Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Microsoft Azure

How to Remotely Ping Microsoft Azure VMs

tool-keyboard-hero-img

In this post, I’ll explain why you can’t use Ping with Azure virtual machines via the Internet, and how you can use an alternative (PSPing) that is actually more useful.

Pinging an Microsoft Azure VM

Imagine that you’re an IT pro that has just gotten your hands on Azure for the first time. I have a pretty good idea of what you’re going to try to do:

  1. Deploy a virtual machine in Azure.
  2. Probably run a broadband speed test from the Azure virtual machine for laughs and giggles.
  3. Try to ping the Azure virtual machine from a remote location.

The first step should go pretty well, and the second step should make you wonder about how you can use all that bandwidth. And you’ll be left scratching your head on step three because no matter what you do with Azure endpoints or NAT rules, you won’t be able to ping that virtual machine over the Internet.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

There’s a reason for this. The following diagram depicts this simple example. Someone has deployed an Azure virtual machine. The only possible connection to that virtual machine is via the Internet. Any traffic entering the virtual network must pass through a load balancer, and this balancer is filtering ICMP traffic.

Note: Ping uses the ICMP protocol to measure the latency of the connection between a local machine and a remote machine. Any connections exceeding a default latency are deemed to be unavailable.

So this means that we cannot use Ping to verify that the virtual machine is actually online on the Internet.

Why PING to Azure VMs fails (Image Credit: Aidan Finn)
Why PING to Azure VMs fails (Image Credit: Aidan Finn)

Note that you can use Ping with Azure virtual machines if:

  • You have a network connection, VPN or ExpressRoute, that bypasses the load balancer, and
  • The firewall in the guest OS of the Azure virtual machine allows inbound ICMP traffic.

Free Tool: PsPing

There’s another way to verify that your virtual machine is online, and that is to use PsPing, a tool from Microsoft SysInternals, available in the free PsTools suite.

PsPing is similar to Ping in that it verifies connectivity to a remote machine using a command line interface. Where PsPing differs is that it doesn’t use ICMP; instead, you define which TCP port to target. That’s where the added value comes in — instead of doing an ICMP test to a standardized destination service that has little to do with your business, you will target a service that means something to your business.

The following simple example will use PsPing to target HTTP (TCP 80) on a remote machine via a cloud service endpoint (Service Manager):

psping demopetriaf.cloudapp.net:80

The above command will execute one warmup ping to TCP 80 on the destination address, and then run an additional four tests by default, reporting the latency of each ping, and then summarizing the results, much the same way that Ping would have done. So, we lose nothing, but we gain something by being able to test against a TCP port that we care about.

Using PowerShell’s Test-NetConnection cmdlet

Another alternative is to use a tool you have built into your operating system: PowerShell. Windows 8.1 and Window Server 2012 R2 added the Test-NetConnection cmdlet, which can be used similarly to PsPing.

The following example will verify that the RDP port that NATs to a virtual machine is listening:

Test-NetConnection demopetriaf.cloudapp.net -Port 60058

So all is not lost if you cannot ping your Azure virtual machines over the Internet. Far from it, because you’re going to be forced to use either a more powerful tool, like PsPing, or one that you can wrap clever scripts around, such as Test-NetConnection.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By