Azure Networking Documentation

Troubleshooting Connection Monitor

This guide helps you diagnose and resolve common issues encountered when using Azure Connection Monitor.

Common Issues and Solutions

1. Connection Monitor Agent Not Reporting:

  • Ensure the agent is installed and running on the source/destination machine.
  • Verify network connectivity from the agent to Azure Monitor/Log Analytics workspace. Check firewall rules and proxy settings.
  • Confirm the agent has the necessary permissions to send data to your workspace.
  • Check agent logs for specific error messages. Common locations: C:\ProgramData\Microsoft\Azure Network Watcher\logs on Windows, /var/log/azurenetworkwatcher/ on Linux.

2. Tests Failing or Showing High Latency/Packet Loss:

  • Check Network Path: Use Connection Monitor to trace the network path and identify hops with high latency or packet loss.
  • Firewall Issues: Ensure that firewalls (both network and host-based) between the source and destination are not blocking the traffic used by Connection Monitor (e.g., ICMP, TCP ports 80, 443, or custom ports).
  • Network Congestion: High latency or packet loss might indicate congestion on the network path. Analyze network traffic patterns.
  • Resource Utilization: Check CPU, memory, and network utilization on the source and destination machines. High utilization can impact performance.
  • Azure Service Health: Review Azure Service Health for any ongoing incidents that might affect networking services in your region.

3. Configuration Errors:

  • Source/Destination Mismatch: Double-check that the source and destination endpoints are correctly configured with the right IP addresses or resource IDs.
  • Test Group Configuration: Verify that the protocols (TCP, ICMP, HTTP/S), ports, and frequency settings in your test groups are as intended.
  • Workspace Permissions: Ensure the Connection Monitor resource has read access to the specified Log Analytics workspace.

4. Cannot Create Connection Monitor Resource:

  • Permissions: Verify you have the necessary RBAC roles (e.g., Network Contributor) in your Azure subscription.
  • Region Availability: Ensure Connection Monitor is available in the Azure region you are deploying to.
  • Network Watcher Enabled: Make sure Azure Network Watcher is enabled in the region for your subscription.

Advanced Troubleshooting Tips

  • Leverage Log Analytics: Query your Log Analytics workspace directly to gain deeper insights into connection test results, agent status, and potential errors. KQL queries can be powerful for analysis. 
    AzureNetworkAnalytics_CL
| where TimeGenerated > ago(1h)
| where ResourceProvider == "MICROSOFT.NETWORK" and ResourceType == "CONNECTIONMONITOR"
| project TimeGenerated, TestGroupName, Source, Destination, Result, RTT, PacketLoss, Protocol, DestinationPort
  • Network Packet Captures: If other methods fail, consider taking network packet captures on the source and destination machines during test execution to analyze the actual traffic flow.
  • Use Azure Network Watcher Tools: Complement Connection Monitor with other Azure Network Watcher tools like IP Flow Verify, Network Security Group Flow Logs, and Packet Capture for a comprehensive network diagnostic view.

For more detailed information and specific error code explanations, please refer to the official Azure documentation.