Here is the error KKE gives me at end of Day 27:
NSG 'datacenter-priv-nsg' does not allow access from the VNet's CIDR block '10.0.0.0/16'
But see the next image: name correct, attached to VM, correct rule:
Not sure what the grader wants here. I used Srikanth’s solution for this, and TBH, it didn’t work for me either. I’ll ask him if he can help out with this one; either I don’t understand what’s required, or the grader just doesn’t work very well.
For the nsg rule can you try adding the vnet cidr in the destination as well? Ideally any should work but not sure what the grader is expecting.
Just retried the scenario with an explicit vnet cidr rule, plus I ensure the NSG is applied to both the subnet and the instance, but same issue:
NSG 'nautilus-priv-nsg' does not allow access from the VNet's CIDR block '10.0.0.0/16'
Yet
I’m stumped.
This is the key differnce – your NSG is keyed to 10.0.0.0/24, which is indeed a different (and much smaller) network.
omg are you serious, that makes sense, I know I used /16 at least once but I must have done something wrong those times, arghhh I’ll try again
I’ve also discovered that the lab works (and works better) if you use CentralUS instead of EastUS. This may be “working by accident”, but work it does. Just found this out.
Man still did not work:
The NSG is attached to both the subnet and the VM:
The Vnet has 2 subnets:
Private is enabled on the custom subnet (created for the scenario):
What else can I verify, I’m out of ideas.
BTW the scenario tells me I should create everything in US East, but you’re saying I should try a different region than what the scenario says?
The biggest limitation on the scenario is the lack of VMs in EastUS. Since the grader appears not to be enforcing the region, I found that you can get the scenario to pass entirely in CentralUS. So best to do that.
This is the solution
Put this CIDR Block in source and destination, not source only " 10.0.0.0/16."