Share via

not able to access the ports, even after assigning to NSG

Santosh Kumar 20 Reputation points
2025-12-29T20:33:30.4133333+00:00

We have 2 servers in same resource group, both have same NSG assigned, but one server port is accessible and another server port is not accessible, both servers have same settings

PS C:\Users\Dell> Test-NetConnection -ComputerName xx.x.x.x -Port 32015 -InformationLevel Detailed WARNING: TCP connect to (xx.x.x.x : 32015) failed

PS C:\Users\Dell> Test-NetConnection -ComputerName xx.x.x.x -Port 32015 -InformationLevel Detailed

ComputerName : xx.x.x.x

RemoteAddress : xx.x.x.x

RemotePort : 32015

TcpTestSucceeded : True

removed PII

Azure Virtual Network
Azure Virtual Network

An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.

0 comments

Answer accepted by question author

Ravi Varma Mudduluru 12,375 Reputation points Microsoft External Staff Moderator
2025-12-29T21:03:09.82+00:00

Hello @Santosh Kumar,

Thanks for reaching out to Microsoft Q&A.

I understand that you're facing some connectivity issues with the ports on your servers in Azure, even though both have the same NSG (Network Security Group) assigned.

As discussed offline, when we compared the two servers, we found that the firewall on the non-working server was blocking access at the OS level. After enabling the local firewall ports, the non-working VM was able to access successfully.

If you need to open a specific port on a Linux server, you can use the following command.

sudo firewall-cmd --add-port=32015/tcp --permanent
sudo firewall-cmd --reload

If you need to open an all port on a Linux server, you can use the following command.

sudo firewall-cmd --set-default-zone=trusted 
sudo firewall-cmd --reload

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Was this answer helpful?

1 person found this answer helpful.
0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 132.2K Reputation points MVP Volunteer Moderator
    2025-12-29T21:41:33.3933333+00:00

    Hi @Santosh Kumar ,

    please verify the associated NSGs on both VMs.

    User's image

    In the screenshot above 2 NSGs are associated with the Azure VM VM01:

    • One NSG, named Test1-nsg, is associated with the subnet the VM is connected to.
    • The second NSG, named VM01-nsg, is associated direct with the NIC of the Azure VM VM01.
    • Both NSG in this example require rules to allow the required connection (port, protocol).

    If the NSGs associated with the 2 Azure VMS are identical with the same rule set, please verify the binding of the services/applications on port 32015. Also please verify if a firewall on the VM is configured properly/identical.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

    Was this answer helpful?

    0 comments

  2. AI answer

    2025-12-29T20:33:39.5133333+00:00

    It seems that you are experiencing a connectivity issue with one of your servers despite both having the same Network Security Group (NSG) settings. Here are a few steps you can take to troubleshoot the issue:

    1. Check NSG Rules: Ensure that the NSG rules are correctly configured to allow traffic on port 32015 for both servers. Sometimes, rules may apply differently based on the source or destination IP.
    2. Firewall Settings: Verify that the Windows Firewall or any other firewall on the server that is not accessible is not blocking the port. You may need to create an inbound rule to allow traffic on port 32015.
    3. Endpoint Listening: Ensure that the service on the server that is not accessible is actively listening on port 32015. You can check this by using commands like netstat -an to see if the port is in a listening state.
    4. Network Security Group (NSG) Logs: If you have logging enabled for your NSG, check the logs to see if any traffic is being denied for the inaccessible server.
    5. Test Connectivity: Use Test-NetConnection as you have done, but also try connecting using the server name instead of the IP address to rule out any DNS issues.
    6. Restart Services: If applicable, try restarting the service that is supposed to be listening on that port on the inaccessible server.

    If after these steps the issue persists, consider checking for any additional network configurations or policies that might be affecting connectivity.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.