none
Azure service cannot connect to SQL Database RRS feed

  • Question

  • We have two "Windows Azure MSDN - Visual Studio Premium" active subscription for our two Azure Clouds. One cloud configured with a spending limit and one without.
    (We divide them on "Release" and "Debug" for the same project). Both clouds use their own separate SQL databases.
    "Debug" cloud works perfect but in "Release" cloud we faced a problem during connecting to database from Web Role located in cloud (environment: Production):
    Connection is done by System.Data.Objects.ObjectContext from Entity Framework (.Net 4)
    and throws next exception:
    The underlying provider failed on Open.
    Inner exception:
    "Cannot open server 'xxxxxxxxx' requested by the login. Client with IP address '137.116.x.x' is not allowed to access the server.
    To enable access, use the SQL Azure Portal or run sp_set_firewall_rule on the master database to create a firewall rule for this IP address or address range.
    It may take up to five minutes for this change to take effect. Login failed for user 'xxx'.
    This session has been assigned a tracing ID of '3987a96f-aab3-4d11-a973-fedad17fd4d5'. Provide this tracing ID to customer support when you need assistance."

    Connection string looks like
    "data source=xxxxxxxxxx.database.windows.net;initial catalog=Database;persist security info=True;user id=xxx;password=xxx;multipleactiveresultsets=True;App=EntityFramework"

    From exception we see that the problem is that SQL firewall blocks our cloud ip.
    "Windows Azure Services" option ("SQL Databases -> Manage allowed IP addresses -> Allowed Services") it is set to YES,
    cloud service with Web Role and SQL database is located in same cloud. But ip is still blocked

    The problem disappears if we add this IP to "allowed" ("SQL Databases -> Manage allowed IP addresses") but we do not have to do it for "Debug" cloud

    Perhaps  the  problem  is  that "Debug" cloud have "PUBLIC VIRTUAL IP ADDRESS (VIP)" 168.63.x.x when "Release" have 137.116.x.x?

    Why PUBLIC VIRTUAL IP ADDRESS (VIP) for our "Release" cloud doesn't belongs to Windows Azure Services ip addresses or why it is blocked?

    Or how we should configure "SQL databases / "Allowed IP" so it wouldn't have to add new IP (each time when we re-creating cloud service)
    Friday, December 21, 2012 8:04 AM

Answers

  • There is a known problem right now in that we missed a few of the new Windows Azure IP addresses in our standard list of "allowed" IPs that kicks in when you check the "Allow Microsoft Services" option. There should be a fix rolling out in the near term, but for the near term your solution of manually adding the IP is the correct approach.
    Saturday, December 22, 2012 7:07 PM
  • Connection string looks like
    "data source=xxxxxxxxxx.database.windows.net;initial catalog=Database;persist security info=True;user id=xxx;password=xxx;multipleactiveresultsets=True;App=EntityFramework"

    Hello,

    You must encrypt the connection, otherwise SQL Azure will refuse the connection =>

    "data source=xxxxxxxxxx.database.windows.net;initial catalog=Database;persist security info=True;user id=xxx;password=xxx;multipleactiveresultsets=True;App=EntityFramework;Encrypt=TRUE;"


    Olaf Helper

    Blog Xing

    Friday, December 21, 2012 8:15 AM

All replies

  • Connection string looks like
    "data source=xxxxxxxxxx.database.windows.net;initial catalog=Database;persist security info=True;user id=xxx;password=xxx;multipleactiveresultsets=True;App=EntityFramework"

    Hello,

    You must encrypt the connection, otherwise SQL Azure will refuse the connection =>

    "data source=xxxxxxxxxx.database.windows.net;initial catalog=Database;persist security info=True;user id=xxx;password=xxx;multipleactiveresultsets=True;App=EntityFramework;Encrypt=TRUE;"


    Olaf Helper

    Blog Xing

    Friday, December 21, 2012 8:15 AM
  • There is a known problem right now in that we missed a few of the new Windows Azure IP addresses in our standard list of "allowed" IPs that kicks in when you check the "Allow Microsoft Services" option. There should be a fix rolling out in the near term, but for the near term your solution of manually adding the IP is the correct approach.
    Saturday, December 22, 2012 7:07 PM
  • It's 7 months later and this problem still hasn't been resolved...
    Wednesday, July 10, 2013 5:10 AM