Rediger

Del via


Troubleshooting connectivity problems between Azure VMs

You might experience connectivity problems between Azure virtual machines (VMs). This article provides troubleshooting steps to help you resolve this problem.

If your Azure issue is not addressed in this article, visit the Azure forums on Microsoft Q & A and Stack Overflow. You can post your issue in these forums, or post to @AzureSupport on Twitter. You also can submit an Azure support request. To submit a support request, on the Azure support page, select Get support.

Symptom

One Azure VM can't connect to another Azure VM.

Troubleshooting guidance

  1. Check whether NIC is misconfigured
  2. Check whether network traffic is blocked by NSG or UDR
  3. Check whether network traffic is blocked by VM firewall
  4. Check whether VM app or service is listening on the port
  5. Check whether the problem is caused by SNAT
  6. Check whether traffic is blocked by ACLs for the classic VM
  7. Check whether the endpoint is created for the classic VM
  8. Try to connect to a VM network share
  9. Check Inter-VNet connectivity

Note

You can also use Test-NetConnection module in PowerShell to diagnose information for a connection.

Troubleshooting steps

Follow these steps to troubleshoot the problem. After you complete each step, check whether the problem is resolved.

Step 1: Check whether NIC is misconfigured

Follow the steps in How to reset network interface for Azure Windows VM.

If the problem occurs after you modify the network interface (NIC), follow these steps:

Multi-NIC VMs

  1. Add a NIC.
  2. Fix the problems in the bad NIC or remove the bad NIC. Then add the NIC again.

For more information, see Add network interfaces to or remove from virtual machines.

Single-NIC VM

Step 2: Check whether network traffic is blocked by NSG or UDR

Use Network Watcher IP Flow Verify and Connection troubleshoot to determine whether there's a Network Security Group (NSG) or User-Defined Route (UDR) that is interfering with traffic flow. You may need to add inbound rules on both NSGs. The rules must be at the subnet level and the virtual machine's interface level.

Step 3: Check whether network traffic is blocked by VM firewall

Disable the firewall, and then test the result. If the problem is resolved, verify the firewall settings, and then re-enable the firewall.

Step 4: Check whether VM app or service is listening on the port

You can use one of the following methods to check whether the VM app or service is listening on the port.

  • Run the following commands to check whether the server is listening on that port.

Windows VM

netstat –ano

Linux VM

netstat -l
  • Run the telnet command on the virtual machine itself to test the port. If the test fails, the application or service isn't configured to listen on that port.

Step 5: Check whether the problem is caused by SNAT

In some scenarios, the VM is placed behind a load balance solution that has a dependency on resources outside of Azure. In these scenarios, if you experience intermittent connection problems, the problem may be caused by SNAT port exhaustion. To resolve the issue, create a VIP (or ILPIP for classic) for each VM that is behind the load balancer and secure with NSG or ACL.

Step 6: Check whether traffic is blocked by ACLs for the classic VM

An access control list (ACL) provides the ability to selectively permit or deny traffic for a virtual machine endpoint. For more information, see Manage the ACL on an endpoint.

Step 7: Check whether the endpoint is created for the classic VM

All VMs that you create in Azure by using the classic deployment model can automatically communicate over a private network channel with other virtual machines in the same cloud service or virtual network. However, computers on other virtual networks require endpoints to direct the inbound network traffic to a virtual machine. For more information, see How to set up endpoints.

Step 8: Try to connect to a VM network share

If you can't connect to a VM network share, the problem may be caused by unavailable NICs in the VM. To delete the unavailable NICs, see How to delete the unavailable NICs

Step 9: Check Inter-VNet connectivity

Use Network Watcher IP Flow Verify and NSG Flow Logging to determine whether there's an NSG or UDR that is interfering with traffic flow. You can also verify your Inter-VNet configuration here.

Need help? Contact support.

If you still need help, contact support to get your issue resolved quickly.