Share via

Terraform API Management Fails

Weatherburn, Guy (Contractor) 21 Reputation points
2021-05-25T13:54:24.29+00:00

When I use Terraform to provision an API Management instance I get the following error:

azurerm_api_management.API-Management-001-apim: Still creating... [37m30s elapsed]

│ Error: waiting for creation/update of API Management Service "Guys-POC-DEV-1-00-001-apim-001" (Resource Group "Guys-POC-DEV-1.00-001-rg"): Future#WaitForCompletion: the number of retries has been exceeded: StatusCode=400 -- Original Error: Code="ActivationFailed" Message="API Management service uses Azure SQL Server internally to store configuration for your service.\nThe service deployment failed to connect to an Azure SQL Server on port 1433 from inside the Virtual Network. \n 1. Please ensure an Azure SQL Server DNS can be resolved, if using a Custom DNS Server.\n2. Please ensure that there is no NSG / Firewall blocking outbound port access on 1433 from the Virtual Network subnet where deployment is being attempted.\nPlease review other common network configuration and troubleshooting information at https://aka.ms/apim-vnet-common-issues"

│ with azurerm_api_management.API-Management-001-apim,
│ on API-Management-001.tf line 13, in resource "azurerm_api_management" "API-Management-001-apim":
│ 13: resource "azurerm_api_management" "API-Management-001-apim" {

It appears to be trying to connect to an SQL resource but I find no requirement for this anywhere. The Microsoft.SQL endpoint is set for the Subnet and The VNet is configure to let out port 1443. Am I missing something?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,446 questions
Accepted answer
  1. MayankBargali-MSFT 70,936 Reputation points Moderator
    2021-05-26T04:12:10.08+00:00

    Hi @Weatherburn, Guy (Contractor)

    Welcome to Microsoft Q&A! Thanks for posting the question.

    As per the error looks like the outbound 1433 port is blocked. There are a couple of NSG rules that are required for APIM to be deployed and function correctly in a VNET as mentioned in this document. You need to add the rule as mentioned in the document to ensure there are no issues when trying to connect to SQL endpoints.

    Source Port: *
    Destination Port:1433
    Protocol: TCP
    Source Service Tag:Virtual Network
    Destination Service Tag: SQL

    99712-image.png

    If you are using a custom DNS server in a VNET then we recommend you remove the Azure Default DNS server from the list and instead configure Query forwarding on your custom DNS servers to send queries to the Azure Default DNS server. The reason that we recommend this is due to the fact that the DNS servers on the VNET are cycled through so if the Azure Default DNS server gets selected on the rotation it will not be able to resolve any custom DNS entries that you have added to your custom DNS servers. More information on this topic can be found in this document.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.