I have a couple of ec2 machines and need to inquire about any RDP sessions (connections) to those machines. I have tried various methods but I get access denied or 'RPC server is unavailable' messages. Although port 3389 is opened.
Here is the report on the methods I have tried:
RDP - works.
Ping - unable to ping.
Terminal Services - says 'Server not found'.
Query session - says 'RPC server is unavailable'.
Get-TSSession (Terminal Services module in power shell) - says 'RPC server is unavailable'.
I believe I had a problem either understanding the terminal services correct or the ec2 instance. Help would be much appreciated.
You're on EC2, so you have security groups to contend with as well as the local firewalls on the instances.
For remote management of those windows machines, you are going to want to ensure your security group settings allow inbound access to TCP 139, TCP 445, UDP 137, UDP 138, and that the local firewalls on those machines allow inbound as well.
DO NOT open those ports to the world--only allow access from well-known static IP addresses, or use VPC.
Related
the Terminal just says:
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection timed out
Here are the firewall rules.
I can't ssh into the VM so I cant change the firewall rules on the VM
Please Help.
First, double-check your IP address: it must match your Oracle Virtual Cloud Public IP Address, assuming it is a reserved one (meaning it is a fixed one)
Second, check your local firewall: you cannot change the remote ones, but the local rules might still block your SSH traffic.
As mentioned here:
ust by opening the port through firewall and security lists will not allow new incoming connections. Ex: unless there is a service listening on port 443 (Tomcat etc), you will be unable to connect. Same with SSH daemon for port 22.
So make sure the SSH daemon is up and running.
Check also Default Security List
Unlike other security lists, the default security list comes with an initial set of stateful rules, which should in most cases be changed to only allow inbound traffic from authorized subnets relevant to the region that homes that VCN or subnet.
A list of authorized subnet ranges relevant to each region can be found here .
In particular:
Stateful ingress: Allow TCP traffic on destination port 22 (SSH) from authorized source IP addresses and any source port.
This rule makes it easy for you to create a new cloud network and public subnet, launch a Linux instance, and then immediately use SSH to connect to that instance without needing to write any security list rules yourself.
You can mount your machine drive to some other machine, edit sshd config and mount it back.
That helped me :D
See this ref: https://blogs.oracle.com/cloud-infrastructure/post/recovering-opc-user-ssh-key-on-oracle-cloud-infrastructure
I want to have a SSH connection from my local windows machine or VM on my computer to Azure windows server VM. I tried Cygwin and Putty but both of them gave timeout connection. I used public ip address and opened port 22 on Azure VM.
I will appreciate if some one can give me any hints or links.
There are multiple firewalls that can be the reason here. Fist you must have a rule on the server to allow incoming SSH requests (port 22). Then you need to configure the NSG(Network security group) to allow incoming on port 22. If it still doesn't work, you need to verify that you are allowed to do an outgoing SSH request from your computer.
Thanks for suggestions, I found the problem which was the host machine IP address(ipconfig) (where is a local VM inside domain) was different from the IP address that communicate outside the domain to internet. I was set in NSG of Azure VM to only accept this IP and because of that it gave time-out error. After changing the IP it works.
I have hosted web application (developed in PHP) on Amazon EC2 micro instance. As per default setting, i can access 80, 22, 443 and 3306 ports from remote locations means from Home(terminal window) using telnet command.
I want to open another custom TCP port XXXXX. I have added that port in Security Group. when i am trying to connect that port through telnet command it is always show "Connection refused".
I have been trying to solve this issue for 3 days but could not get successful solution.
Help would be really appreciated.
Thanks
Adding a port in security group (inbound) ensures that the port can be accessed from outside. Please check following
Is the port open for anywhere (0.0.0.0/0) or for a custom IP. If for custom IP, please check the IP of your machine (search 'what is my ip' on google).
Is there any application listening on the port on EC2 machine.
I'm being in a tough spot, having created 2 different virtual machines on Azure, with windows server 2012 R2 OS. I'm trying to host a game server for a game, which requires ports 7777 and 27015 opened.
What I did is simple, I went into the panel, set-up endpoints for 7777, 27015, for UDP and TCP, and added exceptions to firewall as well for incoming/outcoming 7777, 27015 TCP and UDP.
canyouseeme.org still apparently can't find my service and shows me the ports are not opened. It shows my remote connection port is opened though. What am I doing wrong? Is there anything more that I need to know?
Image showing forwarded ports
If you opened the ports on your Firewall and on the Endpoints screen you are probably fine to game. The problem is probably with the utility that you're testing with and not the ports themselves.
I logged onto an Azure VM that I know I can remotely connect to, tested an open port that I know is open with that website, and it said it did not find it. Maybe that site is using Ping, which gets stuck in Azure's load balancer. To test connectivity, try using PSPing. This will let you test connections to specific ports. https://technet.microsoft.com/en-us/sysinternals/bb896649
i wan to install FTP service on my amazon Ec2 window instance,
i have some questions regarding this.
which is a good FTP demon to install on EC2 service for windows on EC2 instance.
can we install FTP same as we can do on window server with window CD.
any tutorial or videos of installation and configuration FTp on Ec2 server which help we?
kindly help me in this regards. Thanks
Here you will find a great tutorial that explains also the inner workings and problems you might encounter trying to setup an ftp server on amazon EC2 instance.
It also explains why just opening port 21 on the amazon firewall will not work. The example there uses the free filezilla ftp server and client but any can be used.
http://me-ol-blog.blogspot.com/2011/03/how-to-install-ftp-server-on-amazon-aws.html
Edited (24-sep-2013):
Because the best policy practice for stackoverflow says not to rely on links, i copied the info from my blog to here:
How to install an FTP Server on amazon AWS EC2
This seems to be a big issue as people usually waste a lot of time on this.
The problem lies with 2 elements: the security group settings & the ftp server settings.
FTP is not considered a good solution for passing files between EC2 instances and your computer as it is not firewall "friendly" - you can't just open port 21/TCP on the amazon security group settings because the server is actually sitting on a NAT address and when an ftp client connects to an FTP server using PASV mode then the server tells the client which port and which address to use for the data stream (like directory listing).
If you want an alternate easy solution for transferring files between yourself and the EC2 instance then setup a dropbox on both machines - it doesn't get easier than this... :)
If you still want to set up an FTP server on your EC2 instance then read on...
Typically, people just try to open port 21 and then try to connect and get something similar to:
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Response: 425 Can't open data connection.
The solution is (and for this example I will explain how to perform the setting on FileZilla FTP server on windows):
1. FileZilla FTP server: Edit-> settings -> Passive mode settings:
(x) Retrieve external IP from:
http://ip.filezilla-project.org/ip.php
[ this tells the ftp server to perform a 'whatismyip' and give that to the ftp client, you can also specifically put the address DNS name you use in your remote desktop in the "Use the following IP:", e.g., ec2-6-100-129-60.compute-1.amazonaws.com ]
(x) Use custom port range:
1024-1048
[ these are the ports that will be given to the ftp client - we will open them in the following step in the Firewall ]
2. Amazon security groups: open ports -
a. Custom TCP rule , Port range:21
b. Custom TCP rule, Port range:1024-1048
3. Turn off the windows firewall on the EC2 machine (you don't need it - you have the amazon firewall)
That's it, and just as side note, you don't need to use Elastic IP feature for this to work.
Also don't forget to set your client to use PASV mode (which is typically the default).
You can verify this works by reading the answer the server gives the client when it enters PASV mode:
Command: PASV
Response: 227 Entering Passive Mode (174,149,71,102,4,7)
This response means: "Yo FTP client, use 174.149.71.102 and port 4*256+7=1031"
The Windows EC2 instances are all Windows Server 2008. The easiest thing to do would be to enable the built-in FTP functionality.
See http://www.youtube.com/watch?v=QsGPqkobCs8.
Many people are suggesting to 'Turn off' the Firewall on Windows. It seems easy to get away from confused firewall configuration, but long run it's not good security practice.
Blog may help to configure the FTP step by step with IIS 7.x
http://clouditops.blogspot.in/2016/12/ftp-configuration-on-aws-iis-7x-server.html