Virtual Network Error

Question

Virtual Network Error

Peter King 20

Hello all,

I am currently trying to connect an App from our App Service Plan to our SQL Managed Instance. I am trying to do this via virtual network integration to our hub, which can communicate to both resources.

User's image

More information:

Originally we had Subscription 1, this is where our Hub+Spoke network existed and our SQL managed instance existed on a spoke. Our development team joined the Azure project, and created Subscription 2. We peered the hub from Sub1 to some new spokes on Sub2. They developed some apps and wanted to communicate with the SQL managed instance in Sub1. We added vnet integration from the apps in Sub2 to the hub in Sub1, this allowed them to communicate via peering to spoke networks (SQL-MI) in Sub1. This worked and vnet integration was successful, we did not get the above error.

We then decided to move our hub and other shared resources into a new subscription, Sub3, so that each department would have their own subscription. We severed all the connections to the hub, and used the resource mover to move the hub vnet into Sub3. Now, the hub and spoke network is built over 3 subscriptions, with Sub1 and Sub2 talking to each other via the hub in Sub3.

When we tried to add virtual network integration for the apps in Sub2 to the new hub location in sub3, we get the above error.

Some things I have tried already:

I have tried adding vnet integration to a new test/dummy vnet AND subnet in Sub3 which did not work.
I have tried adding vnet integration to a new test/dummy vnet AND subnet in Sub1, which did work. Why is this?
I have added everything I can think of to IAM for Sub3 and Sub1. This includes user profiles of everyone involved and all managed identities from Sub2. All added at contributor level.

Any information on the above error message is greatly appreciated.

Thank you.

Peter King 20 Reputation points

2025-04-16T15:11:48.93+00:00

Hi @Silvia Wibowo
This comment was a great help, thank you.
Silvia Wibowo 5,706 Reputation points Microsoft Employee

2025-04-16T19:45:11.2966667+00:00

Hi @Peter King , I've converted my comment to answer.

Please accept my answer if it helps you solve your issue. Original posters help the community find answers faster by identifying the correct answer. Here is how. Thank you.

Accepted answer

0 additional answers

Your answer

Peter King 20 Reputation points

2025-04-16T15:11:48.93+00:00

Hi @Silvia Wibowo
This comment was a great help, thank you.
Silvia Wibowo 5,706 Reputation points Microsoft Employee

2025-04-16T19:45:11.2966667+00:00

Hi @Peter King , I've converted my comment to answer.

Please accept my answer if it helps you solve your issue. Original posters help the community find answers faster by identifying the correct answer. Here is how. Thank you.

Answer 1

Hi @Peter King , please review the prerequisites of App Service vnet integration:

The virtual network integration feature requires:

An App Service pricing tier that supports virtual network integration.
A virtual network in the same region with an empty subnet.

The subnet must be delegated to Microsoft.Web/serverFarms. If you don't delegate before integration, the provisioning process configures this delegation. The subnet must be allocated an IPv4 /28 block (16 addresses). We recommend that you have a minimum of 64 addresses (IPv4 /26 block) to allow for maximum horizontal scale.

If the virtual network is in a different subscription than the app, ensure that the subscription with the virtual network is registered for the Microsoft.Web resource provider. The provider is registered when you create the first web app in a subscription. To explicitly register the provider, see Register resource provider.

Share via

Virtual Network Error

0 additional answers

Your answer