CODEWITHSUNDEEP
azureazure-web-app-service
elvir.dolic
elvir.dolic

Reputation: 241

Azure Hybrid Connection to HTTP Service

I have created successfully a Hybrid Connection (ServerA) and linked it to my Azure Web App. The status is successfully connected: ServerB:1010 is defined

On My On Premise machine (ServerA) I can connect to a HTTP Service which is running on ServerB:1010 but I can't install the Hybrid Connection Manager on ServerB because of other restrictions.

If I Use WebClient.UploadData('ServerB:1010', data[]) in my Azure Web App I receive following error.

Unable to connect to the remote server ---> System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions.

If I connect to a database server MySql or Oracle which are also accessible from this server I don't have any problems

Upvotes: 2

Views: 3919

Answers (2)

evilSnobu
evilSnobu

Reputation: 26414

I have created successfully a Hybrid Connection (ServerA) and linked it to my Azure Web App.

Remove it and add a Hybrid Connection to Server B instead. Install the Hybrid Connection Manager on Server A. The HCM will act as a reverse proxy.

Hybrid Connections do not care which server has the HCM installation as long as that server can reach the DNS name you specify in the New > Hybrid Connection Portal blade.

Example traffic flow for WebClient.UploadData('ServerB:1010', data[]):

Web App ---> Hybrid Connection ---> HCM on Server A ---> 1010/TCP on Server B.
        <---                   <---                 <---

There's an easier way to test. Open the Kudu console and do

tcpping ServerB:1010

CORRECTION: The tcpping test is very misleading since you're handshaking the Azure-end of the Hybrid Connection, not the on-prem application's TCP endpoint. And that may happily reply to you even though the on-prem stuff is not connected. Here's what i mean:
tcpping is bad

Always test at application layer (e.g. with curl.exe http://webservice.corp.local from the Kudu Console)

You must use names instead of IP addresses. Use the full FQDN to reference ServerA and ServerB both in the Portal setup and in your code. Hybrid Connections work by intercepting DNS calls at OS level and resolving them to the magic 127.0.0.x which is then routed over the Hybrid Connection to on-prem.

TL;DR version:

Instead of

10.10.10.2:1010

use

ServerB.domain.local:1010

both in the Portal setup and when referencing the on-prem host in your code.

Here's what happens if you use an IP Address instead of name:

IP Address

In Kudu's DebugConsole:

D:\home>nameresolver 192.168.0.4
Server: Default

Non-authoritative answer:
Name: 192.168.0.4
Addresses:  127.0.0.3


D:\home>tcpping 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Connection attempt failed: An attempt was made to access a socket in a way forbidden by its access permissions 192.168.0.4:80
Complete: 0/4 successfull attempts (0%). Average success time: 0ms


D:\home>curl -s 192.168.0.4
This is iisstart.htm from IIS 8.5 on Windows Server 2012 R2, on-prem.

So depending on what APIs you call (APIs that take 192.168.0.4 as FQDN vs IP Address) it kinda works.

Upvotes: 8

Christina Compy
Christina Compy

Reputation: 152

You can't use tcpping with Hybrid Connections. It doesn't really tell you anything. All that tells you is that you hit the local socket that will catch your TCP traffic headed to your HC endpoint. It doesn't actually go through the connection.

As far as using an IPv4 address with Hybrid Connections, it can work and yet sometimes it won't. The reason for that is that the feature functions by catching the DNS request. If you are using a client library in your application code that doesn't do a DNS lookup on IP addresses then it won't go over the Hybrid Connection.

The DNS name must resolve to the correct IP address from the host(s) where you have the Hybrid Connection Manager running.

Going to the original question, you need a Hybrid Connection defined for your endpoint of ServerB port 1010. The DNS name used for ServerB must resolve from the host(s) running the HCM. Your HCM needs network access to ServerB port 1010 and to Azure. Your status says Connected which means that your web app can talk to your Hybrid Connection Manager for that endpoint. So, test connectivity from the host running the HCM to your desired host:port endpoint. Use a DNS name if you can. I hope this unblocks you.

Upvotes: 4

Related Questions