Unable to connect to a VMSS

lionelblak 1 Reputation point
2022-01-05T14:22:56.61+00:00

Hi,

I created a web server, then I Captured it and created an image. From that image I created a new VMSS.

When I start the VMSS, it starts up ok and I can access the web service ping page. I cannot consume the web service, nor can I connect to the VMSS via RDP or Bastion to see what the issue might be.

  1. When I try to connect via RDP, there is no public IP Address
  2. When I try to connect via Bastion, a message appears saying that either the machine is unreachable or that my credentials are incorrect.
  3. When I run the connection troubleshooter in Bastion, the machine is reported as unreachable.

I'm sure that it's a networking issue but I have no idea where to look. Please could someone make a suggestion?

Many thanks,

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
262 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,551 questions
Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets
Azure compute resources that are used to create and manage groups of heterogeneous load-balanced virtual machines.
395 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prrudram-MSFT 24,546 Reputation points
    2022-01-06T18:32:13.087+00:00

    Hi @lionelblak ,

    Welcome to the Microsoft Q&A platform. Happy to answer your question. This is a connectivity issue. There are various ways in which you can connect to the VMSS instance, like

    1. Connecting directly to virtual machines
    2. Connecting through a jumpbox
    3. Leveraging Azure Bastion

    The first thing that comes to my mind is Network Security Group (NSG) associated with your VMSS. NSG describes what inbound and outbound requests are allowed for your virtual machines. For example, inbound rules by default allow requests from the virtual network and load balancer infrastructure.

    To enable RDP or SSH we need to create a rule to allow connection to the corresponding ports. It could be done in “Networking” tab of a VMSS resource. On the screenshot below we can see a rule that allows connections to the 3389 port on the virtual machines.

    NOTE: The warning sign is displayed because RDP port is exposed to the Internet which is not secure.

    VMSS network security group rules:
    162879-image.png

    Establishing Connection:
    To connect to a particular virtual machine inside of a scale set we just need to know what port on load balancer’s public IP address to use to be forwarded to the desired instance of VMSS.

    One easy way to do it is to navigate to load balancer “Inbound NAT rules” tab and see the mapping. Another option is to go to an individual VM, its “Connect” tab, then “RDP” and select “Load balancer public IP address” in the dropdown. It will autocomplete “Port number” for you, and this should work both for Windows and Linux VMSS.

    For other approaches, i recommend you to refer to connect-to-azure-vmss-instances
    Video on how to connect to VMSS VMs: watch

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.