Azure Internet connection.

Question

Azure Internet connection.

AzurePro 60

I'm deploying Azure SCOM MI instance. while creating SCOM MI at the validation check it gives error below even through we have outbound internet connection working.

Internet connectivity Failed

Internet connectivity test failed. Required endpoints (Nexus Service, Bridge Service, Azure Resource Manager) are not reachable from the VNet. This could be due to an incorrect DNS Server IP, or an incorrect network configuration [Time taken: 191s]. Check internet connectivity troubleshooting.

{98DD75E3-05EA-4CA4-843A-E4809D434BF5}

{1E68B72E-7295-48D2-86B5-5E1645CA1B5F}

Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-07T16:42:08.0033333+00:00
Hi AzurePro,

The error message means that your Virtual Network (VNet) can't connect to the Azure services it needs. This is usually caused by an incorrect DNS server address or a problem with your network settings.

Here are some steps you can take to resolve this issue:

Make sure the DNS server IP is correct, and that the DNS server is working properly. Your VNet needs to be able to directly connect to the DNS server.

Check your network settings allow outbound internet access. You can test this by creating a virtual machine in the same subnet as the SCOM Managed Instance and checking if it has internet connectivity.

Check that your Network Security Group (NSG) and firewall settings allow access to the required services, including Nexus Service, Bridge Service, and Azure Resource Manager.

If you are familiar with PowerShell, use PowerShell commands like 'Test-NetConnection' to check connectivity to specific services and endpoints.

Test-NetConnection www.microsoft.com -Port 80

Please follow below links for detailed explanation:

Troubleshoot commonly encountered errors while validating input parameters - Azure Monitor | Microsoft Learn
Troubleshoot issues with Azure Monitor SCOM Managed Instance - Azure Monitor | Microsoft Learn

If you had a chance to review my response to your question and found it helpful, please consider clicking "Upvote" on my post. Let us know if you need any further assistance. Thank you!
AzurePro 60 Reputation points

2025-03-08T05:24:07.3333333+00:00

Hi,

Test-NetConnection www.microsoft.com -Port 80 - Yes working from vm created in same scom MI.

Check that your Network Security Group (NSG) and firewall settings allow access to the required services, including Nexus Service, Bridge Service, and Azure Resource Manager. - there is no nsg configured on scom mi subnet. firewall is not there. which firewall we talking here?)

Your VNet needs to be able to directly connect to the DNS server. - vNET has connectivity to DNS
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-10T16:59:27.1766667+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-12T14:20:50.96+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-19T18:16:01.41+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!

1 answer

Your answer

Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-07T16:42:08.0033333+00:00

Hi AzurePro,

The error message means that your Virtual Network (VNet) can't connect to the Azure services it needs. This is usually caused by an incorrect DNS server address or a problem with your network settings.

Here are some steps you can take to resolve this issue:

Make sure the DNS server IP is correct, and that the DNS server is working properly. Your VNet needs to be able to directly connect to the DNS server.

Check your network settings allow outbound internet access. You can test this by creating a virtual machine in the same subnet as the SCOM Managed Instance and checking if it has internet connectivity.

Check that your Network Security Group (NSG) and firewall settings allow access to the required services, including Nexus Service, Bridge Service, and Azure Resource Manager.

If you are familiar with PowerShell, use PowerShell commands like 'Test-NetConnection' to check connectivity to specific services and endpoints.

Test-NetConnection www.microsoft.com -Port 80

Please follow below links for detailed explanation:

Troubleshoot commonly encountered errors while validating input parameters - Azure Monitor | Microsoft Learn
Troubleshoot issues with Azure Monitor SCOM Managed Instance - Azure Monitor | Microsoft Learn

If you had a chance to review my response to your question and found it helpful, please consider clicking "Upvote" on my post. Let us know if you need any further assistance. Thank you!
AzurePro 60 Reputation points

2025-03-08T05:24:07.3333333+00:00

Hi,

Test-NetConnection www.microsoft.com -Port 80 - Yes working from vm created in same scom MI.

Check that your Network Security Group (NSG) and firewall settings allow access to the required services, including Nexus Service, Bridge Service, and Azure Resource Manager. - there is no nsg configured on scom mi subnet. firewall is not there. which firewall we talking here?)

Your VNet needs to be able to directly connect to the DNS server. - vNET has connectivity to DNS
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-10T16:59:27.1766667+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-12T14:20:50.96+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!
Srinivasa Reddy Jaggavarapu 105 Reputation points Microsoft External Staff

2025-03-19T18:16:01.41+00:00

Hi AzurePro,

If you had a chance to see my comment to your question. If it was helpful, please click "Upvote" on my post let us know Thank you...!

Answer 1

Hi AzurePro,

Thank you for the clarification. The reference to firewalls includes any centralized firewalls or implicit configurations, such as Azure Policies or custom route tables, that might block outbound connectivity. Even if no Network Security Group (NSG) or explicit firewall is applied to the SCOM MI subnet, it is important to check for these. Start by reviewing the Effective Routes for the subnet to ensure there are no misconfigured routes redirecting traffic to a non-existent device or blocking internet access. Additionally, verify that DNS resolution is working for the specific Azure endpoints required by SCOM MI, including management.azure.com, <YourRegion>.servicebus.windows.net, and nexus.microsoft.com. Use a VM in the same subnet to run 'Test-NetConnection' to confirm that both DNS resolution and port 443 connectivity to these endpoints are successful. If these checks pass, use the Azure Network Watcher tool or review the validation logs from the SCOM MI deployment blade for more detailed insights into any connectivity issues. Let me know if you need further guidance.

Kindly follow for reference:
https://learn.microsoft.com/en-us/azure/azure-monitor/scom-manage-instance/troubleshoot-scom-managed-instance

I hope this information is helpful.

If the answer is helpful, please click "Accept Answer" and kindly upvote it.

Share via

Azure Internet connection.

1 answer

Your answer