I didn't want to comment on a similar issue which has already been covered on How to give access to Azure-sql server over p2s vpn for developers, I am essentially following on from that.
I have got point to site VPN configured. I can access SQL Server using the IP address from the virtual network when using SQL Server authentication.
I do have a private endpoint configured using a more friendly name mydb.privatelink.database.windows.net. The problem here is that using this with Azure AD authentication means that it is trying to use my public IP which isn't allowed on the SQL Server firewall and disregarding my P2S VPN connection.
I got SQL login working using the tips in the link above, however what I want to get working is Azure AD with MFA. If I use the vnet IP address which works for SQL Server authentication, and select Azure AD authentication with MFA, I get the error
Cannot open server "10.1.1.x" requested by the login. The login failed. Microsoft SQL server Error 40532.
One of my objectives is to provide connectivity to SQL Server without having to allow the public IP address of several users.
Cannot open server "10.1.1.x" requested by the login. The login failed. Microsoft SQL server Error 40532
To solve the above error, you should follow your username with '#servername' (where Servername is the name of your SQL server).
In "Firewalls and virtual networks" of your SQL server, if you marked "Deny public network access" to yes then you will not be able to access the public IP Address, so set it to No to access public IP Address.
For more details on the above, kindly refer to the below documentation link given: -
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql#deny-public-network-access
I had the exactly same problem and I've found a solution for that: you need to update the host file (C:\Windows\System32\drivers\etc) and add an try with your private endpoint IP and the database host name. This way, the authentication using MFA will work fine and you don't need to add your local IP to the database firewall, since it will be using the VPN connection. Example to add to the host file:
10.2.0.8 prismhcmdev.database.windows.net
Related
I have created Sql database from Azure using my subscription. I copied the connection string supplied with my credentials correctly into my code and it work in visual studio but when I deployed to my hosting server for my website it displays connection error. I have set IP range to accept all IP yet not working.
By default, (when you create a new DB), Azure blocks ALL traffic to your database. In order to allow traffic to your database either you need to whitelist all the IP address or the best suggestion in your case is to enable 'Allow access to Azure Services' on the SQL Server settings. Find more details here
I'm facing the issue while creating a azure database in the local machine by sql server 2012 ,
this is my error:
TITLE: Connect to Server
Cannot connect to tcp:ServerName.database.windows.net.
ADDITIONAL INFORMATION:
Login failed for user 'UserName'.
This session has been assigned a tracing ID of '041a1130-65a5-4ad6-91c0-02ff3b4fbca5'. Provide this tracing ID to customer support when you need assistance. (Microsoft SQL Server, Error: 18456)
The issue is occurring might be due to following the following, I have specified how to overcome against each issue:
Check if your IP is added in the firewall, if not refer to http://msdn.microsoft.com/en-us/library/azure/jj553530.aspx
Check if you have configured the wrong IP in Azure Firewall. Try opening SQL Azure Management Studio online http://msdn.microsoft.com/en-us/library/azure/ee621784.aspx#WinAzMgtPort where it asks you to add the IP in firewall.
If above is not working then check if the user credentials is correct, if you forgot the credentials then resetting it might help.
I just created a new SQL Server 2014 VM from Windows Azure gallery. I did remote login into VM , on trying to login into DB with Windows Authentication mode, I get below error:
Login failed for user 'dbserver\dba1'. (.Net SqlClient Data Provider)
Are there any specific steps, which I have to follow for new SQL Server DB login to work properly?
P.S. I have opened port 1433 into windows firewall, it did not help, althoug that should not be required for logging in directly from VM.
I guess Azure VM is not joined to domain. This means that only SQL authentication will work against this SQL Server instance. You might need to do the following:
Enable Mixed authentication on the SQL Server
Add a user mapped to SA role (or enable SA and set its password, but having separate user is better)
Open port 1433 (you did this already)
Make sure SQL is listening on this port (should be already)
In case you connecting outside of the same Azure Cloud Service - make sure you have endpoint created for the VM. Highly recommended to use port different from 1433 as the endpoint public port.
Don't forget to specify port if it is not standard, SQL connection string expects comma for it (i.e. myvmpublicname.cloudapp.net,12345)
You can check this article for more details
I was getting connection inside the VM using MSSQL Server, but not from outside. After reading some comments, I found that I needed to add a specific port for outgoing traffic and added that port at Azure firewall:
Here are the steps to check is it working for you or not:
Start Sql Server configuration Manager
Click on your Server name
Click SQL Server network config
Click on protocols
Click on TCP/IP
At the end of tcp/IP range set your port, I set 1433.
Please restart SQL Database.
Now open port at Azure management portal. And conntect through SQL tools or other services.
And also remember to open windows firewall.
It most likely installed another windows user as the admin for the SQL Database. If you know what that user is, login as them.
Otherwise, did you manage to set up the SQL in mixed mode and have an sa password. If so, login with that then add the Windows Account.
If not, try Forgot SQL Server Password to reset the sa password and get access that way.
I have an SQL Azure database and Azure Virtual Machine with an application connecting to the database.
They are in the same datacenter and under the same Azure
subscription.
I added public virtual IP of the virtual machine to the list of
allowed IP addresses in the server configure page of management
portal.
Windows Azure Services are marked "Yes" in the "Allowed Services"
section.
When trying to connect, I receive exception: "Client with IP address 'x.x.x.x' is not allowed to access the server.", where x.x.x.x is the internal IP of the VM. I am hesitant to use internal IP in an allowed IP rule. Shouldn't SQL Azure see public IP of the VM during connection?
I am hesitant to use internal IP in an allowed IP rule. Shouldn't SQL
Azure see public IP of the VM during connection?
The calls are being made through the internal network so never actually leave the data centre. Why not add a rule as follows to only allow internal calls by opening the following IP range on the Azure Database:
10.0.0.0 to 10.0.0.255
In the above case you don't need to worry about a transient IP on your VM.
Perhaps try looking at the azure cmdlets that allow you to manage firewall rules by script. You could add a start up job to update a specific rule with the new IP the vm should it change do to a migration or reboot.
Specificially these powershell cmdlets:
New-SqlAzureFirewallRule - Adds a new Sql Azure firewall rule to a
server.
Get-SqlAzureFirewallRules - Returns the firewall rules for
the specified Sql Azure server.
Remove-SqlAzureFirewallRule -
Removes an existing Sql Azure fireall rule.
Sql Azure Cmdlets
I was supposed to set up a localhost for a user. But it turned out that the website is on an SQL server and not MySQL.
I installed wamp and the website runs fine. But wherever there is a database connection, it tries to connect to the remote server, which doesn't give access. I have some visual studio and configuration files and what not. And I am clueless about what to do.
The website on the localhost tries to connect to the remote server, but i get this message:
"Could not connect. Array ([0] = ... Login failed for user '####'... cannot open server '########' requested by client. client with ##### IP is not allowed to access this server. To enable access, use the SQL Azure Portal or run sp_set_firewall_rule on master database..
I also have this bit of code in the connection file, that i think shows that the database is hosted on this website:
$srver = "http://########.cloudapp.net/";
Any help will be appreciated!
When you configure SQL Azure, you can specify what the allowed IP addresses are. As the error message indicates, the requesting IP is not authorized to access that database.
How to: Configure the SQL Azure Firewall
SQL Azure Firewall