Azure HDInsight
An Azure managed cluster service for open-source analytics.
200 questions
Outbound ports to HDInsight management
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 53%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Alex Boata
21
Reputation points
Hello,
What are the required ports for outbound connection of HDInsight to management IPs and any other needed Azure services when configured with a resource provider connection set to ‘Outbound’?
https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-restrict-outbound-traffic
I tested with outbound 443,1433,53,80,32526 unsuccessfully.
Thank you in advance,
Alex
{count} votes
-
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee2021-03-24T06:38:21.243+00:00 Hello @Alex Boata ,
When you say "I tested with outbound 443,1433,53,80,32526 unsuccessfully.", could you please share the below details:
How exactly configured outbound network traffic for Azure HDInsight cluster?
Could you please share the screenshot of the rules configured?
And also, share how exactly have you tested the outbound rules configured?
-
Alex Boata 21 Reputation points
2021-03-24T06:41:45.32+00:00 i used an outbound NSG rule from any IP any port, to service tag ‘Internet’ ports 443,1433,53,80,32526, and without a firewall.
If I change the port to * in the same rule, the deployment succeeds. -
Alex Boata 21 Reputation points
2021-03-24T13:03:47.437+00:00 The error is "FailedToConnectWithClusterThroughGatewayErrorCode","message":"Unable to connect to cluster management endpoint. Please retry later."
-
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee
2021-03-25T06:18:13.22+00:00 Hello @Alex Boata ,
Thanks for the details.
Note: Configure outbound network traffic for Azure HDInsight clusters using Azure Firewall.
If you are using custom VNet network security group (NSGs) and user-defined routes (UDRs), ensure that your cluster can communicate with HDInsight management services. For additional information see HDInsight management IP addresses.
-
Alex Boata 21 Reputation points
2021-03-25T06:37:52.757+00:00 What ports should I enter in the custom NSG outbound rule?
I see only 443 in this doc however a rule allowing outbound 443,1433,53,80,32526 to any IP in the internet did not succeed the creation for me. -
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee
2021-03-25T11:01:27.103+00:00 Hello @Alex Boata ,
As you said earlier without a firewall, and just asking to configure outbound network traffic for Azure HDInsight clusters using Azure Firewall and check if that works.
-
Alex Boata 21 Reputation points
2021-03-26T09:20:08.583+00:00 Hi Pradeep,
I would like to try both architectures, with and without firewall, so that is why I need a list of ports for NSG to try without firewall.
Thanks,
Alex -
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee
2021-04-06T07:50:40.573+00:00 -
Alex Boata 21 Reputation points
2021-04-06T08:04:12.73+00:00 Hi @PRADEEPCHEEKATLA-MSFT , it’s not resolved, I did not receive a list of NSG ports.
-
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee
2021-04-07T04:06:06.827+00:00 Hello @Alex Boata ,
This is not sufficient information to diagnose what might have gone wrong. We need further details like … what is the networking setup (NSG, Azure Firewall vs. NVAs, use of UDRs etc.), kinds of resources being connected to from the cluster (e.g. SQL, SEP protected Storage accounts etc.) and perhaps the most important, what is the operation that is failing and what is the error message?
-
PRADEEPCHEEKATLA-MSFT 81,396 Reputation points Microsoft Employee
2021-04-09T09:24:47.527+00:00 Hello @Alex Boata ,
Just checking in if you have had a chance to see the previous response. We need the following information to understand/investigate this issue further.
Sign in to comment