uct

Author: halkazwini

articles/network-watcher/media/network-watcher-connectivity-portal/figure1.png

@@ -1,30 +1,65 @@
 ---
-title: Introduction to connection troubleshoot
+title: Connection troubleshoot overview
 titleSuffix: Azure Network Watcher
-description: This page provides an overview of Azure Network Watcher connection troubleshoot capability.
+description: Learn about Azure Network Watcher connection troubleshoot capability.
 services: network-watcher
 author: halkazwini
 ms.service: network-watcher
 ms.topic: conceptual
 ms.workload: infrastructure-services
-ms.date: 11/10/2022
+ms.date: 02/15/2023
 ms.author: halkazwini
+ms.custom: template-concept, engagement-fy23
 ---
 
-# Introduction to Azure Network Watcher connection troubleshoot in Azure Network Watcher
+# Connection troubleshoot overview
 
-The connection troubleshoot feature of Network Watcher provides the capability to check a direct TCP connection from a virtual machine to a virtual machine (VM), fully qualified domain name (FQDN), URI, or IPv4 address. Network scenarios are complex, they're implemented using network security groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make troubleshooting connectivity issues challenging. Network Watcher helps reduce the amount of time to find and detect connectivity issues. The results returned can provide insights into whether a connectivity issue is due to a platform or a user configuration issue. Connectivity can be checked with [PowerShell](network-watcher-connectivity-powershell.md), [Azure CLI](network-watcher-connectivity-cli.md), and [REST API](network-watcher-connectivity-rest.md).
+With the increase of sophisticated and high-performance workloads in Azure, there's a critical need for increased visibility and control over the operational state of complex networks running these workloads. Such complex networks are implemented using network security groups, firewalls, user-defined routes, and resources provided by Azure. Complex configurations make troubleshooting connectivity issues challenging.
 
-> [!IMPORTANT]
-> Connection troubleshoot requires that the VM you troubleshoot from has the `AzureNetworkWatcherExtension` VM extension installed. For installing the extension on a Windows VM visit [Azure Network Watcher Agent virtual machine extension for Windows](../virtual-machines/extensions/network-watcher-windows.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json) and for Linux VM visit [Azure Network Watcher Agent virtual machine extension for Linux](../virtual-machines/extensions/network-watcher-linux.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json). The extension is not required on the destination endpoint.
+The connection troubleshoot feature of Azure Network Watcher helps reduce the amount of time to diagnose and troubleshoot network connectivity issues. The results returned can provide insights about the root cause of the connectivity problem and whether it's due to a platform or user configuration issue.
+
+Connection troubleshoot reduces the Mean Time To Resolution (MTTR) by providing a comprehensive method of performing all connection major checks to detect issues pertaining to network security groups, user-defined routes, and blocked ports and . It provides the following results with actionable insights where a step-by-step guide or corresponding documentation is provided for faster resolution:
+
+- Connectivity test with different destination types (VM, URI, FQDN, or IP Address).
+- Configuration issues that impact reachability.
+- All possible hop by hop paths from the source to destination.
+- Hop by hop latency.
+- Latency (minimum, maximum, and average between source and destination).
+- Graphical topology view from source to destination.
+- Number of probes failed during the connection troubleshoot check.
+
+
+## Supported source and destination types
 
-## Supported source types
+Connection troublehoot provides the capability to check TCP or ICMP connections from any of these Azure resources:
 
-The following sources are supported by Network Watcher:
+- Virtual machines
+- Azure Bastion instances
+- Application gateways (except v1)
 
-- Virtual Machines
-- Bastion
-- Application Gateways (except v1)
+Connection troubleshoot can test connections to any of these destinations:
+
+- Virtual machines
+- Fully qualified domain names (FQDNs)
+- Uniform resource identifiers (URIs)
+- IP addresses
+
+Connection troubleshoot can detect the following types of issues that can impact connectivity:
+
+- High VM CPU utilization
+- High VM memory utilization
+- Virtual machine (guest) firewall rules blocking traffic
+- DNS resolution failures
+- Misconfigured or missing routes
+- Network security group (NSG) rules that are blocking traffic
+- Inability to open a socket at the specified source port
+- Missing address resolution protocol entries for Azure ExpressRoute circuits
+- Servers not listening on designated destination ports
+
+> [!IMPORTANT]
+> Connection troubleshoot requires that the virtual machine you troubleshoot from has the `AzureNetworkWatcherExtension` extension installed. The extension is not required on the destination virtual machine.
+> - To install the extension on a Windows VM, see [Azure Network Watcher Agent virtual machine extension for Windows](../virtual-machines/extensions/network-watcher-windows.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
+> - To install the extension on a Linux VM, see [Azure Network Watcher Agent virtual machine extension for Linux](../virtual-machines/extensions/network-watcher-linux.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
 
 ## Response
 
@@ -52,7 +87,7 @@ The following table shows the properties returned when connection troubleshoot h
 |Hops[].Issues[].Context[].key |Key of the key value pair returned.|
 |Hops[].Issues[].Context[].value |Value of the key value pair returned.|
 
-The following is an example of an issue found on a hop.
+The following is an example of an issue found on a Hop.
 
 ```json
 "Issues": [
@@ -71,7 +106,7 @@ The following is an example of an issue found on a hop.
 ```
 ## Fault types
 
-Connection troubleshoot returns fault types about the connection. The following table provides a list of the current fault types returned.
+The Connection troubleshoot feature returns fault types about the connection. The following table lists the current fault types returned.
 
 |**Type**  |**Description**  |
 |---------|---------|
@@ -84,4 +119,5 @@ Connection troubleshoot returns fault types about the connection. The following
 
 ### Next steps
 
-Learn how to troubleshoot connections using the [Azure portal](network-watcher-connectivity-portal.md), [PowerShell](network-watcher-connectivity-powershell.md), the [Azure CLI](network-watcher-connectivity-cli.md), or [REST API](network-watcher-connectivity-rest.md).
+- Learn more about [Network Watcher](network-watcher-monitoring-overview.md) 
+- Learn how to use connection troubleshoot using the [Azure Portal](network-watcher-connectivity-portal.md), [PowerShell](network-watcher-connectivity-powershell.md), the [Azure CLI](network-watcher-connectivity-cli.md), or [REST API](network-watcher-connectivity-rest.md).

articles/network-watcher/media/network-watcher-connectivity-portal/figure2.png

@@ -7,51 +7,142 @@ author: halkazwini
 ms.service: network-watcher
 ms.topic: how-to
 ms.workload: infrastructure-services
-ms.date: 01/04/2021
+ms.date: 02/15/2023
 ms.author: halkazwini
+ms.custom: template-how-to, engagement-fy23
 ---
 
 # Troubleshoot connections with Azure Network Watcher using the Azure portal
 
-> [!div class="op_single_selector"]
-> - [Portal](network-watcher-connectivity-portal.md)
-> - [PowerShell](network-watcher-connectivity-powershell.md)
-> - [Azure CLI](network-watcher-connectivity-cli.md)
-> - [Azure REST API](network-watcher-connectivity-rest.md)
+In this article, you learn how to use [Azure Network Watcher connection troubleshoot](network-watcher-connectivity-overview.md) to diagnose and troubleshoot connectivity issues.
 
-Learn how to use connection troubleshoot to verify whether a direct TCP connection from a virtual machine to a given endpoint can be established.
+## Prerequisites
 
-## Before you begin
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+- Two virtual machines in your subscription.
 
-This article assumes you have the following resources:
+> [!IMPORTANT]
+> Connection troubleshoot requires that the virtual machine you troubleshoot from has the `AzureNetworkWatcherExtension` extension installed. The extension is not required on the destination virtual machine.
+> - To install the extension on a Windows VM, see [Azure Network Watcher Agent virtual machine extension for Windows](../virtual-machines/extensions/network-watcher-windows.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
+> - To install the extension on a Linux VM, see [Azure Network Watcher Agent virtual machine extension for Linux](../virtual-machines/extensions/network-watcher-linux.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json).
 
-* An instance of Network Watcher in the region you want to troubleshoot a connection.
-* Virtual machines to troubleshoot connections with.
+## Test connectivity between two connected virtual machines
 
-> [!IMPORTANT]
-> Connection troubleshoot requires that the VM you troubleshoot from has the `AzureNetworkWatcherExtension` VM extension installed. For installing the extension on a Windows VM visit [Azure Network Watcher Agent virtual machine extension for Windows](../virtual-machines/extensions/network-watcher-windows.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json) and for Linux VM visit [Azure Network Watcher Agent virtual machine extension for Linux](../virtual-machines/extensions/network-watcher-linux.md?toc=%2fazure%2fnetwork-watcher%2ftoc.json). The extension is not required on the destination endpoint.
+In this section, you test connectivity between two connected virtual machines.
 
-## Check connectivity to a virtual machine
+1. Sign in to the [Azure portal](https://portal.azure.com).
 
-This example checks connectivity to a destination virtual machine over port 80.
+1. In the search box at the top of the portal, enter *network watcher*. Select **Network Watcher** in the search results.
 
-Navigate to your Network Watcher and click **Connection troubleshoot**. Select the virtual machine to check connectivity from. In the **Destination** section choose **Select a virtual machine** and choose the correct virtual machine and port to test.
+1. Under **Network diagnostic tools**, select **Connection troubleshoot**. Enter or select the following information:
 
-Once you click **Check**, connectivity between the virtual machines on the port specified is checked. In the example, the destination VM is unreachable, a listing of hops are shown.
+    | Setting | Value  |
+    | ------- | ------ |
+    | **Source** |  |
+    | Subscription | Select your Azure subscription. |
+    | Resource group | Select **myResourceGroup**. |
+    | Source type | Select **Virtual machine**. |
+    | Virtual machine | Select **VM1**. |
+    | **Destination** |  |
+    | Destination type | Select **Select a virtual machine**. |
+    | Resource group | Select **myResourceGroup**. |
+    | Virtual machine | Select **VM2**. |
+    | **Probe Settings** |  |
+    | Preferred IP version | Select **IPv4**. |
+    | Protocol | Select **TCP**. |
+    | Destination port | Enter *80*. |
+    | **Connection Diagnostics** |  |
+    | Diagnostics tests | Select **Select all**. |
 
-![Check connectivity results for a virtual machine][1]
+    :::image type="content" source="./media/network-watcher-connectivity-portal/test-virtual-machines-connected.png" alt-text="Screenshot of Network Watcher connection troubleshoot in Azure portal to test the connection between two connected virtual machines.":::
 
-## Check remote endpoint connectivity
+1. Select **Test connection**.
 
-To check the connectivity and latency to a remote endpoint, choose the **Specify manually** radio button in the **Destination** section, input the url and the port and click **Check**.  This is used for remote endpoints like websites and storage endpoints.
+    The test results show that the two virtual machines are communicating with no issues:
 
-![Check connectivity results for a web site][2]
+    - Network security group rules allow traffic between the two virtual machines.
+    - The two virtual machines are directly connected (VM2 is the next hop of VM1).
+    - Azure default system route is used to route traffic between the two virtual machines (Route table Id: System route).
+    - 66 probes were successfully sent with average latency of 2 ms.
 
-## Next steps
+    :::image type="content" source="./media/network-watcher-connectivity-portal/virtual-machine-connected-test-result.png" alt-text="Screenshot of connection troubleshoot results after testing the connection between two connected virtual machines.":::
+
+## Troubleshoot connectivity issue between two virtual machines
+
+In this section, you test connectivity between two virtual machines that have connectivity issue.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. In the search box at the top of the portal, enter *network watcher*. Select **Network Watcher** in the search results.
+
+1. Under **Network diagnostic tools**, select **Connection troubleshoot**. Enter or select the following information:
+
+    | Setting | Value  |
+    | ------- | ------ |
+    | **Source** |  |
+    | Subscription | Select your Azure subscription. |
+    | Resource group | Select **myResourceGroup**. |
+    | Source type | Select **Virtual machine**. |
+    | Virtual machine | Select **VM1**. |
+    | **Destination** |  |
+    | Destination type | Select **Select a virtual machine**. |
+    | Resource group | Select **myResourceGroup**. |
+    | Virtual machine | Select **VM3**. |
+    | **Probe Settings** |  |
+    | Preferred IP version | Select **IPv4**. |
+    | Protocol | Select **TCP**. |
+    | Destination port | Enter *80*. |
+    | **Connection Diagnostics** |  |
+    | Diagnostics tests | Select **Select all**. |
+
+    :::image type="content" source="./media/network-watcher-connectivity-portal/test-two-virtual-machines.png" alt-text="Screenshot of Network Watcher connection troubleshoot in Azure portal to test the connection between two virtual machines.":::
+
+1. Select **Test connection**.
+
+    The test results show that the two virtual machines are not communicating:
 
-Learn how to automate packet captures with Virtual machine alerts by viewing [Create an alert triggered packet capture](network-watcher-alert-triggered-packet-capture.md)
+    - The two virtual machines are not connected (no probes were sent from VM1 to VM3).
+    - There is no route between the two virtual machines (Next hop type: None).
+    - Azure default system route is the route table used (Route table Id: System route).
+    - Network security group rules allow traffic between the two virtual machines.
 
-Find if certain traffic is allowed in or out of your VM by visiting [Check IP flow verify](diagnose-vm-network-traffic-filtering-problem.md)
+    :::image type="content" source="./media/network-watcher-connectivity-portal/virtual-machines-test-result.png" alt-text="Screenshot of connection troubleshoot results after testing the connection between two virtual machines that are not communicating.":::
+
+## Test connectivity with `www.bing.com`
+
+In this section, you test connectivity between a virtual machines and `www.bing.com`.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. In the search box at the top of the portal, enter *network watcher*. Select **Network Watcher** in the search results.
+
+1. Under **Network diagnostic tools**, select **Connection troubleshoot**. Enter or select the following information:
+
+    | Setting | Value  |
+    | ------- | ------ |
+    | **Source** |  |
+    | Subscription | Select your Azure subscription. |
+    | Resource group | Select **myResourceGroup**. |
+    | Source type | Select **Virtual machine**. |
+    | Virtual machine | Select **VM1**. |
+    | **Destination** |  |
+    | Destination type | Select **Specify manually**. |
+    | Resource group | Enter *www.bing.com*. |
+    | **Probe Settings** |  |
+    | Preferred IP version | Select **IPv4**. |
+    | Protocol | Select **TCP**. |
+    | Destination port | Enter *443*. |
+    | **Connection Diagnostics** |  |
+    | Diagnostics tests | Select **Connectivity**. |
+
+    :::image type="content" source="./media/network-watcher-connectivity-portal/test-bing.png" alt-text="Screenshot of Network Watcher connection troubleshoot in Azure portal to test the connection between a virtual machines and Microsoft Bing search engine.":::
+
+1. Select **Test connection**.
+
+    The test results show that `www.bing.com` is reachable from **VM1** virtual machine:
+
+    - Connectivity test is successful with 66 probes sent with an average latency of 3 ms.
+
+## Next steps
 
-[1]: ./media/network-watcher-connectivity-portal/figure1.png
-[2]: ./media/network-watcher-connectivity-portal/figure2.png
+Learn how to [automate virtual machines packet captures](network-watcher-alert-triggered-packet-capture.md)