2

I have an existing VS2010 ASP.NET webforms site that I am trying to get running on Azure as a POC for a client.

I migrated the site to a VS2012 project, added an Azure Cloud Service Project, and have deployed the site as well as the back end DB to a 3 month trial account.

I've added the IP address of my dev machine to the firewall rules for the Azure db, and I can run the project locally and connect to the Azure db without incident.

On the firewall rules for the website, I have Windows Azure Services set to yes under Allowed services. I have no other rules in place other than the one for my dev machine.

When trying to access the site from the site deployed to Azure, I get the following exception:

Cannot open server requested by the login. Client with IP address '137.135.65.13' is not allowed to access the server. To enable access, use the SQL Azure Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range. It may take up to five minutes for this change to take effect. Login failed for user . This session has been assigned a tracing ID of . Provide this tracing ID to customer support when you need assistance.

The site works normally if I add a firewall rule for the azure server IP address, but doesn't this defeat the whole purpose of Azure? Shouldn't allowing Azure services handle this? Is there an additional config item necessary or am I missing something basic in the design? I'm not sure if this is related but the site was deployed by VS2012 as a cloud service instead of a website, is this the issue? I also added the db as a linked resource in the cloud service but that didn't seem to have any effect.

Improve this question
2
  • 1
    Did you try linking the SQL server DB as a resource from the cloud service like this? Commented May 7, 2013 at 3:57
  • I would assume that since WebSites is a preview feature of Windows Azure, some of its allocated IP address ranges are not in the "Azure SErvices" list. I believe this will change when Web Sites become generally available. Another thing that might be causing the issue, could be possible location missmatch - i.e. your Web Site is in North Europe, while your SQL Azure server is in West Europe. In either way I haven't faced such an issue before, so I leave it to the fact Web Sites being preview. Commented May 7, 2013 at 6:33

2 Answers 2

Reset to default
8

Adding the DB as a linked resource for the WebSite will fix the problem w/out having to muck about with firewall settings.

  1. Go to your website in m.anage.windowsazure.com.
  2. Go to the LINKED RESOURCES tab.
  3. Press the LINK button on the bottom of the page
  4. Select your DB from the modal dialog
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Note: This worked for me too, but it took about an hour until it kicked in, so give it time before you give up on it...
2

This is a bug in Azure. Newer IP ranges aren't included in their boiler plate "Azure Services" configuration, or something like that.

Been happening for a long time (at least ~3 years), unfortunately.

Happens with Web Roles, Worker Roles, and VMs as well - NOT specific to Web Sites. We regularly hit this with our Web and Worker Roles in US East but never saw it once in US North.

Our work-around is to add the range: 10.0.0.0-10.255.255.255. Probably not the most secure work-around but fortunately, this has so far only hit our Dev environments and not any of our Production environments.

Improve this answer

3 Comments

Originally commented that you could enter individual subnet ranges from the Datacenter IP Ranges document. However: I looked and couldn't find a range that included the OP's IP address (the 137.135.0.0/18 range in West US that I thought would cover it only allows through 137.135.63.x). If the SQL firewall uses the same IP range doc as input, then this corroborates @Jaxidian's assertion and you'd need to manually enter IP addresses until the range doc is updated.
Also note that for us, not being able to find the public IP in what David mentioned was our indication that we had to add our private IP range. Seems a little bass backwards but that's been our experience.
This is unacceptable. Microsoft needs to get it together! What a waste of time.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.