Change your Loadbalancer Inbound NAT Rules from v1 to v2

Some partners who setup Entra Domain Services (a.k.a. Azure Active Directory Domain Services, AADDS, etc.) for their AVD Environments may receive an email with the subject line of "Retirement notice: Azure Load Balancer Inbound NAT rule V1 for Azure VMs and Azure VMSS will be retired Migrate to Azure Load Balancer Inbound NAT rule V2."

The TL;DR of the email is that Microsoft is changing their Inbound NAT rules to the newest version (in September 2027) and you need you replace your Inbound NAT Rules for the Load Balancer before then. (See  Migrate from Inbound NAT rules version 1 to version 2 | Microsoft Learn for more info)

Luckily, it's not too painful to do.

*** NOTE: This is just a recommendation of how to handle the situation.
Please check with your Azure and Networking Teams BEFORE making this change. ***

 

Copy your existing settings

  1. Logon to the customer's Azure Portal (https://portal.azure.com)
  2. Search for and select Load Balancers

  3. Click on the Load Balancer
    NOTE: If you have multiple, it will typically be one starting with aadds )
  4. Expand Settings and choose Inbound NAT Rules
  5. Take a screenshot of the settings, just in case
    NOTE: Optionally, you can click on the name of each rule and take a screenshot of those settings as well.

Remove the Existing Rules

NOTE: There could be some downtime while making this change where you will be unable to perform Remote Management of the Entra Domain Services environment. You should plan accordingly.

  1. Click the Trash icon for each rule and confirm you want to delete it
  2. Click the Add button to create a new rule

Create the New Rule

NOTE: With the v2 versions of the rule, you only need 1 rule to do the job of both.

  1. Enter Name for the NAT Rule (i.e. EntraDS-WinRm-v2)
  2. Select the Backend pool radio-button
  3. Choose the Target backend pool from the dropdown
  4. Select the Frontend IP address from the dropdown
  5. Enter 5986 for the Frontend port range start
  6. Enter 5986 for the Backend port
  7. Enter 15 in the Idle timeout (minutes) 
  8. Click Save


    Once the rule is added, it should look similar to the screenshots below

0

Comments (0 comments)

Please sign in to leave a comment.