Andrei Bathory Apologies for the delay in response!!
Setting up a Windows cluster in Azure with a private endpoint as a cloud witness is a valid configuration, but it does require careful configuration and troubleshooting, especially if you encounter below error. Here are some steps to troubleshoot and resolve the issue:
An error occurred while validating access to Azure from cluster node 'localhost'. Verify the Azure storage account name, storage account type, storage account key, and network connectivity over HTTPS.
Step1: Check Azure Storage Account Configuration:
- Verify that the Azure Storage Account (SA) you are using for the cloud witness is correctly configured.
- Ensure that the storage account name and key you provided during the witness setup are accurate. You may want to regenerate the storage account key to make sure you are using the correct one.
- Confirm that the storage account is in the same Azure region as your cluster or at least in a region that allows cross-region replication.
- Make Sure to provide correct Azure service endpoint as core.windows.net not privatelink.blob.core.windows.net
Step:2 Network Configuration:
- Verify that the private endpoint you created is correctly configured, auto-approved, and DNS registered.
- Double-check the subnet configuration of the private endpoint. It should be in the same virtual network and subnet as your cluster nodes.
- Ensure that the private endpoint's DNS settings are correctly configured to resolve the storage account's FQDN (
xxx.privatelink.blob.core.windows.net
) to the private IP address of the private endpoint. - Ensure that there are no network security group (NSG) rules, route tables and No Network policy on the on Private Endpoint Subnet
- Confirm that your cluster nodes have internet connectivity or access to Azure services over HTTPS. If you've restricted outbound traffic, make sure that the private endpoint is exempt from these restrictions.
Step:3 TLS Version:
- Azure requires TLS 1.2 for secure communication. While you mentioned TLS 1.0 for your storage account, ensure that TLS 1.2 is also enabled and supported for secure communication.
- Also make sure to enable Secure transfer protocol.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.