Share via

unable to connect local node.js with CosmosDb having public access and private link enabled

Bharath 10 Reputation points
2023-07-13T06:04:49.3333333+00:00

i have a node.js application running from my local mac. I use it connect to AzureCosmos db instances which have public access enabled without error.

I created a cosmosdb instance with private-endpoint and public access enabled.

In my node.js application i use the endpoint which is public(i.e without private endpoint enabled)

the privatelink format is:

testcosmosdb.privatelink.mongo.cosmos.azure.com

In my node.js application i use the endpoint which is public(i.e without private endpoint in the string, testcosmosdb.mongo.cosmos.azure.com)

MONGODB_CONNECTION="mongodb://testcosmosdb:xR7xqQPOeMegN2LuXPVt5IUwb9HsGEyC0mkASzNwlmb6PEwehRkZCNpfrCxHHErqyP7lCXjxjWwACDbftND3w==@testcosmosdb.mongo.cosmos.azure.com:10255/?ssl=true&replicaSet=globaldb&retrywrites=false&maxIdleTimeMS=120000&appName=@testcosmosdb@"

getting this below: error when the app tries to retrieve collection from 

cosmosdb:MongoServerSelectionError: connection <monitor> to 20.63.92.0:10255 closed    at Timeout._onTimeout (/my-dev/node_modules/mongodb/lib/sdam/topology.js:277:38)    at listOnTimeout (node:internal/timers:559:17)    at processTimers (node:internal/timers:502:7) {  reason: TopologyDescription {    type: 'ReplicaSetNoPrimary',    servers: Map(1) {      'testcosmosdb.mongo.cosmos.azure.com:10255' => [ServerDescription]    },    stale: false,    compatible: true,    heartbeatFrequencyMS: 10000,    localThresholdMS: 15,    setName: 'globaldb',    maxElectionId: null,    maxSetVersion: null,    commonWireVersion: 0,    logicalSessionTimeoutMinutes: null  },  code: undefined,  [Symbol(errorLabels)]: Set(0) {}} [  'MongoServerSelectionError: connection <monitor> to 20.63.92.0:10255 closed',  '    at Timeout._onTimeout (/my-dev/node_modules/mongodb/lib/sdam/topology.js:277:38)',  '    at listOnTimeout (node:internal/timers:559:17)',  '    at processTimers (node:internal/timers:502:7)']

I am not getting this error for cosmosdb instances with just public access and no private endpoints.

if i do ns lookup i am getting proper response

nslookup testcosmosdb.mongo.cosmos.azure.com

Server: 3201:1200:61a9:6b1c::ee

Address: 2301:3900:71c9:5f1c::8e#53

Non-authoritative answer:

testcosmosdb.mongo.cosmos.azure.com canonical name = testcosmosdb.privatelink.mongo.cosmos.azure.com.

testcosmosdb.privatelink.mongo.cosmos.azure.com canonical name = ces-ms-prod-westeurope1-fe1.westeurope.cloudapp.azure.com.

Name: ces-ms-prod-westeurope1-fe1.westeurope.cloudapp.azure.com

Address: 20.63.92.0

Can anyone help here? Thanks

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
492 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,543 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ShaktiSingh-MSFT 14,406 Reputation points Microsoft Employee
    2023-07-13T06:54:18.6933333+00:00

    Hi Bharath •,

    Welcome to Microsoft Q&A forum and thanks for using Azure Services.

    As I understand, you are unable to connect local node.js with CosmosDb having public access and private link enabled.

    We are sorry about the inconvenience you are facing.

    The following limitations apply when you use Private Link with an Azure Cosmos DB account, please check if your account meets below criteria:

    You can't have more than 200 private endpoints on a single Azure Cosmos DB account.

    • When you use Private Link with an Azure Cosmos DB account through a direct mode connection, you can use only the TCP protocol. The HTTP protocol isn't currently supported.
    • When you use Azure Cosmos DB's API for a MongoDB account, a private endpoint is supported for accounts on server version 3.6 or higher (that is, accounts using the endpoint in the format *.mongo.cosmos.azure.com). Private Link isn't supported for accounts on server version 3.2 (that is, accounts using the endpoint in the format *.documents.azure.com). To use Private Link, you should migrate old accounts to the new version.

    When you use Azure Cosmos DB's API for a MongoDB account that has a Private Link, tools and libraries must support Service Name Identification (SNI) or pass the appName parameter from the connection string to properly connect. Some older tools and libraries might not be compatible with the Private Link feature.

    A network administrator should be granted at least the Microsoft.DocumentDB/databaseAccounts/PrivateEndpointConnectionsApproval/action permission at the Azure Cosmos DB account scope to create automatically approved private endpoints.

    • Currently, you can't approve a rejected private endpoint connection. Instead, re-create the private endpoint to resume the private connectivity. The Azure Cosmos DB private link service automatically approves the re-created private endpoint.

    Reference link: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-private-endpoints

    Let us know the result so that we can look into this further if account is fine.

    Thanks

    0 comments