I changed the firewall (on windows server ) of an Amazon EC2 instance to accept the Remote Desktop connections only for a specific IP address .
Once changes are done , i lost connection and i am no longer able to access the instance .
my question is :
is there a way to access this instance again or is it completely lost ?
You might be able to use Windows Remote Management (WinRM) to open a console to the machine and change the firewall setting from the command line.
WinRM uses port 5985 and it is on by default on some windows images on EC2 (not all of them). Try opening port 5985 in your security group and log in with a Powershell client.
There are some instructions on how to use powershell for WinRM here: How to programmatically/remotely execute a program in EC2 Windows instance
You can run the steps in the script manually.
Related
Having created a Windows Azure VM and opened ports 3389 and 22 for inbound RDP and SSH connections, respectively.
I can successfully connect to the vm via RDP from a remote Windows PC.
Testing SSH connection in the Portal succeeds. However trying to connect from a remote Linux VM using SSH fails.
Given that SSH connection test within the portal succeeds, it suggests that (1) it is possible to SSH into a windows VM; and (2) there is no other config require on the server ie installing OpenSSH (or similar) / Copying over key file(s) to some location etc. However, the help steps in the Azure Portal for my Windows VM, for making remote SSH connections suggest that maybe a public key needs to exist on the server and that I need the private key on the LinuxVM I am trying to connect from.
Please could someone help me understand if ssh into windows Azure VM is possible and if so, the requirements / minimum set of steps (on the target Windows VM and the source Linux VM) I need to get to a state that I can successfully SSH.
Other posts re similar question posted have not helped me connect via ssh. I have not found a 'golden source of truth' on Microsoft docs. Maybe I missed it.
Thank you.
A Windows Server doesn’t typically come pre-built and ready to go with SSH access and it requires some setup. You can follow this to set up your Azure VM for SSH access. You can configure SSH on a Windows Azure VM for access, check out How to Set Up OpenSSH on a Windows Server. After deploying the OpenSSH, you can follow the steps about connect via SSH with client in the Azure portal on your Linux client to access that Windows VM via SSH.
I am trying to rdp from my local mac to an Azure instance through a (IKEv2) vpn connection. I am never prompted for a password, and it looks like the connection just times out. The error code I get is 0x204.
I have tried using both Microsoft Remote Desktop 8 and 10 for mac.
The connection is active and reports that it is connected.
From the mac, I can connect to another VM (in the same azure account) which is not running behind a vpn.
From Parallels Desktop (with networking set to Shared mode and the vpn connection active on the mac), I can successfully connect using the windows rdp client.
So it seems the Microsoft RDP-client for mac is not using the vpn connection.
Is there a way to make it do so?
Is there another solution, that will allow me to rdp to an Azure VM from my mac (without going through Parallels)?
Note: This is not the same question as this, since that is not about going through an azure vnet gateway.
I needed to add hosts file entries for each azure site I needed to access.
For example for accessing my-vm-name.someregion.cloudapp.azure.com, I needed to add a hosts file entry for it's private IP within the subnet. E.g. 10.2.0.100.
The reason everything worked in Windows under Parallels, is that the relevant entries had already been added to the hosts file previously.
I want to have a SSH connection from my local windows machine or VM on my computer to Azure windows server VM. I tried Cygwin and Putty but both of them gave timeout connection. I used public ip address and opened port 22 on Azure VM.
I will appreciate if some one can give me any hints or links.
There are multiple firewalls that can be the reason here. Fist you must have a rule on the server to allow incoming SSH requests (port 22). Then you need to configure the NSG(Network security group) to allow incoming on port 22. If it still doesn't work, you need to verify that you are allowed to do an outgoing SSH request from your computer.
Thanks for suggestions, I found the problem which was the host machine IP address(ipconfig) (where is a local VM inside domain) was different from the IP address that communicate outside the domain to internet. I was set in NSG of Azure VM to only accept this IP and because of that it gave time-out error. After changing the IP it works.
I was only provided an Amazon EC2 Window Instance: ec2-54-200-63-126.us-west-2.compute.amazonaws.com.
When I try to connect to it by using Remote Desktop Connection. It notify that:
Rmote Desktop can't connect to the remote computer for one of these reason:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network
I had searched for an hour and see that I have config something with this instance?
Is there any guide, blog, website for config new instance to be connected?
Have you configured a security group (basically a firewall) for the server that has the RDP port open?
I am having trouble connecting to an Amazon Elastic Cloud Computer Instance via a browser.
I attempted going to ********.compute-1.amazonaws.com , but the browser returns that the connection has timed out.
I can connect via ssh and winscp. That is how I uploaded a web app I developer. I have also created a security group and added rules to open ports 22 and 80.
Do I have to assign the security group to the instance somehow?
The security group's rules also do not have a source IP, well they do its 0.0.0.0/0
I would really appreciate any and all help in getting this site ' viewable ' via a browser.
By default, your instances will only be in the default security group. If it's an EC2 instance you cannot change security groups while the instance is running, you'll have to specify them in advance. If it's a VPC instance you can change security groups at runtime.
Add the rule to the default group
You can however add the rule to allow port 80 to that default security group; just don't create a new security group as it can not be associated with the running instance.
Is the web server up?
Also, make sure that your web server is up and running. From your instance (using SSH shell access), check if the right process is listening on port 80, using the command netstat -lnp. You should then see a row with proto tcp and a Local Address ending in :80. The IP Address listed should be either 0.0.0.0 (meaning 'any IP') or a specific IP of a listening network interface.
Web server not up
If you are in need of a web server, take a look at Apache or Nginx. They both support PHP.
Hope this helps.
I had also faced similar issue with ec2 micro instance. I was using Red-Hat AMI. Despite of opening ports 8081 in security group, I was not able to a telnet to the host port. Disabling the iptable did the trick for me:
sudo /etc/init.d/iptables stop
Do not forget to disable firewall if you use windows for your server.
I faced the same issue while setting up redash AMI image on AWS. Inbound security rules should be changed when instance is not running. Let's say if the instance is running (meaning it's active and started); If you change the inbound rules of that machine you'll still face firewall issue. So Stop the machine on which you want to change the inbound rules on. Change the inbound rules. Start the machine now. Now you can hit the machine url from the ip you just opened the access to the machine to.
The EC2 instance firewall is maybe enabled.
Check it with this command:
sudo systemctl status firewalld
if enabled you can disable it with :
sudo systemctl disable firewalld
or setup rules to allow port 80 trafic