05-01-2018 07:58 AM
Hello,
I've been looking into issues I'm having with our Azure environment and RDP. Our setup is pretty nominal currently but we do have a couple of VM's that we can get into. At some point, something changed and I cannot log into specific VM's that were already setup, as well as new VM's I create. I can however log into the currently accessible VM's, then RDP into the problematic ones if that makes sense. Microsoft has confirmed everything is good on their side. Upon reviewing the traffic logs, I see that when I try to connect to problematic VM's the traffic is allowed under the intra-zone default but the application is incomplete and the session is aged-out. A wireshark trace from my PC (our office is connected through the S2S VPN) to the Azure VM shows that the handshake never completes - there's the initial SYN then followed by 2 TCP retransmissions. From here, I'm not sure where to go or what could be causing this. I've attempted to verify the Azure and VM configs and from what I've seen so far, all network settings, configs and subnets are all the same. Both the accessible and non-accessible VM's are going through the default NAT and the default intra-zone security policies. I'd be grateful for any insight that can be provided to get me back on track with my Azure environment.
Thanks.
05-08-2018 12:30 PM
The device was rebooted and upgraded to the latest stable version which appears to have resolved the issue.
05-01-2018 08:23 AM
Hello,
An 'incomplete' means that the firewall did not have enough packets to confirm the application. In my experience it is usually due to a failed tcp 3-way handshake and/or routing issue. I would make sure the IP's you are attempting to reach are being sent down the S2S VPN tunnel to Azure.
Hope that helps.
05-01-2018 08:30 AM
I believe that @OtakarKlier is likely right in the assumption that the pragmatic VMs are not being routed properly, hence why the handshake is failing.
05-01-2018 01:40 PM
I establish a TAC case and reviewed with a rep for about an hour. After verifying the config and reviewing processes, we determined that the handful of problematic VM's were not populating on the ARP list, they were showing incomplete. The rep confirmed it is an odd issue and we're scheduling a reboot on the device and going from there. Thanks for the reponses.
05-08-2018 12:30 PM
The device was rebooted and upgraded to the latest stable version which appears to have resolved the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
