Trouble connecting to new Azure SQl Managed Instance from Azure VM in same vnet.

Question

Trouble connecting to new Azure SQl Managed Instance from Azure VM in same vnet.

Alex Swetz 20

Hello. I have set up a new Azure SQL Managed Instance and imported copies of my databases. I have an Azure VM in the same VNET (but different subnet) that will ultimately connect to these databases to run an application. This VM is running Windows Server 2022.

I also have an Azure VPN gateway configured on this VNET and can connect with my laptop via Point to Site VPN.

I can connect to the SQL Managed Instance over the P2S VPN from my laptop using SSMS without any problems.

However, I cannot seem to connect to the SQL Managed Instance from the Azure VM.

I have checked all the usual things, including the following:

Windows firewall on the VM
Azure Network Security Groups on both the SQL subnet and the VM subnet

Interestingly enough, I ran an nmap scan from the VM to the entire SQL MI subnet. The nmap scan reveals that I can connect to some of the IP addresses within the SQL MI subnet, but not the primary SQL IP address, i.e. the IP address that the SQL MI host name (xxx.database.windows.net) resolves to.

I've tried rebooting the VM a number of times. I even tried moving the entire SQL MI to a new subnet to see if that would help - no change, same problem.

I've tried running packet captures and various Azure networking troubleshooting tools - nothing is helping and I'm out of ideas.

Does anyone have any thoughts? Am I missing something obvious?

Thanks in advance!

SSingh-MSFT 16,461 Reputation points Moderator

2024-03-04T04:47:45.01+00:00

Hi Alex Swetz •,

I would recommend you to please file a support ticket for deeper investigation and in case if you don't have a support plan, do let us know here so that we can check on other options to unblock you. Thanks

Answer accepted by question author

Silvia Wibowo 6,071 Microsoft Employee

Hi @Alex Swetz , thank you for your update that your issue has been resolved.

Problem: Azure SQL Managed Instance cannot be accessed from an Azure VM in the same VNET, different subnet from SQL MI. The VM is running Windows Server 2022. The same SQL Managed Instance can be accessed over the P2S VPN from a laptop using SSMS. All possible blocker has been checked: Windows firewall, NSG, DNS.

Solution: created a new VM in a new subnet on the same vnet. The new VM can access SQL MI.

0 comments

2 additional answers

Your answer

SSingh-MSFT 16,461 Reputation points Moderator

2024-03-04T04:47:45.01+00:00

Hi Alex Swetz •,

I would recommend you to please file a support ticket for deeper investigation and in case if you don't have a support plan, do let us know here so that we can check on other options to unblock you. Thanks

Answer 1

Alex Swetz 20

Hi Silvia. I have already checked DNS resolution - that piece is working just fine. I resolved my problem by building a new VM in a new subnet on the same vnet. The connection to the SQL managed instance from the new VM is working just fine. No clue what the difference is, but oh well. Thanks for your feedback!

0 comments

Answer 2

Silvia Wibowo 6,071 Microsoft Employee

Hi @Alex Swetz , please check the connection type of your SQL MI Vnet-Local endpoint. If you didn't change anything, by default it is using Proxy connection type. To enable connectivity, only port 1433 for private networks and port 3342 for public connection need to be opened.

Try changing the Vnet-Local endpoint to Redirect connection type. Make sure that your Network Security Groups (NSG) allow access on ports 1433, and 11000-11999.

More info: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connection-types-overview?view=azuresql#connection-types

Alex Swetz 20 Reputation points

2024-02-28T13:54:28.7133333+00:00

Hi @Silvia Wibowo , thank you for your response. I have tried using both Proxy mode and Redirect mode - it doesn't seem to make a difference either way. In both modes, I can connect successfully from my laptop via P2S VPN, but not from the Azure VM in the same vnet. I currently have allowed all traffic over all ports between the SQL MI and VM subnets using their respective NSG's. I have also tried disabling Windows Firewall on the VM to see if that would change anything - no difference, still getting errors. For additional context, here's the error message I get when I try to connect from the VM using SSMS:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Framework Microsoft SqlClient Data Provider)> ------------------------------> For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-10060-database-engine-error> ------------------------------> Error Number: 10060> Severity: 20> State: 0

My best, Alex
Silvia Wibowo 6,071 Reputation points Microsoft Employee

2024-02-29T03:10:48.4733333+00:00

Hi @Alex Swetz , another item to check is DNS server. If the virtual network is configured to use a custom DNS server, the DNS server must be able to resolve public DNS records. Could you please check from inside your Azure VM, are you getting name resolution correctly for SQL MI DNS name? Open a PowerShell and execute this command (replace mi_name and dns_zone with correct values for your SQL MI):

nslookup <mi_name>.<dns_zone>.database.windows.net

Share via

Trouble connecting to new Azure SQl Managed Instance from Azure VM in same vnet.

2 additional answers

Your answer