Share via

SQL Server can't accessed by app services even though they're in same vnet (2 different subnets)

Suresh, Subin (GB) 40 Reputation points
2024-06-21T13:49:46.1433333+00:00

Hi,

I recently configured a virtual network for one of my applications which has 2 subnets - appnet and datanet. The Sql server is in datanet and app services are in app net. While running the application, the network is rejecting the ipaddresses for appservices even though they are in the virtual network. Do I need to do some additional configuration to make this work? The only procedure I did was create vnet, add an address space with 2 subnets and configure these subnets for the respective resources.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,270 questions
Accepted answer
  1. Sreeju Nair 12,181 Reputation points
    2024-06-23T05:40:38.61+00:00

    Consider the following and see whether you can establish connectivity?

    1. Did you check the Network Security Groups configuration - Make sure both subnets allow traffic between them. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

    Refer: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

    1. If you are using Azure SQL, make sure you properly configured service endpoints. Refer: https://azure.microsoft.com/en-us/blog/vnet-service-endpoints-for-azure-sql-database-now-generally-available/
    2. If you are using Azure SQL Managed instance, ensure you configure private endpoints to securely connect to the SQL Server with in the VNet.

    Refer: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/private-endpoint-overview?view=azuresql&tabs=separate-vnets

    Hope this helps.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ben Gimblett 3,835 Reputation points Microsoft Employee
    2024-06-21T14:45:07.17+00:00

    Hi - Thanks for the question.

    I am not 100% sure what steps you took so far or what the error is you're seeing.

    But, very broadly, if the aim is to secure comms between your App Service App and the dependent database you need to do the following (you already have the vnet and two subnets)
    (1) Enable regional vnet integration from App service toward the "appnet" subnet
    https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-enable
    make sure you pay close attention to the prerequisites / subnet sizing etc etc
    (2) add a private link endpoint to the SQL server (assuming this is SQL DB). If it's SQL on a VM(s) then I assume that's already privately accessible
    Private link for SQL DB see here https://learn.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-sql-portal

    App Service KUDU has some networking tools which can be useful to check connectivity , nameresolver , tcpping etc REF https://learn.microsoft.com/en-us/troubleshoot/azure/app-service/troubleshoot-vnet-integration-apps

    Please use comments to provide further information so we can help you