Exercise: Troubleshoot issue connecting virtual machine scale set

  • 7 minutes

You work as a support engineer supporting Azure infrastructure. You've been contacted by your web team about an issue with the website not responding. The web team have a pool of webservers behind a load balancer and public IP address.

Screenshot of a network topology diagram showing a pool of webservers behind a load balancer.

In this exercise, you'll use what you've learned to go through steps to troubleshoot the connection issues to the virtual machines.

Verify that the website can't be reached

Use the Cloud Shell on the right.

  1. Use this Azure CLI command to get the public IP address of the scale set.

    az network public-ip show \
--resource-group <rgn>[sandbox resource group name]</rgn> \
--name webPublicIP \
--query '[ipAddress]' \
--output tsv

  2. Copy the IP address, in a new tab in your browser, try to navigate to it.

Screenshot of the website not responding.

Check that Network Security Groups are configured correctly

  1. In another browser tab, navigate to the Azure portal.

  2. Search for Network security groups.

    A screenshot showing the virtual machine scale set is detailed.

  3. Under Services, select Network Security Groups.

    A screenshot showing that in this environment there are no NSGs created.

  4. Select webNetworkSecurityGroup.

  5. Check that internet traffic over port 80 is allowed by the Network Security Group.

    Screenshot of the Network Security Group inbound rules are correct.

Check the network settings for the virtual machines

  1. On the left, select Virtual Machines.

    A screenshot showing an instance in the scale set highlighted.

  2. Select the first virtual machine listed, in the above example this is webVirtualMachine1. In your environment this could be different.

  3. On the left, under Settings, select Networking.

  4. Note that port 80 is allowed.

  5. Repeat these steps for webVirtualMachine2.

Check the load balancer

  1. In the Azure portal, search for Load balancers, then under Services, select Load balancers.

    Screenshot showing searching for load balancers.

  2. Select the webLoadBalancer.

  3. On the left, under Settings, select Frontend IP configuration.

    A screenshot showing the frontend IP address highlighted.

  4. Check that there is a frontend IP address, and that this is the IP you tested at the beginning of this exercise.

  5. On the left, under Settings, select Load balancing rules.

    Screen shot showing the load balancing rules.

    Note

    There is a rule for port 80 and port 443.

  6. On the left, select Diagnose and solve problems.

Use the Diagnose and solve problems troubleshooter

  1. Select the No connectivity to the backend pool troubleshooter.

    A screenshot showing the No connectivity to backend pool troubleshooter.

  2. In the Tell us more about the problem you are experiencing drop-down box, select Intermittent connectivity.

  3. Scroll down and read the insight found.

    Screen shot of the connectivity results showing the backend pool can't be connected to over port 443.

    The insight points to the fact that the backend instances in the pool aren't listening for port 443. The website instances should be listening to port 80. This insight points to a problem in the load balancer rule.