Getting Error "FeatureSwitchNotEnabled" while creating MYSQL through ARM template

asked 2021-04-15T22:50:45.697+00:00
Sandeep Wadhwa 1 Reputation point

Hi All,

When I create MySQL through ARM Template there are 2 tasks on which I get FeatureSwitchNotEnabled.

1 - Microsoft.DBforMySQL/servers/firewallRules
2 - Microsoft.DBforMySQL/servers/virtualNetworkRules

Do we need to enable any setting to configure these through ARM template. All other 20-30 operations on MYSql completed successfully, except the above 2.

Any help would be appreciated.

Azure Database for MySQL
Azure Database for MySQL
An Azure managed MySQL database service for app development and deployment.
438 questions
{count} votes

4 answers

Sort by: Most helpful
  1. answered 2021-04-15T23:27:57.257+00:00
    Sandeep Wadhwa 1 Reputation point

    Here is a snippet:

            "type": "Microsoft.DBforMySQL/servers/firewallRules",
            "apiVersion": "2017-12-01",
            "name": "[concat(parameters('DEV-SIT_mysql_name'), '/AllowAllWindowsAzureIps')]",
            "dependsOn": [
                "[resourceId('Microsoft.DBforMySQL/servers', parameters('DEV-SIT_mysql_name'))]"
            "properties": {
                "startIpAddress": "",
                "endIpAddress": ""
    No comments

  2. answered 2021-04-19T06:42:11.21+00:00
    Anurag Sharma 17,251 Reputation points

    Hi @Sandeep Wadhwa , thanks for replying back.

    AllowAllWindowsAzureIps and publicNetworkAccess both don't go together, hence we are facing the error while deploying the ARM template.

    Even if we go to portal and check 'Deny public network access' it says "You may optionally choose to disable, but retain configuration for the firewall rules and virtual networks below. When 'Deny public network access' is set to yes, only private endpoint connections will be allowed to access this resource"

    In azure portal as well if I set this value to 'yes', the remaining fields disable which is what we observe through ARM template as well.


    Please let me know if this helps or else we can discuss further.


    If answer helps, please mark it 'Accept Answer'

  3. answered 2021-04-21T15:08:46.523+00:00
    Sandeep Wadhwa 1 Reputation point

    Yes - it is Azure Linux-PHP WebApp on which we have deployed Drupal, which can connect to MYSQL DB with those settings I sent earlier.

  4. answered 2021-04-23T05:39:11.453+00:00
    Anurag Sharma 17,251 Reputation points

    Hi @Sandeep Wadhwa , thanks for your patience. I received the reply from product group.

    So order of operation for ARM template and Portal is different.
    In Portal, we can set the 'Allow Access to Azure Service' to 'yes' and then 'Deny Public Network Access' to 'yes'.

    In ARM, firstly 'Deny Public Network Access' is set and then if we try setting up 'Allow Access to Azure Service', it will give error as it is not allowed even from portal.

    Also the team tried below steps:

    1. Set Allow Access to Azure Services to Yes
    2. Connected from Azure VM successfully
    3. Set Deny Public Network Access to Yes
    4. Connection from Azure VM failed. (which is the right behavior)

    So as per them, if we enable 'Deny Public Network Access', we cannot connect without end private endpoints. PG is suggesting to open a support ticket to have a better look on your case.

    Could you please check again if the webapp is connecting without private endpoints before you raise any support ticket?