0

Error code in APIM in external vnet mode:

Connection to https://dc.services.visualstudio.com/v2/track failed with WebException: 
NameResolutionFailure: The remote name could not be resolved: 'dc.services.visualstudio.com'

NSG in place that blocks outbound traffic, but excludes the common APIM resources (keyvault, storage, AzureMonitor, SQL)

Tried to add

  • Port 53 open (DNS)
  • ActionGroup ServiceTag
  • AzureLoadBalancer
  • ApplicationInsightsAvailability

Update:

  • Azure Default DNS in use on the VNET
  • No NAT Gateway
  • No Route table used
Erik Oppedijk
  • 3,496
  • 4
  • 31
  • 42

2 Answers2

1

From the error message it indicates that your custom DNS server not able to resolve dc.services.visualstudio.com. Can you please ensure this hostname dc.services.visualstudio.com can be resolved by your custom DNS server. APIM uses this hostname to send requests to application insights. Details can be found in https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet

enter image description here

You can configure DNS forwarder to Azure DNS so that Azure resources can be resolved. Details about DNS forwarder to Azure DNS can be found below  https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-that-uses-your-own-dns-server

JananiRamesh-MSFT
  • 111
  • 2
  • Thanks, I'll look into it, but I don't think we are using a custom DNS, we use the Default (Azure-provided) in that subnet – Erik Oppedijk Nov 21 '22 at 12:24
  • 1
    deploy a VM in same VNET where the APIM instance is deployed and try resolving the endpoint nslookup dc.services.visualstudio.com from that VM see if you're able to resolve it successfully – JananiRamesh-MSFT Nov 21 '22 at 17:03
0

Resolved it, the error was due to a private link/private DNS zone error not being set correctly.

(privatelink.monitor.azure.com)

Erik Oppedijk
  • 3,496
  • 4
  • 31
  • 42