I've just had the same problem. Hope this might help someone that cannot solve it through any other means found elsewhere:
- I had two Azure VMs, one for the Web server and one for the SQL Server.
- Both VMs were in the same virtual network, but each had it's own NSG.
I noticed that even when I was setting up rules in the NSG for the SQL Server VM, the rules defined in the NSG for my other Web server VM still applied.
I resolved it by using only single NSG for the whole virtual network (both VMs) and defining the rules there. But that sure was some unexpected behavior that took me a while to track down.