Azure Synapse Private Endpoints TrustFailure SSL/TLS secure channel

Question

I am trying to connect from a client in vnet A to a Synapse Workspace and storage account in vnet b using private endpoints.

All traffic between the two vnets is routed via a third party firewall. The firewall allows all traffic:

If I try to open Synapse Studio I receive an error 'Failed to load'. When I run the the Powershell Script provided by Microsoft to test the connection, I receive a TrustFailure on the 'dev' and 'sqlondemand' private endpoints:

Does someone know what causes this problem and how I can fix it?

I tried:

Allowing any applications on the firewall rules
Allowing Azure services and resources to access workspace on network settings of Synapse Workspace
tweaking network settings of the workspace instance

I would probably troubleshoot the certificate as shared in this article. My wild guess is that your firewall may be decrypting and reencrypting the traffic. https://kinsta.com/knowledgebase/could-not-establish-trust-relationship-for-the-ssl-tls-secure-channel-with-authority/ — GregGalloway, Nov 24 '22 at 16:50
Can you also do a nslookup on all the DNS names which are failing and add to your post? If they don’t resolve to the private IPs then you might check the Private DNS Zone has a VNET link to VNET a. — GregGalloway, Nov 24 '22 at 16:53

score 0 · Accepted Answer · edited Nov 25 '22 at 13:42

0

Thank you GregGalloway for your guidance in the comments; the DNS records were wrongly configured. The 'dev' FQDN resolved to the 'sqlondemand' private ip and vice versa. After correcting this, the errors disappeared.

edited Nov 25 '22 at 13:42

Jeff Schaller

2,352
5
23
38

answered Nov 25 '22 at 09:54

Bakkie103

47
6

Azure Synapse Private Endpoints TrustFailure SSL/TLS secure channel

1 Answers1