Azure networking - TCP ports blocked

Hi
I have a two-node SQL Server 2014 'SAN less' Cluster running in Azure (using SIOS Data Keeper as the 'SAN disks'). I have setup an Internal Load Balancer (ILB) that points to my SQL Cluster name (sqlcluster). However my external application needs to talk
to 'sqlcluster' over ports 135 (Endpoint Mapper) and 445 (SMB). This traffic is blocked in Azure. How can I allow this?
All of the above works in my on-premise world - just not in Azure.
Thanks

Update:
I noticed that quite a few windows updates were available, so I applied almost everything (a few failed). After the restart, I started Xming, and immediately got a firewall security dialog window, which I did not get before. I selected "public networks",
"private networks" was already selected, and selected "allow".
The above caused two new firewall rules to be created, but the guest -> host connection is still being blocked.
I've tried with firewall on and off: no difference.

Similar Messages

  • TCP port blocked

    I am getting an "...unable to connect to server due to network security (TCP port 8080 blocked)" message. Any idea what settings should I change before going to SFR support? BES not enabled. 

    This will have been a false alarm triggered during the 7.7 upgrade.  The warning occurs when a site fires an event but does not have a current heartbeat connection.  I suspect this was caused by bad sequencing of a service restart and we will look into how that hapened.  The upgrade started yesterday at 9am and was completed at noon US-CST.
    Logs show a large number of these events were triggered between 9:30am and 10:20am CST.  If you are still receiving these, please let us know so we can investigate further.
    Andy

  • What incoming public TCP ports are blocked?

    I just setup my 890L to forward incoming public TCP ports to to a couple of my LAN devices.  Unfortunately, it looks like VZB is purposefully blocking common incoming TCP ports. 
    I tried searching on google.com for what ports are blocked; but, just found a bunch of posts like this one.  Some people actually tried contacting 1st and 2nd tied VZB tech support about this; but, it's clear they don't have this information available to them.
    Has anyone verified what incoming public TCP ports are not blocked?  There's no easy way for me to test this using my 890L.

    You can find out for yourself which ports are being blocked by using a Port Query utility.  Depending on the OS of your computer there should be multiple utilties available for free floating around.
    As we have seen numerous times before, devices on VZW's new SIM card/4G LTE network are blocked from many of the public facing services and features we have previously been dependant on.  Public IP Addresses, Public Ports, Webcams, VOIP phones, etc. all suffer under the same umbrella of limitations on the new network.  The list is too long to publish everything that is blocked or not working as it previously did.  Much easier for you to post the requirements of your application and have us confirm if its working or not.
    If you have not already experimented with VPN's I'd suggest checking them out.  VPN's are one of the easiest ways around these new limitations.  With a VPN enabled your device will tunnel all of its communications out an allowed port to a VPN server where your traffic is free to act normally before returning to you.

  • Bridged Wireless Blocks TCP Port 9100?

    On one of my networked computers, HP "Solutions Center" driver says HP 6310xi networked printer is connected, shows detail status & will print the HP diagnostic report direct to printer. Windows 7 shows printer on network map, & gives detailed status & setup info from printer internal data via IE through printer's IP address page (192.168.1.100); i.e. I can ping it. However, Win 7 printer control panel shows printer as "offline" on printers list & just ques up print requests. Troubleshooting gives error message "turn power on printer". Other networked PCs print OK. Bad computer is on a separate subnet of my home network, with a LinkSys wireless bridge WET610n connection, & printer is on another wireless LinkSys WET610n subnet. My network is totally LinkSys N, with a WRT 610n as main hub. All other network functions work for all other devices on the network, including DirecTV DVR receivers & Wii console!! I have moved the printer to the other subnet, & the problem is now mirrored by the computer on the remote subnet. It is not a firewall problem, but appears that the variables are the 2 wireless bridges that seem to conspire to block TCP port 9100 when in series. A single WET610n between the printer & a computer allows printing, proven by my roaming wireless laptop having access through the WET610n via the central wireless router. Very stange!! CTH

    If I understand correctly, you have a Linksys WRT610N as your main wireless-router with two satellite Linksys WET610N configured as Ethernet bridges -- right?
    You also have this setup:
    Win7 PC -> WET610N -> WRT610N -> WET610N -> Officejet 6310
    If I got this right, then the issue is probably the transit delay between the Win7 PC and the Officejet confusing HP's Solution Center.
    I think you have two options:
    1) Connect the Win7 PC directly to the WRT610N or connect the Officejet 6310 directly to the WRT610
    2) Manually install the printer.
    Let's try a manual installation:
    1. Click >> Start >> Control panel >> Printers.
    3. Click the Add a printer
    3. Select Local printer
    4. Select Create a new port and select Standard TCP/IP Port and click Next button.
    5. Under Device type, select TCP/IP Device. Under Hostname or IP address, enter the printer's host name (found on the printer's network configuration report the generated above). Click Next.
    If you get a message about Additional Port Information Required, then the printer was not found using the host name. You can go back and retry or using the printer's IP address instead of the host name.
    6. Select Hewlett-Packard from the list of manufacturers and select and select your printer model. Click Next.
    If your printer model was not listed, then select Have Disk, browse the HP CD that came with your printer and select the first file that starts with hp and ends with inf. Click Open then OK. Select your printer model. Click Next.
    7. If you are asked, use the currently installed driver.
    8. It will ask for the Printer name -- enter a new name or use the existing one. This will be the name of the printer that you select from other applications.
    9. You may be asked to share the printer. Make a choice and click Next.
    10. The Print Test Page box appears. Go ahead and print it.
    11. Click Finish.
    That should be it.
    Regards / Jim B / Wireless Enthusiasts
    ( While I'm an embedded wireless systems engineer at work, on this forum I do not represent my former employer, Hewlett-Packard, or my current employer, Microsoft )
    + Click the White Kudos star on the left as a way to say "thank you" for helpful posts.

  • Gathering network statistics on specific tcp ports

    I have an application on Solaris 10 with one local zone and it listens on a few tcp ports.
    I want to write a script to find out if a network latency occures on one of these ports.
    I dont want to use "time telnet ..." because in that way I'll need to sample many servers from one place.
    netstat -sP tcp also does not fit my needs, because I want to distinguish between tcp ports.
    Thanks a lot

    I have an application on Solaris 10 with one local zone and it listens on a few tcp ports.
    I want to write a script to find out if a network latency occures on one of these ports.
    I dont want to use "time telnet ..." because in that way I'll need to sample many servers from one place.
    netstat -sP tcp also does not fit my needs, because I want to distinguish between tcp ports.
    Thanks a lot

  • Create TCP port monitor to ping windows server or network device

    Dears
    I'm trying to create TCP port monitor which tests the ping of a remote network device or windows computer from the watcher node, but I don't know which port to use, is there a specific port number?
    Thanks
    Mohammad, IT NOC Team

    I also would like to share the following article with you. It is a sample script that will use netstat –an to check the TCP ports currently in a listening state on the local system 
    and parse the output to determine that the defined TCP port is in a listening state.
    http://operatingquadrant.com/2009/08/13/scom-locallly-monitoring-a-listening-tcp-port/
    Niki Han
    TechNet Community Support

  • Bypassing TCP port 25 restriction (i.e. worst ISP EVER; Mail is not allowed

    Hi
    The private company that runs my DOES NOT ALLOW Smtp connections on its "hi speed internet connection".
    Meaning that Mail cannot function and I have to check via webmail.
    I'm serious.
    Their FAQ states:
    Can I use email clients such as Microsoft Outlook or Outlook Express to send and receive emails?
    No, you will only be able to use web browser based email such as Hotmail or Gmail; this is due to limitations (on TCP port 25) which have been implemented to protect you against other computer users sending unsolicited bulk emails (SPAM) via your computer.
    Does anyone know a way to get around this as I NEED the functionality of Mail.....
    Also,
    Are all British ISPs this ridiculous?
    Dieing to find a solution to this....... Many Many Many Many Thanks
    PS. I already paid extra ($250USD) to enable 'super' internet which doesnt throttle VOIP, STREAMING, gaming, P2P etc.
    Luke

    Beginning January 1, 2006 Port 587 has been standardized as the port to use for authenticated SMTP servers although most will still work with Port 25 as well. More and more ISPs are blocking port 25 as various jurisdictions are holding them responsible for spam and/or viruses originating on their network. With unauthenticated SMTP anyone can send using that server whether they have an account or not. So the ISPs block that port with the sole exception of their own SMTP server so they can scan the messages for spam and viruses. With an authenticated SMTP server where a valid account id and password are required to send messages the provider of the server assumes the responsibility for scanning all traffic through their server thus relieving the ISP of the liability.
    Whether you think this is a big brother step or not, with estimates that spam on the internet is running as high as 70% of all email traffic, if it weren't for restrictions like this email would rapidly become an unusable tool. The only annoying thing I have found about this is how few ISP Tech Support people know about this. To often their solution is "you can only use another email provider through their webmail interface."

  • What TCP ports are used by Push notifications

    I believe my Firewall is blocking Push Notifications on my iPod touch. So, I wanted to discover what the TCP Ports are that are used by Push so I could open those ports to pass packets (info) to my iPod.

    See:
    http://support.apple.com/kb/HT3576
    "If you are still unable to receive notifications and you are using a Wi-Fi connection, verify that the network or firewall is not blocking access to port 5223."

  • What Network Firewall Ports Needed For Music Store?

    My PC is on a network that is firewalled to the the Internet. All ports are blocked except for those explicitely enabled, such as port 25 for E-mail, port 80 for browsing, etc.
    When the Windows Firewall is disabled, my PC cannot get past the the Music Store's home page. All links are inoperative.
    When I connect my PC to another router/firewall, that bypasses my network's firewall, I can navigate the music store.
    I believe I have a blocked port issue when the PC is connected to my network.
    Can anyone tell me what Internet/TCP ports I need to have open for the iTunes music store and for QuickTime?
    Thanks for the assist.
    Regards.

    hiya!
    Since you say that iTunes is using standard browser ports, then perhaps it's my network's Proxy Server that iTunes doesn't work well with.
    it might be worth checking on these possibilities:
    iTunes for Windows can't access the Internet if proxy settings are incorrect
    ... but also see:
    iTunes for Windows: Music Store - Using With Internet Filters or Accelerators
    love, b

  • Unknown open TCP ports on router

    Anyone know how to close these open ports on my Cisco 7606 router?
    Anyone know what these TCP ports are used for?
    49   - Not sure what this one is other than what IANA reports about TCP port 49
    4510
    4509
    2222
    I'm sure I could add an ACL to block communications to my router based on this ports but would rather figure out how to close 'em so this already overloaded router doesn't have additional processing.
    Cisco-7606# sh tcp br all
    TCB       Local Address           Foreign Address           (state)
    12EFC1C0  172.16.8.3.14401        10.8.2.14.49              TIMEWAIT
    1CC4F57C  172.16.8.3.26963        10.8.2.14.49              TIMEWAIT
    1A419F90  0.0.0.0.4510            *.*                       LISTEN
    1C581740  0.0.0.0.4509            *.*                       LISTEN
    1A417BBC  0.0.0.0.2222            *.*                       LISTEN
    12FB03A8  10.8.10.2.2222          10.8.1.42.4690            CLOSEWAIT
    12FB099C  10.8.10.2.2222          10.8.1.42.2233            CLOSEWAIT
    12FA7DF0  10.10.0.3.2222          10.8.1.15.4878            CLOSEWAIT
    1CD47780  10.10.0.3.2222          10.8.1.15.3917            CLOSEWAIT
    1CDDBCE0  10.8.10.2.2222          10.8.1.42.3964            CLOSEWAIT
    Cisco-7606# sh ver | i image
    System image file is "disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRD3.bin"
    Tks
    Frank

    Frank
    I can offer some suggestion about one of your port numbers. TCP port 49 is used for TACACS. If you are using TACACS for authentication, or authorization, or accounting then we know why port 49 is open and blocking TCP49 will prevent TACACS from working with your router.
    I have no insights or suggestions about the other port numbers that you mention.
    HTH
    Rick

  • Smbclient wants to connect to TCP port 139

    On my Powerbook, using Little Snitch under certain conditions (undetermined) I get the following message repeatedly, I am not connected to a network (except for Airport) or printer:
    The application "smbclient" wants to connect to 192.168.131.65 on TCP port 139 (netbios-ssn)
    What is this all about - thanks.
    PB G4 Al 17"    

    Airport is as much of a network as Ethernet is. Port 139 is the normal port for SMB connections. (At the terminal, try "grep 139 /etc/services".) What you want to do is figure out where your Powerbook was connecting to a Windows file or printer server on network 192.168.0.0 or 192.168.131.0. Are either of those the network address for your Airport network? You can see this in your Network settings.
    Login Items is the first place to look for an alias that might trigger an automated mount, but another application (other than the Finder) could be looking for a file server, too (as another posted mentioned). You could try to grep for "192.168.131.65" in all the files in your Preferences folder, except if you have 10.4 they might all be binary now and you'd have to convert them to xml text first, using plutil (again in Terminal).

  • LMS 4.2 Why is TCP port 514 used and how to close it?

    An internal security scan showed that TCP port 514 is open on the Cisco Prime LMS 4.2.4 server.  The security team is concerned that this port is commonly used for rsh, which is not encrypted and may use plain text logins or poorly authenticated logins.  The port being open is documented in the "Installing and Migrating ..." manual for LMS 4.2 where it says that this TCP port 514 is used for Remote Copy Protocol in the direction from the server to device.  The well-known port associated with a service is usually on the target host, not on the host that initiates the connection, so this is a little confusing.  I see that there is no rsh service in /etc/inetd.conf, but there is an rsh service in /etc/xinetd.conf.  This LMS is not configured to use RCP for anything, as far as I can tell.
    Can I close TCP port 514 on this server without disasterous results, and how do I do that?
    Or, how do I satisfy the security team that having this port open is not a security concern?
    Thanks for any help.
    Dave

    I have a love/hate relationship with security audits like that. Happy to know the profile of a server but then hating to have to justify everything their "report" "concludes" (95% of which is usually just dressed up too output from Nessus or whatever).
    Problem is with appliance servers running a packaged application like LMS, mucking with the OS settings (rc files etc.) can break things in unexpected ways. I'm more in favor of putting it on a segmented network and applying access-control lists or firewall rules inbound vs. trying to take apart the system and put it back together using only the parts you think are necessary (a bit of hyperbole there but it's to make a point).
    Call it defense in depth and declare victory and then move on with using the tool to actually manage the network instead of defending its configuration to the Stasi.

  • Need Help on Port Blocking in ASA

    Dear All,
    I have configured firewall and allow only port 443 and deny all tcp ports for destination, but when i am scanning from port scanner it shows several tcp ports are enabled.. need your seuggestion and help on it.. how to block these tcp ports..
    Early response is required..
    Thanks

    Hi,
    Still don't know the ports that were supposedly open.
    Though if that is the ACL you have bound to the "outside" interface on the ASA then it should be blocking the connections through the ASA for everything else other than the TCP/443 for a single destination IP address.
    Then there is naturally the ASAs own services and ports on which its listening on.
    You can check that with the following command
    show asp table socket
    Most likely the ports that are open on the ASA are the ones used for management purposes perhaps
    Those set with the following commands
    telnet
    ssh
    http
    You also have the option to create an ACL that blocks all traffic to the ASA "outside" interface IP address. You can then attach it with "access-group" command
    access-group in interface outside control-plane
    This would limit the "To the Box" traffic. Though the above mentioned management commands "telnet", "ssh" and "http" would still override this ACL.
    - Jouni

  • Database link TCP ports

    We installed database link between two Oracle databases. Does anybody know on whitch TCP port it communicate ? I know only about port 1521. Problem is that we have firewall between computers and we need to enable Oracle communication between them.

    avalanche333 wrote:
    I am attempting to create a database link from a very locked down server (Database A) to Database B which is on my internal network.
    Can someone tell me what ports I need to open in the firewall for a database link to work correctly? My Database B instance is a XE instance running on the default port 1521.
    Thanks,Hans and Devotee have given you the best info so far. I'd like to expand and clarify slightly on their comments.
    There is really nothing special about a db-link. It is just another client process, being used by the 'client' database. It uses exactly the same networking pieces as does sqlplus on the same machine. All of the same considerations are there ... tnsnames.ora on the client machine matching up with the listener configuration on the target machine, listener ports, port redirection for establishing the actual server process, etc. I would start by getting a sqlplus connection working. When you have that, you know you have all of your network configuration issues resolved. At that point any issues you have with the dblink will be in the link definition itself.
    And as Hans pointed out, databases don't run on port 1521. It is a conceptual mistake to think of the database as "running" on any port. By default the listener uses port 1521 to listen for connection requests. The database knows nothing about that. It is also very easy, and not that uncommon, to configure the listener to use another port instead of or in addition to 1521, so it is also a mistake to treat port 1521 as if it were some immutable value.

  • IPhone tethering to get around port blocking

    Hello all. My company/institution blocks imap port 993 so that email is not stored locally on company computers. (I find this unreasonable but it is their choice). However, sometimes I bring my laptop from home and wish to access my mail using Mac Mail. I can do so using my iPhone as a modem, however the sweet solution would be:
    - use company network for all requests except imap
    - use the iphone when accessing imap and other blocked ports
    This way i would not chew up my monthly data usage on the iphone, but be able to access blocked ports. Is there a good solution to do this other than manually connecting disconnecting the internet connections i.e. keep both lines open.
    Thank you.
    Message was edited by: patchling

    Well:
    a. It is my laptop
    b. I would not be using their network for downloading the imap data
    c. I would not be downloading the data onto their computers
    The policy is there to prevent imap downloading onto company computers, or more specifically through their network. As an unfortunate side-effect it prevents my computer from accessing imap email via the network. I am, however, allowed to hook up my lap top to the network.
    I would not be doing anything on their network. This is not a question of how to bypass their port blocking using funky ssh tunnels or the like. The question is how to run two internet connections at the one time (if possible), using one for the bulk of internet traffic and the other for connections disallowed by the first.
    The last paragraph of your response was useful and so I thank you for that. The 1st paragraph has nothing to do with what I am asking.

Maybe you are looking for

  • Calendar/All Day Event NOT SHOWING ANYMORE!!

    First of all this is the reason why I bought a BB. When I got the phone in Sept all of  my All Day Events would pop up first thing in the morning and not go away until I dismissed them. Now, don't know what has happened my all day events do not pop u

  • Closed lid video out

    Is it possible to close the lid and have the DVD playing continue when theto the mini DVI port is connected to an external display device?? Thanks Lewis

  • A URL will not load in Firefox (it does nothing) but will load in Safari; some other URLs also have a similar problem.

    In Safari with the above website, I cannot "View Source". Also, I have the same problem viewing images of patents at the USPTO, again probably a similar problem. Perhaps the web address isn't HTML but is an image format not supported by Firefox. Perh

  • Order of purchased playlist not changing

    I have an odd problem. Back in December, I purchased 2 songs back to back. One of them was purchased from my phone and then I purchased the other one through ITunes on the computer, and it was downloaded to the phone right away as always. However, wh

  • ESS Team Calendar comming as Table for some users

    Hi, When the users navigate to ESS -> working Time -> Leave request -> Team calendar Then for some users it coming as Table, while for other it is coming as proper chart(graphics). We want the it as chart(graph) for all users. Any suggestions? _visha