My work requires me to login to a Virtual Machine hosted by Azure, and I access that machine using Windows Remote Desktop. I must whitelist my IP address, however, so if I’m traveling, I update this each time before I’m able to access the VM.
I cannot connect to the Virtual Machine using my Pixel 5’s mobile hotspot feature on the AT&T network. I can load web pages fine, but my Windows Remote Desktop does not seem to like the IPv4 from my phone. Tried using my wife’s iPhone (also on AT&T) hotspot and it did not work using hers either.
Separately, my colleague has an iPhone on Verizon and using his phone’s hotspot HAS worked for me, so I believe it’s a problem with either a setting from AT&T or a configuration within Azure.
I’ve been on the phone with AT&T Support who said they do not have any restrictions on the mobile hotspot feature. In the past, they blocked some gaming sites because of the bandwidth constraints, but it doesn’t seem to apply to my issue.
Any ideas would be greatly appreciated!!!
I’ve heard of this a few times before. Seems to be related to the CG-NAT and HTTP proxy AT&T uses. Is your Windows Remote Desktop session using an RDP gateway? Or is it port 3389 direct over the internet?
RDP Gateway runs on tcp/443 and behaves like an HTTPS server, which likely causes it to get mangled by AT&T’s proxy. Even if you’re making a direct connection on port 3389 and whitelisting that in Azure Firewall, the IP on your phone won’t be the same as the egress IP from AT&T’s network due to the CG-NAT.
My suggestion would be to see if you can get a VPN into your Azure environment and tunnel the RDP session inside of that instead. The VPN will encapsulate the RDP traffic to secure it, and AT&T won’t be able to mangle that VPN session.
And rather than using IP whitelisting, consider certificate-based auth so that you can use your user or device identity to secure your resources rather than having to make manual firewall adjustments every time you connect remotely.
It’s astounding to me that your company allows you to access their VM from THE WILD INTERNET SIMPLY THROUGH A WHITEISTED IP THAT COULD LITERALLY BE RELEASED TO ANYONE ELSE IN THE WORLD and not a VPN. Use a VPN. Ask your IT department why they don’t have one?
Are you using an iPhone as well?
It not, it would seem the processor / hotspot feature your android phones offer isn’t capable of handling the workload / bandwidth required by your attempted connection requires.
Swap your SIM to an iPhone or android with higher RAM/ROM processor than you have presently in yours & your wife’s phones and attempt connecting.
I can confirm. My workstation is always connected to my company’s VPN and I have no issues connecting to Azure VMs (or anything else) when using hot spot.
I don’t think you got a single thing correct in your comment. 
Since you’ve provided stellar assistance in providing a resolution, I figured I’d state some additional facts rather than my opinions.
-
Azure VM requires a consistent minimum connection of 40MBPS down and 5MBPS up per user with no other competing traffic on the local network.
-
Azure VM recommends a consistent connection of 100MBPS down and 10MBPS up.
-
Latency minimum 80ms or less, recommended 40ms or less.
Lastly without all the variables such a location, settings, etc. it makes it virtually impossible to provide a one stop resolution unless there’s a known issue resolution, which doesn’t apply to this scenario.
Everybody has heard the phrase; opinions are like assholes and everybody’s got one. You don’t walk around with your asshole out all day do you? Apply the same to your opinions and the world would be a better place.
