Azure Sql Managed Instance - how to fix "TLS Handshake failed: cannot read handshake packet: EOF"

Greg Yvkoff 151 Reputation points
2024-04-01T22:46:35.1133333+00:00

We have a third party plugin Brightgauge agent that is installed on a local VM, it is getting the following error when we try to configure it to connect to Azure Sql Managed Instance:

TLS Handshake failed: cannot read handshake packet: EOF

The Brightgauge agent requires the following info, which we provided:

  • HostName: xxxx.public.xxxxx.database.windows.net
  • Port: 3342
  • Database Name: [dbname]
  • Db UserName: [user]
  • Db Password: [pwd]

This is what we know:

  • From the VM, test-netconnection executes successfully to the hostname/port.
  • All of our other applications can connect to the Azure Sql Managed Instance just fine, including SSMS that is installed on the VM.
  • The Brightgauge agent can successfully connect to our other Azure Sql Databases, just not Azure Sql Managed Instance
  • On the Azure Sql Managed Instance, we have enabled all traffic on all ports, and enabled public access
  • The connection failed even when we have TLS 1.0 as the minimum version

From the agent logs, the only additional detailed info we get is:

[TEST_NEW_CONNECTION] TRACE_ID: "10.xx.xx.xxx_[random guid]", failed to open connection with database, TLS Handshake failed: cannot read handshake packet: EOF

Where the 10.xx.x.x is an IP defined in the subnet of the managed instance's network security group.

Is there a configuration we are missing that is currently blocking the connection?

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,840 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.