I have a VNET configuration in Azure with the following subnet configuration
subnet1 - 10.16.1.0/24 - VM's
subnet2 - 10.16.2.0/24 - Database
subnet3 - 10.16.3.0/24 - PowerBI Access
subnet2 has Azure SQL server with firewall no public access
subnet3 has been enabled for PowerBI private endpoint as per steps here
https://learn.microsoft.com/en-us/power-bi/admin/service-security-private-links
I login to the VM download PowerBI desktop connect to the database create a report. I publish the report to PowerBI Service.
I am able to access the Azure SQL from PowerBI Desktop and from the VM using "Microsoft SQL Server Management Studio"
When I log in to PowerBI Service and provide credentials for the database access, I cannot access the database.
The error I am getting from powerBI service
Configure database
Failed to update data source credentials: Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes (https://learn.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access). To connect to this server, use the Private Endpoint from inside your virtual network (https://learn.microsoft.com/azure/sql-database/sql-database-private-endpoint-overview#how-to-set-up-private-link-for-azure-sql-database).
If I set
Deny Public Network Acces to No
and set
Allow Azure services and resources to access this server to Yes
Then I can connect to the database from any subscription using the private link, userid & password
With the setting
Deny Public Network Acces to No
Access from Azure Data Factory is not an issue, as I can create a privatelink to the database from ADF and use that connection.
Appreciate any help
How can I enable the connection from PowerBI Service
If you want to keep your settings on Azure SQL as private and not have to manage the firewall, you'll have to install an on-prem gateway to the VM.
I've also been trying to find another route as well, and since the Power BI service is in the cloud there's no way to have it join the private Azure VNET without have a gateway installed on a node that is inside of the network.
You can find the instructions here: https://learn.microsoft.com/en-us/power-bi/connect-data/service-gateway-onprem
Related
I have an Azure Synapse Workspace with SQL Server Dedicated Pool
and have Disabled the Public Network Access
and loaded data
I could fetch the data
and I have loaded the data into Power BI desktop application
and I have used "Direct Query"
I have published the Power BI Report from the VM
However, I am not able to open the Report or Dataset in Power BI Service
Failed to update data source credentials: Reason: An instance-specific
error occurred while establishing a connection to SQL Server.
Connection was denied since Deny Public Network Access is set to Yes
(https://docs.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access).
To connect to this server, use the Private Endpoint from inside your
virtual network
(https://docs.microsoft.com/azure/sql-database/sql-database-private-endpoint-overview#how-to-set-up-private-link-for-azure-sql-database).
as well as report is not loading in Azure Synapse
What should I do so that I can access the Power BI report on the Power BI service as well as on the Azure Synapse Studio without having to enable the "Public Network Access"?
Does your Synapse Warehouse have a private endpoint? (Assuming yes) There are two ways of approaching this. You can deploy a VM in the same VNet where you can install the on-premises data gateway, you might have to add some NSG rules for connectivity to fully work if it's a locked down VNet.
Alternatively, you can try VNet integration which lets you communicate with the Power BI service privately without the need of setting up the on-premises data gateway. That feature is in preview, however.
Then when your datasets are published, you just set the datasources to use your newly deployed gateway.
I deployed a web app on Azure App Services. When web app tries to connect to the Azure SQL Database connection failed.
I downloaded the event log from Kudu, I found the following error message:
Cannot open server 'servername' requested by the login. Client with IP
address '**************' is not allowed to access the server. To
enable access, use the Windows Azure Management Portal or run
sp_set_firewall_rule on the master database to create a firewall rule
for this IP address or address range. It may take up to five minutes
for this change to take effect..
On Azure portal I found how to set server firewall by adding a range of client IP addresses (with lower bound and upper bound) according your client IP address. For instance, if client IP address is 00.000.000.09 the range of IP addresses is: low bound (00.000.000.0) and upper bound (00.000.000.255).
I set the server firewall for the IP address assigned to my Azure App Services account and also for my local machine to connect to Azure SQL Database from SQL Server Management Studio. After setting firewall, I can connect to Azure SQL Database with SQL Server Management Studio. Unfortunately unable to connect from web app. When I download event log from Kudu I find the same message error.
Someone could help to solve that issue.
Thanks.
Go to your SQL Server in Azure Portal.
Go to "Firewall and Virtual Network".
Turn on "Allow Azure Service and resources to access this server".
Allowing Azure Service and resources to access this server may not be the correct approach. This may be a security issue in many cases. We have to create managed identity and assign to webapp or sql server where required.
I'm trying to build a webservice that talks to a SQL database hosted on a server in our internal network. The service is hosted by Azure as a Web App. Is there a good way of doing this? Do I have to use Azure Sql databases, and if I do, is there a way to have the Azure database act as a proxy for our internal database?
There are already rules permitting connections to the ports on our database server, so I don't think that's the problem. I see a lot of questions regarding connecting to Azure hosted sql databases, but nothing about connecting Azure web apps to other kinds of databases.
The error occurs when I try to call a stored procedure (via generated entity framework code) and is as follows:
Error occurred: System.Data.Entity.Core.EntityException: The underlying provider failed on Open. ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections.
Our database is configured to allow remote connections, so what I'm guessing the Web App is having difficulty connecting to our vpn.
Please let me know if you need any additional information.
Thanks,
Josh
You can leverage Azure Hybrid Connections which is a feature of App service. Within App Service, Hybrid Connections can be used to access application resources in other networks. It provides access from your app to an application endpoint and uses Azure Relay service to connect to on-premise.
Check out the below link for more details :
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
First option is to look on azure app service hybrid connection but for you to do that you should have Windows server 2012 or above.
Azure App Service Hybrid
Azure App Service hybrid connection is good if you are pulling small amount of data.
If you are pulling large amount of data or your SQL server version is below server 2012 you have two options:
Azure Site to Site VPN
Azure SQL Data Sync
Azure SQL DB Sync is a feature that available on Azure SQL database. You can create a Azure SQL database on azure and sync your on-premise SQL database or SQL database table to Azure SQL database and you can connect your application to Azure SQL database instead of connecting to on-premise database server. This will increase your performance of your application.
We ended up adding the application to an Azure Virtual network that allowed connections to our on-prem servers. The remaining difficulties were due the wrong port numbers being open.
What was very helpful in debugging this was the Kudu console in Azure, under Advanced tools -> console. There you can run commands from the machine hosting your application like ping, or the below:
sqlcmd -S tcp:servername,1433 -U Username -d databasename -P password -q "SELECT * FROM tablename"
I am trying to connect to an on-premises SQL Server from my API which i have deployed to Azure App Service. I have established a Azure Hybrid Connection to connect between on-premises SQL and Azure. I created a connection string which included username and password as that of a local login i created in the On-Premises server. This is allowing me to connect.
Connection String:
Data Source=;Initial Catalog=;User=;Password=;MultipleActiveResultSets=True
However i want to connect to the server using windows authentication. My System account has access on the server, but when using connection string as -
Data Source=;Initial Catalog=;Integrated Security=SSPI;User=;Password=;
Or
Data Source=;Initial Catalog=;Integrated Security=SSPI;
It is giving error as
"Login failed. The login is from an untrusted domain and cannot be
used with Windows authentication."
Please suggest how to use windows mode of authentication while forming connection string to the on-premises SQL Server from Azure App Service.
Azure Hybrid Connection does not appear to support Active Directory and hence Windows Authentication will not work. See note about sql auth being required in Official MS documentation.
https://learn.microsoft.com/en-us/azure/biztalk-services/integration-hybrid-connection-overview
Also, look at the following SO question where one of the answers details common issues faced this setup:
C# web app not connecting to on premise SQL Server through Azure hybrid Connection
You are unlikely to get around this, especially if you are hosting your app as a web app.
I have my api running on Azure and it is working perfect if it is connected to Azure SQL database.
I want this api to use my local database i.e on-premises database. I made my database to accept connection from remote and also enabled TCP/IP in wf.msc and also created an inbound rule for 1433. Is there anything i had to do to make this work? I tried to use the following connection string in azure :
ASP.Net core 2.0 web api written in C# hosted on azure and trying to access the sqlserver database on the Virtual Machine.
I tried as mentioned in the following to create hybrid connection but the status keeps saying 'Not Connected'
https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections
Server=tcp:<mycomputername>,1433;Initial Catalog=MyDb;Persist Security Info=False;User ID=userid;Password=pwd;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
If your On-Prem SQL VM is behind firewall, you need to allow inbound from Azure. Usually you poke a hole in your On-Prem firewall and allow inbound from your Azure (source) to your On-Prem SQL server (Destination) on a particular port.