Check Azure VPN connection health

Posted on by Artur Brodziński

Hi Scripters! Today I want to show you how to check Azure VPN connection health using PowerShell.

In my last post I showed you how to Setup Azure VPN. We will continue last topic about VPN but from monitoring perspective.
It’s important to monitor Azure resources, specially if we connect Azure with On-premise environemnt. By default there is not standard monitoring solution which can help us to diagnose connectivty issue. That’s why we need to use PowerShell 🙂

Our solution use Azure Network Watcher service to check connection logs. Base on that we can easly check Azure VPN connection health.

How to use script?

There are 6 variables which need to be provided as input, otherwise script will fail at the begining.
Important!
Network watcher and storage account must be configured before you run the script.
Whole process is described under Network Watcher setup guide

Script:
# Variables required to run the script
$subscriptionId = "SubscriptionId"
$vpnConnectionResourceGroup = "VPNRGroupName"
$storageAccountName = "StorageAccountName"
$storageAccountResourceGroup = "StorageAccountRGName"
$storageAccountContainer = "networkwatcher"
$location = "NetworkWatcherLocation"

Write-Host "Logging in to Azure..."
If ((Get-AzureRMContext) -eq $Null) {
    Write-Host "Please login to Azure"
    Login-AzureRmAccount
}
$SubscriptionId = (Get-AzureRmSubscription | select Name, State, SubscriptionId, TenantId | Out-GridView -Title "Azure Subscription Selector" -PassThru).SubscriptionId
Get-AzureRmSubscription -SubscriptionId $SubscriptionId | Select-AzureRmSubscription

$NetworkWatchers = Get-AzurermResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq $location }
if ($NetworkWatchers) {
    $networkWatcher = Get-AzureRmNetworkWatcher -Name $NetworkWatchers.Name -ResourceGroupName $NetworkWatchers.ResourceGroupName
    $storageAccount = Get-AzureRmStorageAccount -Name $storageAccountName -ResourceGroupName $storageAccountResourceGroup 
    $storagePath = "$($storageAccount.PrimaryEndpoints.Blob)$($storageAccountContainer)"

    $connections = Get-AzureRmVirtualNetworkGatewayConnection -ResourceGroupName $vpnConnectionResourceGroup
    foreach ($connection in $connections) {
        $result = Start-AzureRmNetworkWatcherResourceTroubleshooting -NetworkWatcher $networkWatcher -TargetResourceId $connection.Id -StorageId $storageAccount.Id -StoragePath $storagePath

        if ($result.code -ne "Healthy") {
            $body = "Connection for $($connection.name) is: $($result.code) `n$($result.results[0].summary) `nView the logs at $($storagePath) to learn more."
            Write-Host "Connection for $($connection.name) is: $($result.code)"
            Write-Host "Connection problem details:"
            Write-Host $result.Results.Id
            Write-Host $result.Results.detail
            Write-Host $result.Results.Summary
            Write-Host $result.Results.RecommendedActionsText
        
        }
        else {
            Write-Host ("Connection Status is: $($result.code)")
        }
    }
}
else {
    Write-Host "No network watchers found for location $location"
}

Script can be adjusted and run under Azure Automation in case that you want receive notification about connectivity problem.

I hope it will be usefull for some of you 😉
Enjoy! >_

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.