Share via

Failure in uploading vhdx to Azure using Add-AzVhd due to Firewall: Need clarification on URL and Firewall Permissions

Tomoki Endo 40 Reputation points
2024-05-09T15:35:25.55+00:00

I tried to convert a local vhdx file to a vhd file and then upload it to Azure as a managed disk. I executed the following command:

Add-AzVhd -LocalFilePath $path -ResourceGroupName $resourceGroup -Location $location -DiskName $name -DiskHyperVGeneration $generation -DiskSku $sku

The conversion from the local vhdx file to the vhd was successful. However, upload to Azure failed. The reason for this failure was that our internal firewall blocked the above process as an upload to an unexpected site. According to the log, it seemed that the file was uploaded to a destination URL such as http://md-impexp-xxxxxxxxxxxx.xxx.blob.storage.azure.net/xxxxxxxxxxxx/xxxx.

What is this URL? Also, what range of firewall access should be allowed?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,472 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 2,741 Reputation points Microsoft Vendor
    2024-05-10T09:41:37.2133333+00:00

    Hello Tomoki Endo,

    Greetings! Welcome to Microsoft Q&A Platform.

    If you're encountering an error while uploading a .vhd file to Azure, there are a few things you can check to resolve the issue:

    To allow successful uploads, ensure that your internal firewall allows outbound traffic to the Azure Blob Storage endpoint (*.blob.core.windows.net).

    Specifically, allow outbound traffic to the following URLs:

    • *.blob.core.windows.net
    • *.blob.core.windows.net:443
    • *.blob.core.windows.net:80

    Remember to adjust your firewall rules accordingly to allow the necessary outbound traffic for successful uploads to Azure managed disks.

    1. Ensure that the .vhd file is in the correct format. Azure supports both .vhd and .vhdx formats, but the file must be in the fixed format, not dynamic.
    2. Check the size of the .vhd file. Azure has a maximum size limit of 2 TB for .vhd files. If your file is larger than this, you'll need to split it into multiple .vhd files.
    3. Ensure that you have the correct permissions to upload the .vhd file to Azure. You'll need to have the appropriate role-based access control (RBAC) permissions to upload the file.
    4. If you're using the Azure portal to upload the .vhd file, ensure that you have a stable internet connection and no interruption during the upload process can cause errors.

    You can also refer to the following Microsoft documentation for more information on preparing a Windows VHD to upload to Azure: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-machines/windows/prepare-for-upload-vhd-image.md

    Reference:

    Prerequisites:

    To upload your VHD to Azure, you'll need to create an empty managed disk that is configured for this upload process. Before you create one, there's some additional information you should know about these disks.

    This kind of managed disk has two unique states:

    • ReadToUpload, which means the disk is ready to receive an upload but, no secure access signature (SAS) has been generated.
    • ActiveUpload, which means that the disk is ready to receive an upload and the SAS has been generated.

    refer - https://learn.microsoft.com/en-us/azure/virtual-machines/linux/disks-upload-vhd-to-managed-disk-cli, https://learn.microsoft.com/en-us/azure/virtual-machines/windows/prepare-for-upload-vhd-image for detailed guidance.

    Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.