Thank you for your post!
Error Message:
Failed to establish the new connection....
I understand that you're encountering an error while attempting to deploy a secret into one of the Key Vaults from a Virtual Machine (VM) hosted in a different subnet. Based off your error message, this seems to be more along the lines of a network configuration issue, connectivity problem, or misconfiguration(s) in the private endpoints and DNS settings.
To help point you in the right direction and troubleshoot this, can you:
- Verify that the VM trying to deploy the Secret has network connectivity to the Key Vault over a private link? You should be able to do this by performing a DNS resolution of the Key Vault resource endpoint from the VM and ensuring that it resolves to a private IP address.
- Can you also validate the DNS resolution of your Key Vault's resource endpoint. You can do this by performing a DNS lookup of the Key Vault resource endpoint from the VM and ensuring that it resolves to a private IP address. If the DNS resolution fails or resolves to a public IP address, it could indicate a misconfiguration in the private DNS zone or a connectivity issue.
- Lastly, if you're still having issues can you see if debugging with Fiddler helps to capture any other details / errors?
Additional Links:
- Diagnose private links configuration issues on Azure Key Vault
- Troubleshoot networking issues
- Integrate Key Vault with Azure Private Link
- Access Azure Key Vault behind a firewall
I hope this helps!
If you are still having issues, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.