, note the Location listed for your server and check the SQL Database service status for this location        in the. Azure Services Dashboard. In the event of a known outage you will be able to find more information there. If the dashboard does not reflect an outage you may call Microsoft at 1 8. Note If the Microsoft Services firewall isnt enabled you must enable it and wait up to 5 minutes for the firewall setting to take effect. If you attempt to test connectivity without waiting for 5 minutes, you will continue to receive the error until. Reference How and when to contact Microsoft Customer Service and. Support http support. Return to Top. Verify That You Can Reach the Server IPOpen a command prompt window and use the PING command to confirm that name resolution successfully translates your logical server name to an IP address. The Request timed out message shown below is expected because SQL Database will never respond to ping. C ping lt myserver. Pinging data. sn. Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 6. Packets Sent 4, Received 0, Lost 4 1. If the server name resolves to an IP address, note the value and proceed with step 2. If this step fails, contact your network administrator or Internet service provider for assistance with fixing your name resolution problem. From your command prompt window, try to telnet to port 1. IP address returned in the prior step. This will test whether there are any firewallsrouters blocking traffic to port 1. C telnet 6. Connecting To 6. If Telnet is successful, the window will change to a completely blank screen. Exit and proceed to the next step. If it is not successful, capture the output and move to step 4. Reference Telnet Troubleshooting Guide http technet. WS. 1. 0. aspx. From your command prompt window, repeat the test by trying to telnet to the DNS name instead of the IP address. C telnet lt myserver. Note If Telnet is not part of your default windows installation, you may enable it from AddRemove Windows Components. Use the tracert utility and capture the output showing the intermediate steps taken while trying to reach the server. This information will be useful if a network engineer is needed to troubleshoot the issue. C tracert 6. Tracing route to 6. DLLSTX LCR 0. 7. DFW0. BB RTR1. LCC1 RES BB RTR1 RE1. ASH PEER RTR1 re. Reference How to Use TRACERT to Troubleshoot TCPIP Problems in Windows. Return to Top. Isolating Network Problems. If you encountered difficulties when Verifying that You Can Reach the Server IP, then you are not reaching the VIP and are instead being blocked between your client and the VIP. The below steps may be helpful, but at this point an. ISP or network engineer is required. Many firewall, router, and proxy products allow individual users and domain administrators to block or restrict outbound access on a specific port and or destination IP address. Therefore it is necessary to check the outbound rules that are defined on the. SQL Database. Rules mustallow outbound access on port 1. IP address range. Network products that might block access include Windows Firewall on the local machine. Other Firewall products. For information on working with other firewall products, please consult the specific firewall product documentation. Proxy and Routers and other components in your network. If you are going through a proxy or router to connect to the internet, confirm the external IP address that is exposed on the internet. This is usually the IP address that the SQL Database Firewall    must allow in order for you to connect to the server. You can use. http www. IP address that is used by the proxy or router to communicate with services on the Internet. The Add. Firewall. Rule dialog box under SQL Database Firewall Setting Tab in the portal will    also list your external IP address. Network Isolation Options for Machines in Windows Azure Virtual Networks Blog Recently we published a Windows Network Security Whitepaper download from here that gives insights on how customers can take advantage of the platforms native features to best protect their information assets. This post from Walter Myers, Principal Consultant expands on this whitepaper and describes how to isolate VMs inside a Virtual Network at the network level. Introduction Application isolation is an important concern in enterprise environments, as enterprise customers seek to protect various environments from unauthorized or unwanted access. This includes the classic front end and back end scenario where machines in a particular back end network or sub network may only allow certain clients or other computers to connect to a particular endpoint based on a whitelist of IP addresses. These scenarios can be readily implemented in Windows Azure whether client applications access virtual machine application servers from the internet, within the Azure environment, or from on premises through a VPN connection. Machine Isolation Options There are three basic options to be discussed in this paper where machine isolation may be implemented on the Windows Azure platform Between machines deployed to a single virtual network. Between machines deployed to distinct virtual networks. Between machines deployed to distinct virtual networks where a VPN connection has been established from on premises with both virtual networks These options will be detailed in the sections that follow. By default, Windows Server virtual machines created from the gallery will have two public endpoints, specifically RDP and Remote Power. Shell connections. There will be no other public endpoints except additional endpoints that are added by the administrator. These endpoints and any others created by the administrator may be secured with access control lists ACLs on any given Iaa. S virtual machine. As of this writing ACLs are available for Iaa. S virtual machines, but not for Paa. S web or worker roles. How Network ACLs Work An ACL is an object that contains a list of rules. When you create an ACL and apply it to a virtual machine endpoint, packet filtering takes place on the host node of your virtual machine. This means the traffic from remote IP addresses is filtered by the host node for matching ACL rules instead of on your virtual machine. This prevents your virtual machine from spending the precious CPU cycles on packet filtering. When a virtual machine is created, a default ACL is put in place to block all incoming traffic. However, if an input endpoint is created for example, port 3. ACL is modified to allow all inbound traffic for that endpoint. As discussed above, when a virtual machine is created from the Azure gallery, a Power. Shell endpoint and an RDP endpoint are created using standard private ports but randomly generated public ports, as seen in the portal below. Inbound traffic from any remote subnet is then restricted to those endpoints and no firewall provisioning is required. All other ports are blocked for inbound traffic unless endpoints are created for those ports. Outbound traffic is allowed by default. Using Network ACLs, you can do the following Selectively permit or deny incoming traffic based on remote subnet IPv. Blacklist IP addresses. Create multiple rules per virtual machine endpoint. Specify up to 5. 0 ACL rules per virtual machine endpoint. Use rule ordering to ensure the correct set of rules are applied on a given virtual machine endpoint lowest to highestSpecify an ACL for a specific remote subnet IPv. So network ACLs are the key to protecting virtual machine public endpoints and controlling that type of access to them. Currently, you can specify network ACLs for Iaa. S virtual machines input endpoints, which allow you to control access from the internet to each virtual machine. Unless you specify endpoints, the virtual machines in a virtual network do not get incoming traffic and this is equivalent to having a default deny ACL at the network level which you can override on a per virtual machine basis. You cannot currently specify an ACL on a specific subnet contained in a virtual network, and we are looking into this for the future. Option 1  Subnets within a Single Virtual Network Currently, Windows Azure provides routing across subnets within a single virtual network, but does not provide any type of network ACL capability with respect to internal DIP addresses. So in order to restrict access to machines within a single virtual network, those machines must leverage Windows Firewall with Advanced Security, as depicted simply in the diagram below. In order to secure the server, Windows Firewall could be configured to block all inbound connections, and inbound rules would be setup to determine 1      what local ports will accept connections, 2      what remote ports from which connections will be accepted, 3      what remote IP addresses will be accepted, 4      what authorized users can make connections, and 5      what authorized computers can make connections In this case, the firewall exceptions would include local Dynamic IP DIP addresses within its own subnet and across other subnets configured for the virtual network. Any public endpoints would be secured with network ACLs. Firewall exceptions should, of course, include the private ports for public endpoints established with network ACLS. Option 2  Subnets in Different Virtual Networks In order to protect virtual machines from other machines deployed in other Azure virtual networks, or machines in other Azure cloud services not associated with a virtual network, or machines outside the Windows Azure platform, the Windows Azure network ACL feature would be used to provide access control to virtual machines. This is the most natural scenario in Windows Azure for application isolation, since by default the only access allowed on virtual machines are the default provided RDP and Remote Power. Shell public endpoints. For any Azure virtual machine Paa. S or Iaa. S that wishes to access another virtual machine in a different virtual network, its virtual IP VIP address will be considered as opposed to its DIP addresses within a single virtual network. Windows Activation Code 0X80070005. So when a permit ACL is set on a given virtual machine endpoint, that ACL will consider the public VIP of the machine that desires to make a connection. We can see this in the diagram below. We can selectively permit or deny network traffic in the management portal or from Power. Shell for a virtual machine input endpoint by creating rules that specify permit or deny. By default, when an endpoint is created, all traffic is permitted to the endpoint. So for that reason, its important to understand how to create permitdeny rules and place them in the proper order of precedence to gain granular control over the network traffic that you choose to allow to reach the virtual machine endpoint. Note that at the instant you add one or more permit ranges, you aredenying all other ranges by default. Moving forward from the first permit range, only packets from the permitted IP range will be able to communicate with the virtual machine endpoint.