Unable to access Event Store in Azure VM remotely

EventStoreDB
1

Hi all,

I’m trying to run Event Store 3.4.0 in a VM hosted inside Azure and I can access it on the VM but not externally. I’ve had similar problems with running it on Linux and Windows Server 2012; I would prefer to run on Linux but will keep this post specific to Windows since I’m more familiar with it (and currently have a VM to try solutions on).

What I have done:

  1. Created Windows 2012 R2 VM in Azure
  2. Added ports 1113 and 2113 to the Network Security Group in Azure
  3. Changed the VM public IP address to be static in Azure
  4. Downloaded and run Event Store in admin PowerShell: .\EventStore.ClusterNode.exe --db .\data --log .\logs --ext-http-prefixes=“http://*:2113/”
    At this point I can access the Web UI locally on the VM by browsing to http://127.0.0.1:2113
  5. Run: netsh http add urlacl url=http://+:2113/ user=someadminuser
    This seems to break access to the Web UI locally on the VM; getting 503 errors. “netsh http show urlacl” shows only one entry for 2113 (see below)
  6. Run from remote machine: curl --head http://vm-ip-address:2113/
    This returns “Operation timed out”
  7. Removed urlacl and replace with “http://vm-ip-address:2113/” to see if it would work…
  8. Also tried running Event Store as: .\EventStore.ClusterNode.exe --db .\data --log .\logs --ext-http-prefixes=“http://*:2113/” --ext-ip=vm-ip-address
    Any help would be appreciated. I’m at a bit of a loss of what to try next.

netsh http show urlacl:

Reserved URL : http://+:2113/

User: someadminuser

Listen: Yes

Delegate: No

SDDL: D:(A;;GX;;;LA)

2

Just to point out the urlacl snippet above is just a small chunk of the full output

3

After a very quick skim, it seems you only need to add proper endpoint ports (TCP or HTTP depending on your needs) to your VM

4

Isn’t that essentially what adding the ports to the Network Security Group in Azure will do?

5

I’ve also allowed the ports in the Windows Firewall

6

This depends on the deployment model. If using the hosted service model then probably not. An interesting test is to run an echo server on port 1113 and see if that is accessible from outside: if not it is an Azure configuration problem rather than an Event Store configuration problem.

7

We’re not able to use the new RM based VMs yet - so I am more familiar with the endpoint security model then NSG model. That said, it’s my understanding that if you assigned a network security group to a VM and open ports in the NSG you also need to explicitly open the port to the internet (by default it’s only visible within the vnet, I believe.) You don’t specify your exact NSG rule, so if you haven’t done that, maybe that’s a thing. e.g.

Get-AzureNetworkSecurityGroup -Name "MyVNetSG" | Set-AzureNetworkSecurityRule -Name WEB -Type Inbound -Priority 100 -Action Allow -SourceAddressPrefix 'INTERNET'  -SourcePortRange '*' -DestinationAddressPrefix '*' -DestinationPortRange '*' -Protocol TCP

(from here https://azure.microsoft.com/en-us/blog/network-security-groups/)

8

Can you please give us the configuration you are using?
In a lot of cases, (this will probably change soon) you need to set --add-interface-prefixes=false as part of your configuration.

So I would say that your effective configuration should read something like this

9

I have no configuration file at this point, just specifying command line arguments:

.\EventStore.ClusterNode.exe --db .\data --log .\logs --ext-http-prefixes=“http://*:2113/”

I will try it with the additional configuration options you mentioned

10

I’ve added the new network security rule but still have the same problem. I’m almost certain now though that it’s an issue on my azure configuration side.

11

I’m using the Resource Manager model. I’ve run an echo server over TCP on port 1113 and can’t connect so like you said it must be an Azure configuration problem.

12

Thanks for this. I’ve got it connecting remotely now, it was a combination of the config settings below plus bad Azure configuration.

13

Hi Jason,

I have got same issue - I am using New Azure VM, and unable to connect Eventstore from public IP

Please show us steps how you managed to resolve ?

14

what is your config?

15

We use these steps to setup event store on Linux in azure:

  • Add ports 1113 and 2113 to the Inbound Security Rules in the Network Security group for the VM
  • Run ifconfig to get the virtual IP of the server
  • Edit /etc/eventstore/eventstore.conf to have the following config:
16

Should be basically the same for windows except that its ipconfig the
rest of the config should be identical.

17

In the case of classic virtual machines, make sure you have an endpoint on the virtual machine that allows access to the port to which you are trying to connect. In the case of RM virtual machines, make sure you have Network Security Groups configured on your vnet/vm/nic in whatever combination makes sense for your configuration to allow access to the port to which you are trying to connect.

Also the firewall on the VM, of course.

Brian

18

HI,

I’m trying the same thing (newbie) and have the same issue. It’s a simple dev environment, with a single node, server 2016 in Azure. I’ve disabled Windows Firewall (it’s my throw-away dev). I’ve setup NSG allowing 2113 inbound and outbound.

I get exactly the same issue describe below. Can you please provide me with an example command line, or config file that I can run? I’d like external access to be available to EventStore on the VM.

Thanks

19

This sounds like you are binding to the wrong interfaces or not setting up the HTTP prefixes for NAT.

A generic configuration is impossible here, since it depends on the configuration of your machine.

James