A vendor is trying to dump data in our azure blob storage and they are able to do it from the local environment but are not able to do it from their cloud platform

Shubhjeet Tiwari 0 Reputation points
2024-08-26T08:52:45.7733333+00:00

User's image

This is the error they are getting. I don't exactly know where the issue is.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,088 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,776 questions
Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,151 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Amira Bedhiafi 22,616 Reputation points
    2024-08-26T13:05:59.48+00:00

    I think the client request is blocked by a firewall, network security group, or another networking-related configuration :

    1. Check Network Configuration
    • Firewall Rules: Ensure that there are no firewall rules on the vendor's cloud platform that are blocking outbound traffic to Azure Blob Storage. You may need to whitelist the Azure Blob Storage endpoints.
    • Network Security Group (NSG): If the vendor's cloud platform is using a Virtual Network, check the NSG rules to ensure they allow outbound traffic on the required ports (usually port 443 for HTTPS).
    • VPN/Gateway Issues: If the vendor’s cloud platform is connected to Azure via a VPN or an ExpressRoute connection, ensure that the connection is properly configured and not blocking the necessary traffic.
    1. Validate DNS Resolution
    • Ensure that the vendor’s cloud platform can resolve the DNS for the Azure Blob Storage endpoint correctly. Sometimes, incorrect DNS settings can cause connection issues.
    • You can perform a simple DNS resolution test using tools like nslookup or dig from their cloud environment to verify this.
    1. Check Azure Storage Account Configuration
    • Network Access Restrictions: If the Azure Storage Account is configured to allow access only from specific IP ranges or virtual networks, ensure the vendor's cloud platform's IP range or virtual network is included.
    • Private Endpoints: If you're using Azure Private Endpoints for your storage account, make sure the vendor's cloud environment has the proper VNet peering and routing in place to reach the private endpoint.
    1. Authentication and Access Control
    • Shared Access Signature (SAS): If the vendor is using a SAS token to access the storage, ensure that the token is correctly configured with the appropriate permissions and that it hasn't expired.
    • Azure Active Directory (AAD): If the vendor is authenticating using AAD, make sure their credentials are valid and that they have the necessary role assignments to access the blob storage.
      1. Check Network Configuration
      • Firewall Rules: Ensure that there are no firewall rules on the vendor's cloud platform that are blocking outbound traffic to Azure Blob Storage. You may need to whitelist the Azure Blob Storage endpoints.
      • Network Security Group (NSG): If the vendor's cloud platform is using a Virtual Network, check the NSG rules to ensure they allow outbound traffic on the required ports (usually port 443 for HTTPS).
      • VPN/Gateway Issues: If the vendor’s cloud platform is connected to Azure via a VPN or an ExpressRoute connection, ensure that the connection is properly configured and not blocking the necessary traffic.
      1. Validate DNS Resolution
      • Ensure that the vendor’s cloud platform can resolve the DNS for the Azure Blob Storage endpoint correctly. Sometimes, incorrect DNS settings can cause connection issues.
      • You can perform a simple DNS resolution test using tools like nslookup or dig from their cloud environment to verify this.
      1. Check Azure Storage Account Configuration
      • Network Access Restrictions: If the Azure Storage Account is configured to allow access only from specific IP ranges or virtual networks, ensure the vendor's cloud platform's IP range or virtual network is included.
      • Private Endpoints: If you're using Azure Private Endpoints for your storage account, make sure the vendor's cloud environment has the proper VNet peering and routing in place to reach the private endpoint.
      1. Authentication and Access Control
      • Shared Access Signature (SAS): If the vendor is using a SAS token to access the storage, ensure that the token is correctly configured with the appropriate permissions and that it hasn't expired.
      • Azure Active Directory (AAD): If the vendor is authenticating using AAD, make sure their credentials are valid and that they have the necessary role assignments to access the blob storage.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.