Can you help me allow incoming traffic on port 2101?

KELLY NESS 1 Reputation point
2021-02-19T20:50:19.193+00:00

Can you help me allow incoming traffic on port 2101? I created a NSG and added an incoming rule to open port 2101: ![70139-c3.png][1] I used the Windows defender Firewall(advanced settings) to open port 2101 on the machine: ![70108-snip1.png][2] ![70109-snip2.png][3] Then I contacted support and the support from Microsoft said: The Azure portal is saying that the network connection is allowed on port 2101 but I am still seeing the pings return nothing. ![70191-image001.png][4] ![70169-unnamed-3.png][5] I even tried to turn off the firewall from inside the VM but I am still not seeing the pings coming back. Let us get this escalated to the VM networking team for further investigation. Please help! Kelly [1]: /api/attachments/70139-c3.png?platform=QnA [2]: /api/attachments/70108-snip1.png?platform=QnA [3]: /api/attachments/70109-snip2.png?platform=QnA [4]: /api/attachments/70191-image001.png?platform=QnA [5]: /api/attachments/70169-unnamed-3.png?platform=QnA

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,076 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 95,336 Reputation points MVP
    2021-02-19T21:10:55.24+00:00

    Hi @KELLY NESS ,

    Does any service on the VM even listening on TCP Port 2101?

    You can check this by running netstat -an in a cmd on the VM:

    70211-netstat.jpg

    Another option to check this is to use telnet to connect to the VM via port 2101.

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  2. Jef 1 Reputation point
    2021-02-19T23:17:18.607+00:00

    Hello. You did not allow the ping (ICMP protocol) for your VM, so it won't ping if your Azure VM is not pinged from a trusted network.

    You won't be able to ping your machine on its public IP address.

    Instead, as suggested, try "telnet 13.x.x.x 2101" from another machine (telnet may not be installed)

    You can also use nmap from a Linux machine to see open ports against its public IP Address.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    0 comments
  3. KELLY NESS 1 Reputation point
    2021-02-20T02:08:41.693+00:00

    What command would I use in telnet to verify connection to 52.188.117(dot)237?

    0 comments
  4. Andreas Baumgarten 95,336 Reputation points MVP
    2021-02-20T09:19:28.347+00:00

    You don't need to use any command inside the telnet session to verify the connection.

    Here is an example how to test connection with telnet and port 3389:
    https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/use-telnet-to-test-port-3389-functionality#test-the-functionality-of-port-3389-by-using-telnet

    If you get a cursor the connection on 3389 is successful.
    If telnet is not able to connect to the port you get an "unable to connect to remote host" message or a similar response.

    The green box in the following screenshot shows a successful connect on port 3389. The yellow box unsuccessful connect on port 2101:

    70273-telnetresult.jpg

    Instead of telnet it's possible to use PowerShell as well (the response will be True or False): 

    $ip = "168.x.y.z"  
Test-NetConnection $ip -TcpPort 3389  
Test-NetConnection $ip -TcpPort 2101

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments