Common Connectivity Issues – Relational Databases in Azure

by Candis Perry Posted on

Common Connectivity Issues

There will be times when connectivity issues occur with a database. These issues can be related to network or firewall configuration, authentication timeouts, or transient fault errors related to Azure dynamically reconfiguring a database to meet heavy workloads. The following sections list common connectivity issues and how to troubleshoot them.

Network-related or Instance-specific Issues
The “A network-related or instance-specific error occurred while establishing a connection to your server” error message indicates that an application cannot find the database server it is trying to connect to. The most common methods for troubleshooting this issue are as follows:

  1. Making sure that TCP/IP is enabled as a client protocol on the application server. On servers that have SQL tools installed, such as a SQL Server on Azure VM, TCP/IP can be enabled by using the following steps in SQL Server Configuration Manager:
    a. Expand SQL Server Native Client Configuration and click on Client Protocols.
    b. Double-click TCP/IP and change Enabled from No to Yes.
    Application servers that do not have SQL tools installed can also be checked to see if TCP/IP is enabled by running the SQL Server Client Network utility (cliconfig.exe).
  2. Make sure that the connection string specifies the right port (1433 by default) and is using the fully qualified server name. An example of a fully qualified logical server name for Azure SQL Database would be dp900sql001.database.windows.net.
  3. Connection timeout can be the root cause for applications that are connecting over a slow network. This can be alleviated by increasing the connection timeout in SQL. The Microsoft recommended connection timeout is at least 30 seconds.

Firewall-related Issues

The “Cannot connect to server due to firewall issues” error message indicates that the the client application’s IP address is not whitelisted by the server-level or the database-level firewall. Add the IP address as a server-level or database-level firewall rule to alleviate this issue.

Keep in mind that if the database is hosted on an Azure SQL MI or is an Azure SQL Database that is using a private endpoint, then an application trying to communicate with the database will need to be able to communicate with the VNet the database is in. This would include the following applications:

  • Applications that are hosted in the same VNet as the database.
  • Applications that are hosted in a network that can communicate with the VNet hosting the database. This can be done through VNet peering, a VPN, or Azure ExpressRoute.
  • Applications that are allowed to communicate with resources in a VNet hosting a database through an NSG or Azure Firewall. More on network security rules in NSGs can be found at https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview.

Leave a Reply

Your email address will not be published. Required fields are marked *

All Rights Reserved 2024