I receive this error since this morning, new v12 updated server / Azure SQL Database:
TLS Handshake failed: x509: certificate is valid for
tr12.northcentralus1-a.worker.database.windows.net,
*.tr12.northcentralus1-a.worker.database.windows.net, not [server-name].database.windows.net
Locally I have no problem connecting to the Azure SQL database. On Azure Web App the connection cannot be established.
Same connection string as local - was working fine before v12 update.
I'm using this SQL driver github.com/denisenkom/go-mssqldb/
Any pointer, don't believe I should change the connection string? Why it's working on local and not on Azure web app.
Edit 1: Just tried to replace [server-name].database.windows.net with the tr12... but tcp connection cannot be established.
Edit 2: Here's the connection string if it can help, bottom line, why it's working locally, same driver package version, I'm building executable locally and deploying via FTP, so not using Kudo deployment for this app. Was working A1 until Azure auto-upgraded to v12.
Server=[server-name].database.windows.net;Port=1433;Database=[dbname];User
ID=[user];Password=[pass];Trusted_Connection=False;Encrypt=True;Connection
Timeout=30;
Should trusted connection be true? or Encryption false? Will try changing those to see....
Edit 3: I've look at the connection string from Azure portal, and v12 seems to have this new parameters: TrustServerCertificate=False but no chance, did not fixed the issue
Based on this closed issue I changed TrustServerCertificate from False to True and added this parameter hostNameInCertificate to the connection string and it is working now:
https://github.com/denisenkom/go-mssqldb/issues/55
TrustServerCertificate=True;hostNameInCertificate=*.database.windows.net;
Azure portal suggests to have TrustServerCertificate=False and no hostNameInCertificate.
Related
Problem:
We have a .NET Core Web API that we have just deployed as an Azure Web App. Testing locally everything works fine, however we are unable to connect to our DB from the deployed API in Azure.
From Application Insights I can see we are getting the following error:
Microsoft.Data.SqlClient.SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible.
Our setup:
We have our connection string included in appsettings.json
"ConnectionStrings": {
"DefaultConnection": "Data Source=<source>.com,<port>;Initial Catalog=<db>;User ID=<username>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;"
},
We know our API is using this connections string because we can see in Application Insights that there is a timeout connecting to the db specified in that exact connection string.
We do not have access to DB configuration as we have read only access granted to us from a third party. We can connect via SSMS/Azure Data Studio and when testing our Web API locally (which makes us think the connection string is correct).
Other Posts we have Referenced:
Connection String in Azure Web App Configuration - I have tried including and not including our connection string from the Azure App Service Configuration - neither changed that we got a timeout and subsequent 500 error.
Include Connection String in appsettings.json - We have our connection string included in appsettings.json and testing locally, we can connect to the db without issue.
Improperly Formatted Connection String - The connection string works when testing locally, so we do not believe it to be an issue with the formatting of the connection string. Additionally, because Application Insights says that there is a timeout connecting to the DB specified in the connection string, it appears to be using the connection string we are providing.
Any ideas as to what might be going on here and how we can connect to the DB would be greatly appreciated.
In this case, we needed to request that the third party whitelist our Azure Web Apps Outbound IP's.
Your Azure Web App Outbound IP's can be located in a number of ways.
Via Azure Portal
Web Apps > Your Web App > Under "Settings" go to Networking > Outbound Addresses
Via Azure CLI
az webapp show -n yourwebappname -g yourresoucegroup --query "outboundIpAddresses"
I've built a Windows container with my app inside and ran it locally. The app in the container connects to an Azure SQL Database, using the domain name from the connection string. SQL Server is configured to accept clients from any IP and from Azure Services.
Everything works fine locally. But when I run my container in Azure Container Instances, I get the following standard error:
A network-related or
instance-specific error occurred while establishing a connection to SQL
Server. The server was not found or was not accessible. Verify that the
instance name is correct and that SQL Server is configured to allow remote
connections. (provider: TCP Provider, error: 0 - A connection attempt failed
because the connected party did not properly respond after a period of time,
or established connection failed because connected host has failed to
respond.)
You need to create a managed identity https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity and grant that identity permission to the SQL database.
You can then use the Microsoft.Azure.Services.AppAuthentication library to get an access token and use it during authentication. This is only available in dotnetcore 2.2 and .net 4.6 and above.
string connectionString = "Data Source=<AZURE-SQL-SERVERNAME>; Initial Catalog=<DATABASE>;";
SqlConnection conn = new SqlConnection(connectionString);
conn.AccessToken = (new AzureServiceTokenProvider()).GetAccessTokenAsync("https://database.windows.net/").Result;
conn.Open();
More info can be found in the below links. None of them are explicitly for ACI but it should be basically the same from a code perspective once you have created the MSI.
https://learn.microsoft.com/en-us/azure/key-vault/service-to-service-authentication
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql
https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
I've experienced a similar issue with a Windows container in ACI trying to connect to an Azure SQL database. For some reason, DNS was not working inside the container. I could not resolve any public DNS names. Inside the container, DNS was pointed to a 10.x.x.x address. I never set this as part of the image build so I assume ACI is setting this as part of DHCP.
To fix this I ran the following as part of my PowerShell entrypoint script:
$nic = Get-NetAdapter
Set-DnsClientServerAddress -InterfaceIndex $nic.IfIndex -ServerAddresses ('1.1.1.1','8.8.8.8')
Requirement
I have an On-Premise SQL Server and an Azure webApp Service that needs to talk each other. I installed Hybrid Connection Manager on another computer which is in the same LAN as the SQL server. Let's refer this computer as the Connection PC.
The working part
Installation and configuration was straight forward, status of the hybrid connection showing as connected.
Tested the WebApp on localhost, it worked fine. Which means nothing wrong with the asp.net code
SSMS on the connection PC can access and query SQL DB
I installed a test SQL DB on the connection PC itself and use the WebApp to talk to the test DB instead, It worked fine.
The Problem
After tested ok on localhost, I published ASP.Net WebApp to Azure, it gave following error:
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)
troubleshoot attempt
Does that mean Hybrid Connection manager has to be installed on the same computer that runs SQL Server?
I did attempt to install HCM on the SQL Server, but it says it cannot work with Win2008R2. The connection PC has win2012 on it. So it can have HCM.
I just do not have time to migrate the SQL Server to another server. So I hope HCM does not have to be on SQL server.
Connection String
In my webapp, the connection string is as follows.
connectionString="metadata=res:///ScaleDataModel.csdl|res:///ScaleDataModel.ssdl|res://*/ScaleDataModel.msl;provider=System.Data.SqlClient;provider connection string="data source=WIN2008R2\DataPlus;initial catalog=DataPlus;persist security info=True;user id=test;password=testpass;multipleactiveresultsets=True;application name=EntityFramework"" providerName="System.Data.EntityClient"
Hybrid Connection communicates via TCP ports thus you need to specify the listening static port in your connection string like:
Data source=ServerName:Port;
Also here is an actually detailed article about the all problems you may encounter while working with Hybrid Connections.
Hope this helped you.
Since you have a hybrid connection, your connection string should have the endpoint name of your hybrid connection as the data source. Try replacing it.
I'm in the Azure Portal UI attempting to connect our new Azure Search service to our SQL Server on our Azure VM. The UI very simply asks me for a connection string, a username and password. I started by using the exact connection string that is used in all our .Net config files, with which there is no issue connecting. No matter how I tweak the connection string based on many threads I've read here at S/O (set Encrypt to False, set TrustServerCertificate to True) I get this error testing the connection:
"A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.) Learn more about connecting to Azure SQL VMs, http://go.microsoft.com/fwlink/?LinkID=826562"
I must admit that the info in that MS link is like a foreign language to me. As none of those steps have ever been required for me to connect to this SQL Server, I continued my research which lead me to all the different aforementioned tweaks to the connection string.
As none of these tweaks worked, it seems the answer truly lies in that MS article - would someone be able to provide a step-by-step as I am completely new to certificates.
I'd also still fail to understand why I have no issues connecting to this SQL Server from any other app/service/util and only get this error here, but if it works it works and I won't complain!
The basic issue here is that your SQL Server must have a certificate issued by a trusted certificate authority, not a self-signed cert typically used in intranet apps. I suspect the connection strings worked in other apps because they either don't use encryption or trust self-signed certs (that's what TrustServerCertificate setting does).
Please follow the directions in the article you linked - that's the most authoritative step-by-step guide I'm aware of.
Alternatively, if you don't want to configure certificate and ports, you can consider using Azure Data Factory to push data to Azure Search.
I receive this error since this morning, new v12 updated server / Azure SQL Database:
TLS Handshake failed: x509: certificate is valid for
tr12.northcentralus1-a.worker.database.windows.net,
*.tr12.northcentralus1-a.worker.database.windows.net, not [server-name].database.windows.net
Locally I have no problem connecting to the Azure SQL database. On Azure Web App the connection cannot be established.
Same connection string as local - was working fine before v12 update.
I'm using this SQL driver github.com/denisenkom/go-mssqldb/
Any pointer, don't believe I should change the connection string? Why it's working on local and not on Azure web app.
Edit 1: Just tried to replace [server-name].database.windows.net with the tr12... but tcp connection cannot be established.
Edit 2: Here's the connection string if it can help, bottom line, why it's working locally, same driver package version, I'm building executable locally and deploying via FTP, so not using Kudo deployment for this app. Was working A1 until Azure auto-upgraded to v12.
Server=[server-name].database.windows.net;Port=1433;Database=[dbname];User
ID=[user];Password=[pass];Trusted_Connection=False;Encrypt=True;Connection
Timeout=30;
Should trusted connection be true? or Encryption false? Will try changing those to see....
Edit 3: I've look at the connection string from Azure portal, and v12 seems to have this new parameters: TrustServerCertificate=False but no chance, did not fixed the issue
Based on this closed issue I changed TrustServerCertificate from False to True and added this parameter hostNameInCertificate to the connection string and it is working now:
https://github.com/denisenkom/go-mssqldb/issues/55
TrustServerCertificate=True;hostNameInCertificate=*.database.windows.net;
Azure portal suggests to have TrustServerCertificate=False and no hostNameInCertificate.