Privatelink for blob storage is not resolvable, but the public link is resolvable - unable to use private endpoint for storage account

Nathan Davis 20 Reputation points
2023-07-05T16:12:35.5333333+00:00

We are attempting to utilize a private endpoint for our storage account with Veeam Backup for Azure. We have noticed that Veeam attempts to resovle storageaccountname.blob.core.windows.net and that correctly points to (The IP Address). However, when attempting to resovle storageaccountname.privatelink.blob.core.windows.net it fails. I have created an A record in the private DNS Zone, but it did not resolve the issue. I think I am missing the CNAME, but I do not see where I can create that record for blob.core.windows.net.

The troubleshooting suggested these two things, but I am not certain how to verify them: Make sure that the fully qualified domain name (FQDN) is assigned correctly, by having an A record (a basic type of DNS record) and a CName correctly configured to the Private Endpoint. The virtual machine (VM) making the request must have its virtual network properly associated with the private DNS zone.

Any help would be greatly appreciated. I've been staring at documentation so long, my head is beginning to spin. This may be what I am missing, but I'm unsure how to configure it https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
718 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,333 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,043 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,598 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
528 questions
{count} votes

Accepted answer
  1. KarishmaTiwari-MSFT 20,462 Reputation points Microsoft Employee
    2023-07-06T02:23:04.6866667+00:00

    @Nathan Davis

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer. Accepted answers show up at the top, resulting in improved discoverability for others.

    Issue: Privatelink for blob storage is not resolvable, but the public link is resolvable - unable to use private endpoint for storage account

    Cause: Customer shared - We have found that for our Private DNS Zone the Virtual Network Link was not configured for the VNET in our testing subscription. Someone had erroneously linked the VNET for the testing subscription to the Private DNS Zone in our production subscription.


    If your issue remains unresolved or have further questions, please let us know in the comments how we can assist. We are here to help you and strive to make your experience better and greatly value your feedback.
    User's image

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Nathan Davis 20 Reputation points
    2023-07-05T19:15:22.6533333+00:00

    We have found that for our Private DNS Zone the Virtual Network Link was not configured for the VNET in our testing subscription. Someone had erroneously linked the VNET for the testing subscription to the Private DNS Zone in our production subscription.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.