Access internet from Azure VM not working

azure azure-virtual-machine azure-virtual-network
Paul Rowland picture Paul Rowland · Feb 27, 2013 · Viewed 24.4k times · Source

I've created an Azure DNS server with Address 192.168.0.4
I've created a Virtual Network with address space 192.168.. I changed the Subnet-1 to be 

 starting IP 192.168.10.0
 Address Count 64  
 Address Range 192.168.10.0 - 192.168.10.63

I've created 3 virtual machine images in a single cloud service using powershell.

$ADVM = New-AzureVMConfig -Name $ADVMName -InstanceSize Small -ImageName $ADVMImageName.ImageName |
            Add-AzureProvisioningConfig -Windows -Password $AdminPassword |
            Add-AzureDataDisk -CreateNew -DiskSizeInGB 10 -DiskLabel 'datadisk2' -LUN 0  |
            Add-AzureEndpoint -Protocol tcp -LocalPort 80 -PublicPort 80 -Name 'web' -LBSetName 'lbweb' -ProbePort 80 -ProbeProtocol http -ProbePath '/'

$SQLVM = New-AzureVMConfig -Name $SQLVMName -InstanceSize Medium -ImageName $SQLImageName.ImageName |
            Add-AzureProvisioningConfig -Windows -Password $AdminPassword |
            Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'datadisk2' -LUN 0 |
            Add-AzureEndpoint -Protocol tcp -LocalPort 80 -PublicPort 80 -Name 'web' -LBSetName 'lbweb' -ProbePort 80 -ProbeProtocol http -ProbePath '/'

$APPVM = New-AzureVMConfig -Name $APPVMName -InstanceSize Large -ImageName $AppImageName.ImageName |
            Add-AzureProvisioningConfig -Windows -Password $AdminPassword |
            Add-AzureDataDisk -CreateNew -DiskSizeInGB 50 -DiskLabel 'datadisk2' -LUN 0 |
            Add-AzureEndpoint -Protocol tcp -LocalPort 80 -PublicPort 80 -Name 'web' -LBSetName 'lbweb' -ProbePort 80 -ProbeProtocol http -ProbePath '/'

#CreateService                   
New-AzureVM -ServiceName $CloudServiceName -VMs $ADVM,$SQLVM,$APPVM -AffinityGroup $AffinityGroup -VNetName $VirtualNetworkName

All the VM's and cloud service get created as expected. (although the IP addresses of the new VM's are not sequential)

I get these 3 IP addresses

192.168.0.4 for $ADVMName
192.168.0.12 for $SQLVMName
192.168.0.20 for $APPVMName

When I RDP to $ADVMName and try to access http://www.google.com it is not successful, clicking Fix connection problems says The DNS Server isn't responding.

Why cant I access google from this machine? How can the DNS server (set at 192.168.0.4) be unavailable when I'm on that machine?

Answer

Martin Cox picture Martin Cox · Feb 20, 2014

I was having the same problem after I built an Azure Virtual network with one VM being a Domain Controller and two other VMs being Servers. When I logged in to any of my Virtual Machine Windows Servers running on an Azure, I was unable to open web sites with any browser (tested Chrome and Internet Explorer). Confusingly, a few sites like BING and GOOGLE would open, but all other others including MSDN and live.com had problems like no CSS or would not open.

It turns out the root cause of this issue is that the Virtual Network I created was configured with only one DNS IP Address: the IP address my AD domain controller MY-DC (10.0.0.4). This happened because I created my own isolated AD Forest (mydomain.com) controlled by my AD domain controller MY-DC which is one of my Virtual Machines.

Before I configured MY-DC to be the Domain Controller for the mydomain.com domain, the Azure Virtual Network had a DNS IP address of 168.63.129.16. That 168.63.129.16 is the IP address of a Microsoft DNS server. After configuring my Virtual Machine MY-DC to be my Domain Controller, the Azure Virtual Network only had the DNS IP address of 10.0.0.4. This change to the DNS IP address seemed to have caused browsers to be unable to open sites on the internet. The fix was to edit the configuration of the Azure Virtual Network and add back the original IP address of the Microsoft DNS server (168.63.129.16) as an additional DNS Server.

So the lesson learned is as follows. Before configuring a VM to be the DNS server of your Azure Virtual Network, carefully make note of the DNS IP Address that Windows Azure provided for your Azure Virtual Network prior to any network or domain configuration. Then, after configuring your VM to be a DNS server, switch back to the Azure management portal and navigate to the Network section. In this section click on the virtual network name. This should drill into the configuration of the network. From this screen, click on the Configure tab. Add the original DNS IP Address of the Microsoft DNS server to the list along with your own DNS Server’s IP address, so your network now knows about both DNS servers. Click Save. The portal will prompt you with a confirmation, click Yes. Restart the VM from the portal, and you will now be able to Remote Desktop to the VM, log in to Windows, open a browser, and surf the internet as easily as on your client PC.

Related questions

Azure Active Directory as Domain Controller for Azure Virtual Machines

Azure Active Directory is "as a service" offering from Azure. I have seen documentations and content from Microsoft stating that can be used for SSO and other Web application for unified auth. Will it be possible to make use of …

Read More
Azure VMs Virtual Network inter-communication

I'm new to Azure (strike 1) and totally suck at networking (strike 2). Nevertheless, I've got two VMs up and running in the same virtual network; one will act as a web server and the other will act as a SQL database …

Read More
Move a Microsoft Azure VM to a Different Subnet Within a vNet

Can't we Move a Microsoft Azure VM to a Different Subnet Within a vNet using the azure new portal or the azure classic portal ? if not possible through portal then how to do so ?then how to edit the properties …

Read More