Microsoft Azure

How to Remotely Ping Microsoft Azure VMs


In this post, I’ll explain why you can’t use Ping with Azure virtual machines via the Internet, and how you can use an alternative (PSPing) that is actually more useful.

Pinging an Microsoft Azure VM

Imagine that you’re an IT pro that has just gotten your hands on Azure for the first time. I have a pretty good idea of what you’re going to try to do:

  1. Deploy a virtual machine in Azure.
  2. Probably run a broadband speed test from the Azure virtual machine for laughs and giggles.
  3. Try to ping the Azure virtual machine from a remote location.

The first step should go pretty well, and the second step should make you wonder about how you can use all that bandwidth. And you’ll be left scratching your head on step three because no matter what you do with Azure endpoints or NAT rules, you won’t be able to ping that virtual machine over the Internet.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

There’s a reason for this. The following diagram depicts this simple example. Someone has deployed an Azure virtual machine. The only possible connection to that virtual machine is via the Internet. Any traffic entering the virtual network must pass through a load balancer, and this balancer is filtering ICMP traffic.

Note: Ping uses the ICMP protocol to measure the latency of the connection between a local machine and a remote machine. Any connections exceeding a default latency are deemed to be unavailable.

So this means that we cannot use Ping to verify that the virtual machine is actually online on the Internet.

Why PING to Azure VMs fails (Image Credit: Aidan Finn)
Why PING to Azure VMs fails (Image Credit: Aidan Finn)

Note that you can use Ping with Azure virtual machines if:

  • You have a network connection, VPN or ExpressRoute, that bypasses the load balancer, and
  • The firewall in the guest OS of the Azure virtual machine allows inbound ICMP traffic.

Free Tool: PsPing

There’s another way to verify that your virtual machine is online, and that is to use PsPing, a tool from Microsoft SysInternals, available in the free PsTools suite.

PsPing is similar to Ping in that it verifies connectivity to a remote machine using a command line interface. Where PsPing differs is that it doesn’t use ICMP; instead, you define which TCP port to target. That’s where the added value comes in — instead of doing an ICMP test to a standardized destination service that has little to do with your business, you will target a service that means something to your business.

The following simple example will use PsPing to target HTTP (TCP 80) on a remote machine via a cloud service endpoint (Service Manager):


The above command will execute one warmup ping to TCP 80 on the destination address, and then run an additional four tests by default, reporting the latency of each ping, and then summarizing the results, much the same way that Ping would have done. So, we lose nothing, but we gain something by being able to test against a TCP port that we care about.

Using PowerShell’s Test-NetConnection cmdlet

Another alternative is to use a tool you have built into your operating system: PowerShell. Windows 8.1 and Window Server 2012 R2 added the Test-NetConnection cmdlet, which can be used similarly to PsPing.

The following example will verify that the RDP port that NATs to a virtual machine is listening:

Test-NetConnection -Port 60058

So all is not lost if you cannot ping your Azure virtual machines over the Internet. Far from it, because you’re going to be forced to use either a more powerful tool, like PsPing, or one that you can wrap clever scripts around, such as Test-NetConnection.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: