C# How to RDP Connect to On Premise Windows Server from Azure App Services?

0

I have an Asp.net core web api hosted in azure app service. My web api should connect to one or many On Premise windows servers to create DNS records. The windows servers are running the DNS service. I am using System.Management to connect to the on premise windows servers.

However, I am not successful in connecting to the remote server from azure app service. I sure believe i am missing some kind of a configuration but I don't know..

Here is my code:

using System.Management;

public static ManagementScope ConnectDNSServer(string dnsServerName, PCSCredential useMyInfo)
{
    ConnectionOptions options = new ConnectionOptions
    {
        Username = useMyInfo.WindowsDomain + "\\" + useMyInfo.UserName,
        Password = useMyInfo.PassString
    };

    try
    {
        ManagementScope scope = new ManagementScope(@"\\" + dnsServerName + "\\root\\MicrosoftDNS", options);
        scope.Connect();
        return scope;
    }
    catch
    {
        //ManagementScope scopeEx = new ManagementScope();                
    }
    return null;
}

I get this error:

System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
azure
wmi
azure-web-app-service
remote-desktop
asked on Stack Overflow Nov 5, 2019 by blogs4t

1 Answer

0

On Azure App Service - Regardless of address, applications cannot connect to anywhere using ports 445, 137, 138, and 139. In other words, even if connecting to a non-private IP address or the address of a virtual network, connections to ports 445, 137, 138, and 139 are not permitted.

Additional information, the standard/native Azure Web Apps run in a secure environment called a sandbox. Each app runs inside its own sandbox, isolating its execution from other instances on the same machine as well as providing an additional degree of security and privacy which would otherwise not be available. So, it appears to be due to Sandbox.

In this environment, the only way an application can be accessed via the internet is through the already-exposed HTTP (80) and HTTPS (443) TCP ports; applications may not listen on other ports for packets arriving from the internet. Connection attempts to local addresses (e.g. localhost, 127.0.0.1) and the machine's own IP will fail, except if another process in the same sandbox has created a listening socket on the destination port: https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#network-endpoint-listening

answered on Stack Overflow Feb 2, 2020 by AjayKumar-MSFT

User contributions licensed under CC BY-SA 3.0