How do I connect to Azure SQL Database using Private Endpoint trough VPN gateway

1
votes

PROBLEM:

I'm able to connect to the Azure SQL Database using the private link from VM within the virtual network, but not from my pc trough virtual network gateway

azure topology

  1. In sqlserver1 firewall, I have denied public network access.
  2. From MyVM in the myvnet, I'm able to connect to the sqlserver1 using FQDN. nslookup shows correctly private address 10.0.0.4
  3. I connected my pc to the vnet using the gateway. I'm able to ping MyVM using private adresss 10.0.0.5.
  4. When I try to connect to the sqlserver1 using FQDN, I get error:

    An instance-specific error occurred while establishing a connection to SQL Server. The public network interface on this server is not accessible. To connect to this server, use the Private Endpoint from inside your virtual network. (Microsoft SQL Server, Error: 47073)

So it looks like that it's using the public dns record and not the private dns zone that I have created with the private endpoint. How can I connect to the database?

1
azureazure-sql-databaseazure-virtual-network

1 Answers

1
votes

In this case, you can use NSLOOKUP FQDN on the PC to verify if the private DNS zone issue.

You need to correctly configure your DNS settings to resolve the allocated private IP address. You can follow On-premises workloads using a DNS forwarder and this blog about Azure SQL DB Private Link / Private Endpoint - Connectivity Troubleshooting.

It's not recommended to override a zone that is actively in use to resolve public endpoints. Connections to resources won't be able to resolve correctly without DNS forwarding to the public DNS. To avoid issues, create a different domain name or follow the suggested name for each service below.

To configure properly, you need the following resources:

  • On-premises network
  • Virtual network connected to on-premises
  • DNS forwarder deployed in Azure
  • Private DNS zones privatelink.database.windows.net with type A record
  • Private endpoint information (FQDN record name and private IP address)