Outbound network access is restricted. The hostname 'AISearchName.search.windows.net' for parameter 'endpoint' is not in the allowed FQDN list for this resource.

Question

I am using this Microsoft Repository: sample-app-aoai-chatGPT. Over the weekend, our chatbot functionality stopped working with this error message: Outbound network access is restricted. The hostname 'AiSearchResource.search.windows.net' for parameter 'endpoint' is not in the allowed FQDN list for this resource.

Details:

• We have private network disabled for all resources
• Our AI Search has shared private access to the web app, openai resource, and storage account
• All our resources have private endpoints and private DNS configuration
• All our resources have managed identity on, and the correct roles as defined here
• All our resources have "Allow Azure services on the trusted services list to access this cognitive services account." checked in their networking settings
• On our AI Search, the customer visible FQDN is AiSearchResource.search.windows.net, our configuration FQDN AiSearchResource.privatelink.search.windows.net in the private DNS zone privatelink.search.windows.net
• On our OpenAI resource, the customer visible FQDN is OpenAiResource.openai.azure.com, our configuration FQDN OpenAiResource.privatelink.openai.azure.com in the private DNS zone privatelink.openai.windows.net
• Our log stream is:

    2024-08-13T17:24:46.024218847Z Traceback (most recent call last):
    2024-08-13T17:24:46.024224847Z   File "/tmp/8dcbba4ca0a7306/app.py", line 724, in conversation_internal
    2024-08-13T17:24:46.024229148Z     result = await stream_chat_request(request_body, request_headers)
    2024-08-13T17:24:46.024233548Z              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024237748Z   File "/tmp/8dcbba4ca0a7306/app.py", line 677, in stream_chat_request
    2024-08-13T17:24:46.024240948Z     response, apim_request_id = await send_chat_request(request_body, request_headers)
    2024-08-13T17:24:46.024243648Z                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024246248Z   File "/tmp/8dcbba4ca0a7306/app.py", line 586, in send_chat_request
    2024-08-13T17:24:46.024248848Z     raise e
    2024-08-13T17:24:46.024251248Z   File "/tmp/8dcbba4ca0a7306/app.py", line 579, in send_chat_request
    2024-08-13T17:24:46.024253948Z     raw_response = await azure_openai_client.chat.completions.with_raw_response.create(**model_args)
    2024-08-13T17:24:46.024256548Z                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024259148Z   File "/tmp/8dcbba4ca0a7306/antenv/lib/python3.11/site-packages/openai/_legacy_response.py", line 353, in wrapped
    2024-08-13T17:24:46.024269348Z     return cast(LegacyAPIResponse[R], await func(*args, **kwargs))
    2024-08-13T17:24:46.024272148Z                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024274748Z   File "/tmp/8dcbba4ca0a7306/antenv/lib/python3.11/site-packages/openai/resources/chat/completions.py", line 1289, in create
    2024-08-13T17:24:46.024277448Z     return await self._post(
    2024-08-13T17:24:46.024279948Z            ^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024282548Z   File "/tmp/8dcbba4ca0a7306/antenv/lib/python3.11/site-packages/openai/_base_client.py", line 1826, in post
    2024-08-13T17:24:46.024285148Z     return await self.request(cast_to, opts, stream=stream, stream_cls=stream_cls)
    2024-08-13T17:24:46.024287748Z            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024290248Z   File "/tmp/8dcbba4ca0a7306/antenv/lib/python3.11/site-packages/openai/_base_client.py", line 1519, in request
    2024-08-13T17:24:46.024293049Z     return await self._request(
    2024-08-13T17:24:46.024295549Z            ^^^^^^^^^^^^^^^^^^^^
    2024-08-13T17:24:46.024298349Z   File "/tmp/8dcbba4ca0a7306/antenv/lib/python3.11/site-packages/openai/_base_client.py", line 1620, in _request
    2024-08-13T17:24:46.024301149Z     raise self._make_status_error_from_response(err.response) from None
    2024-08-13T17:24:46.024303849Z openai.BadRequestError: Error code: 400 - {'error': {'requestid': 'a2b8687a-54d3-45c4-b607-49761fa8a2f3', 'code': 400, 'message': "Outbound network access is restricted. The hostname 'AiSearchResource.search.windows.net' for parameter 'endpoint' is not in the allowed FQDN list for this resource."}}
  

Answer 1

Hello Sydney Beck,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having issue related to outbound network access restrictions for your Azure resources.

Regarding your explanation, the error indicates that the hostname AiSearchResource.search.windows.net is not on the allowed list for outbound network access in your Azure setup. Therefore, there are couples of a few things that can causes this to happen, such as Virtual Network, Firewall, or Network Security Group which are enforcing the outbound network access restrictions. To resolve this without leaving any stones untouched, the below are online resources that provide detailed guidance on resolving this type of issue. Kindly check it out one after the other:

• https://learn.microsoft.com/en-us/azure/private-link/troubleshoot-private-link
• https://learn.microsoft.com/en-us/azure/virtual-network/security-overview#network-security-groups
• https://learn.microsoft.com/en-us/azure/firewall
• https://learn.microsoft.com/en-us/azure/cognitive-services/overview#allow-azure-services-to-access-your-resource

Accept Answer

I hope this is helpful! Do not hesitate to let me know if you have any other questions.

** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

Best Regards,

Sina Salam