2

PROBLEM:

I'm able to connect to the Azure SQL Database using the private link from VM within the virtual network, but not from my pc trough virtual network gateway

azure topology

  1. In sqlserver1 firewall, I have denied public network access.
  2. From MyVM in the myvnet, I'm able to connect to the sqlserver1 using FQDN. nslookup shows correctly private address 10.0.0.4
  3. I connected my pc to the vnet using the gateway. I'm able to ping MyVM using private adresss 10.0.0.5.
  4. When I try to connect to the sqlserver1 using FQDN, I get error:

    An instance-specific error occurred while establishing a connection to SQL Server. The public network interface on this server is not accessible. To connect to this server, use the Private Endpoint from inside your virtual network. (Microsoft SQL Server, Error: 47073)

So it looks like that it's using the public dns record and not the private dns zone that I have created with the private endpoint. How can I connect to the database?

Improve this question

2 Answers 2

Reset to default
2

In this case, you can use NSLOOKUP FQDN on the PC to verify if the private DNS zone issue.

You need to correctly configure your DNS settings to resolve the allocated private IP address. You can follow On-premises workloads using a DNS forwarder and this blog about Azure SQL DB Private Link / Private Endpoint - Connectivity Troubleshooting.

It's not recommended to override a zone that is actively in use to resolve public endpoints. Connections to resources won't be able to resolve correctly without DNS forwarding to the public DNS. To avoid issues, create a different domain name or follow the suggested name for each service below.

To configure properly, you need the following resources:

  • On-premises network
  • Virtual network connected to on-premises
  • DNS forwarder deployed in Azure
  • Private DNS zones privatelink.database.windows.net with type A record
  • Private endpoint information (FQDN record name and private IP address)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

the nslookup on the PC does indeed return public ip. So you are saying that the only way is to deploy a VM with DNS forwarder?
Almost, you can use your current VM as the DNS server or other DNS proxy. You also could use the host file (only recommended for testing).
1

Ran into same issue, just updated the host entry in my system. then it was a charm.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.