Azure Documentation

Troubleshoot Virtual Machine Connection Issues

This guide provides steps to diagnose and resolve common connection problems when trying to access your Azure Virtual Machines (VMs).

Ensure you have the necessary permissions to perform the actions described in this guide.

Common Connection Scenarios

  • Cannot connect to a VM using RDP (Remote Desktop Protocol).
  • Cannot connect to a VM using SSH (Secure Shell).
  • VM is unreachable from the internet or other Azure resources.
  • Slow or intermittent connection issues.

Step-by-Step Troubleshooting

1. Verify VM Status and Basic Health

  1. Check the Azure Portal: Navigate to your VM's overview page. Ensure the VM is running and shows a healthy status.
  2. Review Boot Diagnostics: If the VM is not running or is unresponsive, check the Boot Diagnostics in the Azure portal for console output that might indicate startup errors.

2. Network Security Group (NSG) and Firewall Rules

NSGs and VM firewalls are the most common culprits for connection issues. Ensure that traffic is allowed to reach your VM on the correct ports.

2.1. Azure Network Security Groups (NSGs)

  1. Go to the Network Security Group associated with your VM's network interface or subnet.
  2. Check the Inbound security rules.
  3. For RDP: Ensure there is an inbound rule allowing traffic on port 3389 (TCP) from your IP address or a trusted IP range.
  4. For SSH: Ensure there is an inbound rule allowing traffic on port 22 (TCP) from your IP address or a trusted IP range.
  5. Verify the priority of your rules. Lower numbers have higher priority. Ensure no deny rule is blocking your traffic.
Allowing RDP or SSH from 0.0.0.0/0 (any IP) is highly discouraged due to security risks. Restrict access to specific IP addresses whenever possible.

2.2. VM Operating System Firewall

The firewall within the VM's operating system must also allow traffic on the necessary ports.

  • Windows: Open Windows Firewall with Advanced Security and check inbound rules for port 3389 (TCP).
  • Linux: Use commands like sudo ufw status (for UFW) or sudo iptables -L (for iptables) to check the firewall rules and ensure port 22 (TCP) is allowed.

3. Public IP Address and DNS

Ensure your VM has a public IP address assigned, and that it's correctly configured.

  1. Check the VM's Networking tab in the Azure portal to confirm it has a Public IP address.
  2. If you're using a custom domain name, verify that the DNS A record points to the VM's public IP address.

4. Network Path and Connectivity

Use Azure Network Watcher tools for advanced diagnostics.

  • IP Flow Verify: Test if traffic is allowed or denied by NSGs for a specific IP, port, and protocol.
  • Connection Troubleshoot: Check network connectivity between your VM and a destination, identifying any network bottlenecks or blocks.
  • Next Hop: Determine the next hop for traffic flowing from your VM to a destination.
Azure Network Watcher Example

Example: Azure Network Watcher IP Flow Verify Tool

5. VM Agent and Extensions

Ensure the Azure VM Agent is running and healthy, as it's critical for many VM operations, including some networking configurations.

  • Check the Extensions + applications section for your VM in the Azure portal. Ensure all agents are provisioned and healthy.
  • Restarting the VM agent can sometimes resolve issues.

6. Service-Specific Issues

6.1. RDP Connectivity Issues

  • Client-side firewall: Ensure your local machine's firewall isn't blocking RDP connections.
  • Remote Desktop Services: Verify that the Remote Desktop Services are running on the Windows VM.
  • Credential issues: Double-check username and password. Consider using the "Reset Password" option in the Azure portal if unsure.

6.2. SSH Connectivity Issues

  • SSH Client Configuration: Ensure your SSH client (e.g., PuTTY, OpenSSH) is correctly configured.
  • SSH Keys: If using SSH keys, verify that the public key is correctly deployed to the VM and the private key is used on the client.
  • SSH Daemon: Ensure the SSH daemon (sshd) is running on the Linux VM. Check its status with sudo systemctl status sshd or similar commands.
  • Permissions: Check file permissions for ~/.ssh/authorized_keys on the Linux VM. They should typically be 600.
For Linux VMs, you can reset your SSH public key and user credentials using the "Reset SSH configuration" option under "Support + troubleshooting" in the Azure portal.

7. High Availability and Load Balancers

If your VM is part of a Scale Set or behind a Load Balancer, check the load balancer's health probes and backend pool configuration.

  • Ensure health probes are configured correctly and are reporting the backend VMs as healthy.
  • Verify that the load balancer's inbound rules are forwarding traffic to the correct backend ports.

Further Assistance

If you've followed these steps and are still experiencing connection issues, consider:

  • Reviewing Azure service health for any ongoing incidents.
  • Collecting detailed logs from the VM.
  • Opening a support ticket with Microsoft Azure for in-depth assistance.