Can't open Port 8087 and 8088 - Please Help :(

Ardeshir Ghoreishi 21 Reputation points
2021-01-18T19:38:54.47+00:00

Hello All:
There has been a lot of discussion and or questions around opening ports on a Azure Win VM Server. I must say I have exhausted all of my resources to figure this out but so far have been unsuccessful. This is a simple matter given if there was physical server and physical router and or a fire wall. In a virtual world all of said variables have changed. SO PLEASE HELP....
OS= Win server 2008 R2 ( I know it's at it's end of life cycle)
I have a public IP.

*I have opened ports(8087 and 8088) in Win fire wall Inbound and outbound (This is in Windows)
*I have opened ports (8087 and 8088) in Azure Network Security Groups Under the server-nsg group, That is inbound and outbound.

I have tested this Via various port Tools from within the server and out side the server.

Am I missing something? Is there a limitation I don't know about.? If so is there a way of bypassing limitations?

Much Thanks Ardy

57893-azureport.jpg57862-winfirewall.jpg

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,082 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,132 questions
Accepted answer
  1. Andreas Baumgarten 95,411 Reputation points MVP
    2021-01-19T06:59:14.25+00:00

    Please modify both rules and give it a try:

    Source-> any
    Source Port -> any
    Destination -> any
    Destination Port -> 8087
    Protocol -> TCP
    Access -> Allow

    Source-> any
    Source Port -> any
    Destination -> any
    Destination Port -> 8088
    Protocol -> TCP
    Access -> Allow

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 95,411 Reputation points MVP
    2021-01-18T20:58:23.477+00:00

    Is there maybe another NSG associated with the subnet?

    The protocol is TCP for Port 8087 and 8088?

    Please try the Connection Troubleshoot in Azure Portal:

    57921-connectiontroubleshoot.jpg

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  2. Andreas Baumgarten 95,411 Reputation points MVP
    2021-01-18T22:55:41.59+00:00

    Rules in NSGs working from lowest priority to highest priority.
    Your custom rules are priority 310 and 315 (port 8087 and 8088). They will be processed before 65000 and above.
    If the first rule (starting from priority 100 to 4096) match the criteria no other rule with higher priority will be processed (first match wins).

    NSGs could be associated with a subnet and/or with a VM. Here is how it works:
    https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works#:~:text=A%20network%20security%20group%20contains,destination%2C%20port%2C%20and%20protocol.&text=For%20a%20complete%20list%2C%20see,deployed%20into%20a%20virtual%20network.

    So it's possible more than one NSG is involved. You can check this for your VM (in the screenshots you can see 2 NSGs, one is associated with the subnet of VM01 and the other is associated with directly with VM01):

    57825-nsgs.jpg

    57913-effectivesecrules.jpg

    If there are more than one NSGs are involved the rules of both NSGs should work together. In your case both NSGs must have inbound allow rules for 8087 and 8088.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten