search

Azure / cloud-for-sovereignty-quickstarts

Microsoft Cloud for Sovereignty repository brings ready-to-use workload templates and a sample confidential application deployable in a Sovereign Landing Zone.
MIT License
27 stars 10 forks source link

Cannot connect to HR App portal - connection refused #15

Closed PaulSlijkhuis closed 3 months ago

PaulSlijkhuis commented 3 months ago

After deployment of the quickstart, the HP app portal does not accept any connections. Connecting via https://:5001. Error message in browser: err_connection_refused

Previously, the website was working just fine. No error messages in deployment have showed. Tried multiple browsers, without Defender fw, reboot of linux VM, DNS flush, re-deployment, multiple stepping stone VMs.

Please help to troubleshoot / fix this issue.

As a MC4Sov partner, I want to be able to show the capabilities of sovereign controls.

KevinRabun commented 3 months ago

Thank you for opening an issue. Are you attempting to connect via localhost or the VM IP adress?

PaulSlijkhuis commented 3 months ago

The VM hosting the web app is actually the hardended Linux VM from the quickstart deployment. My attempt is to browse via a remote Windows VM by accessing the remote ip address on port 5001. Tried to run my VM in the same subnet, or via peered subnet, both have same error as the outcome.

azure-lm commented 3 months ago

On the HR VM, can you run the following and let us know what responses you get. The first command should print any startup errors if they exist. The second command should return an HTML page if the site is up and running.

journalctl -u ContosoHR.service
curl -k https://localhost:5001

You can use the Run command options via the portal to do this: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/run-command

PaulSlijkhuis commented 3 months ago

Hi,

The error seems consistent with the reported error.

Journalctl >> Couldn't find a project to run. Ensure a project exists in /home/contosohr/> curl >> (7) Failed to connect to localhost port 5001 after 0 ms: Connection refused

[cid:9b364e90-87cb-4018-90bd-55694bca1077]

Regards, Paul

From: Lucas McDaniel @.> Sent: Thursday, June 13, 2024 8:40 PM To: Azure/cloud-for-sovereignty-quickstarts @.> Cc: Slijkhuis, Paul @.>; Author @.> Subject: Re: [Azure/cloud-for-sovereignty-quickstarts] Cannot connect to HR App portal - connection refused (Issue #15)

This mail has been sent from an external source. Do not reply to it, or open any links/attachments unless you are sure of the sender's identity.

On the HR VM, can you run the following and let us know what responses you get. The first command should print any startup errors if they exist. The second command should return an HTML page if the site is up and running.

journalctl -u ContosoHR.service curl -k https://localhost:5001

You can use the Run command options via the portal to do this: https://learn.microsoft.com/en-us/azure/virtual-machines/windows/run-command

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/cloud-for-sovereignty-quickstarts/issues/15#issuecomment-2166532053, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALFE4CW6ZWBTCNPYAPFWCT3ZHHRSDAVCNFSM6AAAAABJCSM4M6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRWGUZTEMBVGM. You are receiving this because you authored the thread.Message ID: @.***> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

azure-lm commented 3 months ago

This is odd, if it was previously working then I would expect the journal cmd would have found relevant logs. Note that the deployment script is not intended to be ran multiple times. It shouldn't break things with a rerun, but perhaps there's an issue there.

For the most, if there's an issue with the HR app the best way to resolve is to drop the relevant Azure resources and redeploy. Have you tried that by chance, or do you have any issues with attempting that? The only time I've seen the app completely fail is related to DB problems, so would be good to double check there's no errors with the DB initialization process.

PaulSlijkhuis commented 3 months ago

The approach I am following is to destroy and redeploy the solution over and over, while keeping the admin / non-confidential resources in place. I update the RG numbering in order to bypass the redeployment error of the Keyvault with soft delete protection. Such a redeployment takes 15 minutes which is fine to do. But currently also not the solution because I keep getting the same result.

Unfortunately, I cannot determine other database errors. Access to the database via SQL data studio works fine.

Do have any specific places to check or logging I should review?

Thank you.

From: Lucas McDaniel @.> Sent: Friday, June 14, 2024 5:09 PM To: Azure/cloud-for-sovereignty-quickstarts @.> Cc: Slijkhuis, Paul @.>; Author @.> Subject: Re: [Azure/cloud-for-sovereignty-quickstarts] Cannot connect to HR App portal - connection refused (Issue #15)

This mail has been sent from an external source. Do not reply to it, or open any links/attachments unless you are sure of the sender's identity.

This is odd, if it was previously working then I would expect the journal cmd would have found relevant logs. Note that the deployment script is not intended to be ran multiple times. It shouldn't break things with a rerun, but perhaps there's an issue there.

For the most, if there's an issue with the HR app the best way to resolve is to drop the relevant Azure resources and redeploy. Have you tried that by chance, or do you have any issues with attempting that? The only time I've seen the app completely fail is related to DB problems, so would be good to double check there's no errors with the DB initialization process.

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/cloud-for-sovereignty-quickstarts/issues/15#issuecomment-2168241473, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALFE4CT7SX5YTIG3AYJTSF3ZHMBT3AVCNFSM6AAAAABJCSM4M6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRYGI2DCNBXGM. You are receiving this because you authored the thread.Message ID: @.***> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

azure-lm commented 3 months ago

Hi Paul, we have pushed out a new hotfix (v1.1.1) that should address these issues. Can you please check if these errors persist with that version?

PaulSlijkhuis commented 3 months ago

yes! I can confirm this is a good version. The web app is running again after deployment.

Thank you, Paul  

From: Lucas McDaniel @.> Sent: Friday, June 21, 2024 6:54 PM To: Azure/cloud-for-sovereignty-quickstarts @.> Cc: Slijkhuis, Paul @.>; Author @.> Subject: Re: [Azure/cloud-for-sovereignty-quickstarts] Cannot connect to HR App portal - connection refused (Issue #15)

This mail has been sent from an external source. Do not reply to it, or open any links/attachments unless you are sure of the sender's identity.

Hi Paul, we have pushed out a new hotfix (v1.1.1) that should address these issues. Can you please check if these errors persist with that version?

— Reply to this email directly, view it on GitHubhttps://github.com/Azure/cloud-for-sovereignty-quickstarts/issues/15#issuecomment-2183105971, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ALFE4CW3LXPJP4UP7Q67U73ZIRLEVAVCNFSM6AAAAABJCSM4M6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBTGEYDKOJXGE. You are receiving this because you authored the thread.Message ID: @.***> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.