Share via

Unable to ping/resolve any other on premise servers from Azure other than RRAS server.

razsarh 0 Reputation points
2025-07-03T14:41:22.56+00:00

How do I get my on prem domain servers to resolve my Azure VM's properly and vice versa? So i can Join azure vms to the domain, setup Azure Virtual Desktop etc?

My current config:

Azure Vnet connected S2S to On prem DC Server using RRAS

Azure VM - 10.0.0.2

On Prem DC RRAS - 172.16.1.3

My azure VM 10.0.0.2 can ping the on prem DC 172.16.1.3 and vice versa so this is working. RDP is also working from Azure VM to on prem DC and vice versa.

I also managed to join the azure VM to the on premise domain which was great that it worked with no errors.

However when I ping from azure vm to any other on premise server e.g. file server on 172.16.1.4 it will not ping/resolve and vice versa.

Do I need to add anything else to RRAS or Azure Vnet so that it can see everything else. My Azure local gateway already has the on premise IP range so i thought it would see everything.

Apologies if i have missed something silly. Any help/guidance greatly appreciated.

Windows for business | Windows Server | Networking | Network connectivity and file sharing

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. G Sree Vidya 2,685 Reputation points Microsoft External Staff Moderator
    2025-07-03T17:16:15.56+00:00

    Hello razsarh

    We understand you're experiencing issues with connectivity between your Azure VM and on-premises servers.

    Since your Azure VM can ping the on-premises Domain Controller (DC) but not other servers, this may be due to routing or firewall settings.

    We request you to check and verify the below details:

    1.Ensure all on-premises servers (e.g., 172.16.1.4) are reachable from Azure VMs and vice versa through the S2S VPN.

    2.Check if there’s any firewall on your on-premises servers that might be blocking ping requests. Make sure that the ping requests can reach the file server.

    3.Azure Local Network Gateway: Ensure it includes the entire on-prem subnet range, not just the DC IP. For example, if your on-prem network is 172.16.1.0/24, make sure that’s defined in the local network gateway in Azure.

    https://learn.microsoft.com/en-us/azure/vpn-gateway/add-remove-site-to-site-connections

    On-Prem RRAS Static Routes: RRAS must know how to route traffic back to the Azure subnet (10.0.0.0/24). You can add a static route in RRAS:

    • Route Tables: Check for any user-defined routes (UDRs) on the Azure VNet or subnets that might restrict traffic. If you have a UDR, ensure it routes traffic for 172.16.1.0/24 to the virtual network gateway. By default, the VPN gateway should handle this, but custom routes could override it. Navigate to Virtual networks > Your VNet > Subnets > Route table to verify.
    • https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#why-cant-i-specify-policy-based-and-route-based-vpn-types
    • DNS Configuration: Azure VMs should use the on-prem DNS server (your DC at 172.16.1.3) for name resolution. You can set this in the Azure VNet DNS settings:
    • Go to your VNet → DNS → Set custom DNS to 172.16.1.3. On-Prem DNS: Ensure your on-prem DNS server can resolve Azure VM names. You may need to:Create conditional forwarders for the Azure VM DNS suffix.
    • Or, configure DNS zone replication if using Azure DNS.
    • Testing Connectivity: Use tools like tcping to test connectivity on specific ports if ping is disabled. For example, if you have file sharing services running, check the relevant ports (like port 445 for SMB).

    I hope this helps! Do let me know if you have any further queries in the comment box, If these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.