1

I'm trying to connect an application in Azure to my Azure DB for MySQL. I have created a private endpoint to it which was approved. However, while trying to connect to the DB, their team is getting the following error:

Client from Interface Endpoint is not allowed to access the server. Please make sure your Virtual Network is correctly configured. (SQL state 28000)

Could you help me understand what this error means? I can't find anything similar on the internet.

Points to be noted:

  1. We have to Deny Public Network Access so "Allow Access to Azure services" is not an option to follow.
  2. All connections to the database have to go through the Private endpoint.
Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
AzNerd
  • 21
  • 5

2 Answers2

1

Have you added the Client IP in Network Firewall.

If you disable allow access to all Azure resources then you will have to explicitly add the IP of user who will be accessing the Azure DB.

In the Azure DB, you will see following options, you need to select firewall option and then add firewall so that that particular IP can be bypassed.

enter image description here

More details can be found here

Pratik Somaiya
  • 695
  • 5
  • 18
  • I was under the assumption that Firewall rules can only be added if the "Deny public network access" is set to "No". Is that not the case? The guidance from our security team is to use Private endpoint for DBs. – AzNerd Jan 25 '21 at 07:20
  • If you turn Off Allow All Azure Services, then you will have to specify the IP range for all Azure components that will interact with your Database, for example if your ADF wants to access the DB for source/sink purpose then you will have to add the IP for ADF mentioned in Microsoft Docs for the region of ADF that you are using – Pratik Somaiya Jan 25 '21 at 07:34
  • Hi @Amrita : If my response helped you, can you please mark it as an answer so that we can have others from community to benefit from it :). Thanks ! – Pratik Somaiya Jan 25 '21 at 07:43
1

We were able to resolve the issue. Apparently, the configuration we did was correct, but the other application team gave the wrong username and password in the JDBC connection string. I feel silly posting about this now. Thank you for all your help.

AzNerd
  • 21
  • 5