question

AbdelrahmanELGAMAL avatar image
0 Votes"
AbdelrahmanELGAMAL asked SaiKishor-MSFT commented

Connecting two azure ressources in two different regions

Hello,
I need to use two Azure resources in two different regions.
I have an App service which is in the WE region for which I would like it to connect to an Azure SQL database which is in the NE region.

I have made many attempts to connect via the 'private end point' without success.

Example:

When I ping the FQDN of my private EndPoint, I have a KO:
tcpping observabilitedevsrv.privatelink.database.windows.net:1433
Connection attempt failed: No such host is known

However when I ping the IP it gives me an OK:
Connected to 172.16.101.4:1433, time taken: 46ms

Regarding the connection string in my app, contains the FQDN of my private link in the data source = MyDB.privatelink.database.windows.net


Can you please help me ?

azure-private-linkazure-webapps-vnet
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaiKishor-MSFT avatar image
1 Vote"
SaiKishor-MSFT answered AbdelrahmanELGAMAL commented

@AbdelrahmanELGAMAL-3271 Thank you for reaching out to Microsoft Q&A.

Can you confirm what DNS server your App server is using? As given here in Azure Private Endpoint DNS configuration document:

It's important to correctly configure your DNS settings to resolve the private endpoint IP address to the fully qualified domain name (FQDN) of the connection string.

Existing Microsoft Azure services might already have a DNS configuration for a public endpoint. This configuration must be overridden to connect using your private endpoint.

The network interface associated with the private endpoint contains the information to configure your DNS. The network interface information includes FQDN and private IP addresses for your private link resource.

You can use the following options to configure your DNS settings for private endpoints:

  1. Use the host file (only recommended for testing). You can use the host file on a virtual machine to override the DNS.

  2. Use a private DNS zone. You can use private DNS zones to override the DNS resolution for a private endpoint. A private DNS zone can be linked to your virtual network to resolve specific domains.

  3. Use your DNS forwarder (optional). You can use your DNS forwarder to override the DNS resolution for a private link resource. Create a DNS forwarding rule to use a private DNS zone on your DNS server hosted in a virtual network.


Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @SaiKishor-MSFT v. much for your anwser. but unfortunaitly I still not work:

Here you are my AppService configuration that I over loaded with Azure DNS : https://ibb.co/bWFtNrG

I tried to reconfigure the WEBSITE_DNS_SERVER with the private IP in the network interface (172.16.101.4). Note that the DNS servers in my Network interface inherits from my VNet ( not custom)

Point 1 // KO :
Note : I uses an AppService and not VM which has a hosts file is not accissible or editable
Point 2 // KO :
The virtual Network Link failed to be created : Failed to create virtual network link 'linkVNet'. Error: A virtual network can only be linked to 1 Private DNS zone(s) with auto-registration enabled; conflicting Private DNS zone is 'observabilité/providers/microsoft.network/privatednszones/privatelink.azurewebsites.net'.
Point 3 // KO :
I added the Peering on my Vnet in WE region to be attached to the other Vnet in NE region , but still not work.





0 Votes 0 ·
AbdelrahmanELGAMAL avatar image
1 Vote"
AbdelrahmanELGAMAL answered SaiKishor-MSFT commented

I finally found the solution after many hours of KO :

I changed the value of WEBSITE_VNET_ROUTE_ALL of my AppService configuration to be "0"
I "Enabled" the Route All flag in the VNet configured to my AppService.

That is All,

Thanks another time @SaiKishor-MSFT

Have a good day,

Regards,
Abdelrahman ELGAMAL

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.