Error whilst attempting to connect to a SQL server database using a point to site vpn and DNS A record

MrFlinstone 536 Reputation points
2022-07-19T22:44:52.943+00:00

Hi

I have got a point to site VPN configured, the SQL server database is a PaaS offering, public access has been disabled and a private link configured. The private link has a uri of

my_sql_server.privatelink.database.windows.net

When the P2S VPN is connected, I can connect to the SQL server using SQL login and Azure AD + MFA.

The issue I have here is that I have created a private DNS zone, configured a DNS forwarder and the private DNS zone is called

systems.internal.

I then created an A record for the database server my_sql_server.systems.internal, this points to the local IP address in my spoke vnet.

I get the error below when trying to connect remotely using a P2S VPN, if I untick the encrypt connection and trust server certificate.

TITLE: Connect to Server  
------------------------------  
  
Cannot connect to my_sql_server.systems.internal  
  
------------------------------  
ADDITIONAL INFORMATION:  
  
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)  
  
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=-2146893022&LinkId=20476  
  
------------------------------  
  
The target principal name is incorrect  
  
BUTTONS:     
OK  

If trust server certificate is ticked, I get the error.

TITLE: Connect to Server

Cannot connect to my_sql_server.systems.internal.

------------------------------

ADDITIONAL INFORMATION:

Cannot open server "my_sql_server.systems.internal" requested by the login. The login failed. (Microsoft SQL Server, Error: 40532)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=40532&LinkId=20476

BUTTONS:
OK

If I connect using a SQL server login, the only way it works for is to use the username in the format
sql_login@my_sql_server.database.windows.net

untick the encrypt connection and trust server certificate.

Azure SQL Database
Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
662 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
501 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Herald Sison 0 Reputation points
    2023-02-28T13:04:34.2466667+00:00

    has this been resolved? i have the same issue. but mine is when i use a connection string in visual studio i get this error but when i use SSMS to connect to the database everything is fine. i am confused now.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.