I am having a weird issue that I can't quite wrap my head around. I know it focuses on an Azure resource, but I feel the issue is network/ISP related more than an Azure related issue -- hence the post here.
I have deployed an instance of Azure Files SMB for a client. let's call it companyfiles.file.core.windows.net
Azure Files SMB 3.0 runs on port 445 for direct connections and this share has a public facing endpoint with RBAC controls.
Connections to this resource works just fine on all of our sites except one out near the Poconos in Pennsylvania. Connections time out, Test-NetConnection and Telnet fail to connect to the port only at that site. I opened all ports on the site's router -- I even bypassed the router and firewalls entirely and hooked my laptop to their Brocade switch/modem, assigned the WAN IP and still could not connect to :445 -- While still connected I VPN'd to another site, works just fine so the resource is live.
We're using Adams Cable and they swear up & down that they don't block any ports for their customers, and I believe them. They ran an nmap scan from their data center to the IP of the Azure Files endpoint I am using and they found only port 80 and 443 open, not 445 which made no sense to me, but nmap scan to my WAN IP showed 445 open.
Azure has almost no settings for Azure Files networking on public endpoints so there's no configuration its an all-or-nothing config so nothing to mess up there; bypassed the site's firewalls and router so no issue there; used online port checkers against the Azure Files endpoint shows the relevant ports/services are open; to me it has to be the ISP or something upstream from our ISP?
On the ISP with no VPN it fails a Test-NetConnection but when I do a tracert from my laptop directly on their modem I get the below result
1 21 ms 1 ms <1 ms SITE.WAN.IP.ADDR 2 24 ms 25 ms 27 ms chi-8075.msn.net [208.115.136.27] 3 25 ms 25 ms 25 ms ae31-0.icr02.ch2.ntwk.msn.net [104.44.237.21] 4 34 ms 32 ms 32 ms be-122-0.ibr02.ch2.ntwk.msn.net [104.44.11.8] 5 32 ms 32 ms 32 ms be-4-0.ibr02.dsm05.ntwk.msn.net [104.44.19.253] 6 32 ms 32 ms 33 ms ae162-0.icr02.dsm05.ntwk.msn.net [104.44.22.188] 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. ... 30 * * * Request timed out.
What can I do to troubleshoot this further? Is the ISP blocking it? Is their upstream blocking it? I am far from a networking guru yet so I am stuck....
No comments:
Post a Comment