Re: Private Endpoint not resolved using Private Li...

amien · ‎08-27-2024

I have the following setup;

Subscription 1: contains an Azure SQL

Subscription 2: contains private link to Azure SQL. In this subscription i have a VM and on that VM the private link is working.

Now i want to use app.powerbi.com and setup a VM data gateway. However, when creating the connection, it doesn't work. It tried to connect over the public route and not the private route. This is strange, because for the VM it works. The VM and the Data Gateway are in a different subnet (becauser of the delegation) but within the same VNET

What i'm i missing? Do i need to have a Private DNS resolver?

psap · ‎12-18-2024

I experience the same problem. I have a vnet data gateway in subnet A, and a private endpoint in subnet B. Both subnets are in the same VNET. The required DNS records for the private endpoint has been correctly set up. We have been using the private endpoint for years in our apps.

The VNET data gateway has a "troubleshoot network" experience in de Power BI UI, and testing the connection to my Azure SQL (FQDN: <sql-server-name>.database.windows.net) succeeds on port 1433. It finds the "privatelink" CNAME and resolves to the correct private IP of the private endpoint's NIC.

Nonetheless, when refreshing reports we get an error saying "Connection was denied since Deny Public Network Access is set to Yes. To connect to this server, use the Private Endpoint from inside your virtual network", indicating that the connection was made to the public endpoint. It's as if the FQDN <sql-server-name>.database.windows.net did not resolve to the private endpoint when setting up the connection (not respecting private DNS?) but to the public endpoint instead....

psap · ‎12-18-2024

I experience the same problem. I have a vnet data gateway in subnet A, and a private endpoint in subnet B. Both subnets are in the same VNET. The required DNS records for the private endpoint has been correctly set up. We have been using the private endpoint for years in our apps.

The VNET data gateway has a "troubleshoot network" experience in de Power BI UI, and testing the connection to my Azure SQL (FQDN: <sql-server-name>.database.windows.net) succeeds on port 1433. It finds the "privatelink" CNAME and resolves to the correct private IP of the private endpoint's NIC.

Nonetheless, when refreshing reports we get an error saying "Connection was denied since Deny Public Network Access is set to Yes. To connect to this server, use the Private Endpoint from inside your virtual network", indicating that the connection was made to the public endpoint. It's as if the FQDN <sql-server-name>.database.windows.net did not resolve to the private endpoint when setting up the connection (not respecting private DNS?) but to the public endpoint instead....

amien · ‎08-28-2024

Hi,

I'm not using VNET peering, i'm using private link to another Azure tenant. This all works when i connect from a VM using the private link. But not using Virtual data network gateway

Anonymous · ‎08-28-2024

Hi @amien ,

Clients can connect to a private endpoint from the same virtual network, from a peer-to-peer interconnected virtual network in the same region, or through a cross-region virtual network. In addition, clients can connect locally using ExpressRoute, private peering, or VPN tunnels. The following simplified diagram shows common use cases.

First, please refer to the official documentation below to ensure that the Virtual Network Data Gateway is created and used correctly. Also, make sure that your Azure VNet region is in a supported region.
Create virtual network (VNet) data gateways | Microsoft Learn
Use virtual network data gateway and data sources in Power BI | Microsoft Learn

The detailed steps for creating a dedicated endpoint in Azure SQL are as follows:

In the Azure portal, browse to an Azure SQL Server (not an individual SQL Database)
Under the Security section, select Networking sub-section
Click the Private Access tab
Click + Private Endpoint to create a new private endpoint
On the Basics tab, enter the following information:
- Select a Resource Group or create a new one
- Provide a name E.G. dhsqlprivateendpoint
- Select the appropriate region E.G. UK South
On the Resource tab, ensure the following property is set:
- Target Sub-Resource: sqlServer
On the Virtual Network tab, enter the following information:
- Virtual Network: Select the VNet created in the first step
- Subnet: The default subnet should be automatically selected
On the DNS tab, ensure the following property is set:
- Integrate With Private DNS Zone: Yes
Click Review & Create