I have created a Private Endpoint but I am still unable to connect from VMs on the same subnet using SSMS.
The error returned is
Cannot connect to dbserver.database.windows.net.
===================================
Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes (https://docs.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access). To connect to this server, use the Private Endpoint from inside your virtual network (https://docs.microsoft.com/azure/sql-database/sql-database-private-endpoint-overview#how-to-set-up-private-link-for-azure-sql-database). (.Net SqlClient Data Provider)
I have substituted my servername with 'dbserver'
I saw someone else had the same problem and the issue in that case was that there was no Virtual Network link between the Private DNS Zone and the virtual network. However, I have confirmed that this is in place and it looks correct.
I have also confirmed that the DNS servers for the VMs are those for the Private DNS Zone.
In the private DNS Zone there is a record for 'dbserver' and this is the address for the Private Endpoint nic. When I do nslookup dbserver.database.windows.net it returns the address of the West Europe SQL Gateway. I suspect this is wrong?
I am testing with 'Trust Server Certificate' checked, and 'Encrypt Connection' unchecked as having this turned on brings additional errors.
When I test just with the IP I get login failed, but I suspect this isn't the problem as when I test with Public access enabled it works fine.
