Hello, @Tapan Dewanjee ! Thank you very much for following up with the open GitHub issue. I'm going to post the link as well as some comments in case anyone else finds this useful.
I'd also like to have someone take a closer look at your resources if you are up for it. Please email the following to AzCommunity@microsoft.com and we'll get back to you promptly:
- Subject: "Attn: kobulloc - Additional support required"
- Email body: Your Subscription ID
- Email body: A link to this thread so we can validate and expedite the request
If you don't receive a response within 24 hours, please reply to the thread so we can investigate.
If you get a moment, please accept answers as this helps increase visibility of this question for other members of the Microsoft Q&A community. Thank you for helping to improve Microsoft Q&A!
Why has Azure Serial Console stopped working with firewall enabled on storage accounts?
As pointed out by Tapan Dewanjee, there is an active GitHub thread tracking this issue:
https://github.com/microsoft/azserialconsole/issues/48
georgejdli (3/26/24)
I noticed that Microsoft added a new IP address for the US regions: 20.83.222.100 https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled
once I added this new IP address to my Storage Account Firewall I was able to access the serial console for my VM again
ondrejholas (3/11/24)
Same here. It used to work before half of February 2024, then it suddenly started to behave as you described - in SA log there are accesses from private IP address, which is not contained in any of our VNETs, and with SA firewall set up in restrictive mode the serial console does not work, even if appropriate public IP addresses are allowed. We are also in North Europe datacenter.
kraduk (2/17/24)
I saw th same. It's a azure internal infrastructure IP. If they allowed rfc1918 in the ACL all would be good, but alias... I did try with 8.0.0.0/6, and that passed the API tests. The IP was still denied though,