Connection via Cloud Identity-Aware Proxy Failed

Question

We have an instance running in US-central-1 zone which started getting an error as follows:

Connection via Cloud Identity-Aware Proxy Failed Code: 4003 Reason: failed to connect to backend You may be able to connect without using the Cloud Identity-Aware Proxy.

I'm unable to connect without using the Cloud Identity-Aware Proxy either, where it shows the following message:

We are unable to connect to the VM on port 22.

The website running on this instance is a live ecommerce platform without another running backup instance. Please resolve this issue as soon as possible.

PS: We haven't made any changes to the VM after it was found working. And we are not touching any quota limits.

Check your firewall. – Michael Hampton Oct 04 '20 at 13:51 — Michael Hampton, Oct 04 '20 at 13:51
Can you elaborate this? How should I check that? – user594268 Oct 04 '20 at 13:57 — user594268, Oct 04 '20 at 13:57
It's right in your Google Cloud console. – Michael Hampton Oct 04 '20 at 13:59 — Michael Hampton, Oct 04 '20 at 13:59
I mean what to check in it – user594268 Oct 04 '20 at 14:00 — user594268, Oct 04 '20 at 14:00
tcp:22 is allowed with type Ingress – user594268 Oct 04 '20 at 14:01 — user594268, Oct 04 '20 at 14:01

score 4 · Answer 1 · edited Dec 15 '22 at 18:16

If the allowed Ingress for tcp:22, included your source/s IP then there is no issue with the GCP firewall and my suggestion is to do the following steps and established a serial connection to your VM and after that will be able to check the SSH service is up and in the listening mode or even check for any firewall blocking inside your VM.

Go to the VM instances page in Google Cloud Platform console.
Click on the instance for which you want to add a startup script.
Click the Edit button at the top of the page.
Click on 'Enable connecting to serial ports'
Under Custom metadata, click Add item.
Set 'Key' to 'startup-script' and set 'Value' to this script:

#!/bin/bash
 
useradd -G sudo USERNAME
 
echo 'USERNAME:PASSWORD' | chpasswd

NOTE: Change the value of USERNAME & PASSWORD to the username and password of your choice.

Click Save and then click RESET on the top of the page. You might need to wait for some time for the instance to reboot.
Click on 'Connect to serial port' in the page.
In the new window, you might need to wait a bit and press on Enter of your keyboard once; then, you should see the login prompt.
Login using the USERNAME and PASSWORD you provided.

score 0 · Answer 2 · answered Jan 06 '23 at 22:23

0

Make sure that the VMs are tagged with the same target tag that you specified in your firewall rule. For example, the tag might be called something like allow-ssh.

answered Jan 06 '23 at 22:23

Betsy Lichtenberg

1

cesiya1944 · Answer 3 · 2023-05-26T15:06:25.240

0

Google Cloud forum post on solution provided by @Ali Reza Izadi.

Refer here

Video Demo

Correct script:

#!/bin/bash
useradd USERNAME
echo USERNAME:PASSWORD | chpasswd

edited May 26 '23 at 15:06

answered May 26 '23 at 15:03

cesiya1944

1
2

Connection via Cloud Identity-Aware Proxy Failed

3 Answers3