Blog Post

Azure Database Support Blog
2 MIN READ

Azure PostgreSQL Lesson Learned #10: Why PITR Networking Rules Matter

HaiderZ-MSFT's avatar
HaiderZ-MSFT
Icon for Microsoft rankMicrosoft
Dec 03, 2025

We encountered a support case where a customer tried to perform Point-in-Time Recovery (PITR) on Azure Database for PostgreSQL Flexible Server but ran into unexpected networking restrictions. This blog explains why these limitations exist and how to plan restores without surprises.

Co‑authored with angesalsaa​ 

Symptoms

  • Customer attempted to restore a server configured with public access into a private virtual network.
  • Restore operation failed with an error indicating unsupported configuration.

Root Cause

Azure enforces strict networking rules during PITR to maintain security and consistency:

  • Public access servers can only be restored to public access.
  • Private access servers can be restored to the same virtual network or a different virtual network, but not to public access.

Why This Happens

Networking mode is tied to the original server configuration. Mixing public and private access during restore could expose sensitive data or break connectivity assumptions.

Contributing Factors

  • Customer assumed PITR could switch networking modes.
  • No prior review of Azure documentation on restore limitations.

Specific Conditions We Observed

  • Source server: Private access with VNet integration.
  • Target restore: Attempted to switch to public access.

Operational Checks

Before initiating PITR:

  • Confirm the source server’s networking mode (Public vs Private).
  • Review restore options in the Azure portal → Restore.

Mitigation

Goal: Align restore strategy with networking rules.

  • If source is Public: Restore only to Public access.
  • If source is Private: Restore to same or different VNet (within the same region).

Post-Resolution

Customer successfully restored to a different VNet after adjusting expectations.

Prevention & Best Practices

  • Document networking mode for all PostgreSQL servers.
  • Train teams on PITR limitations before disaster recovery drills.
  • Avoid assumptions always check official guidance.

Why This Matters

Ignoring these rules can delay recovery during critical incidents. Knowing the constraints upfront ensures faster restores and compliance with security policies.

Key Takeaways

  • Issue: PITR does not allow switching between Public and Private access.
  • Fix: Restore within the same networking category as the source server.

References

Published Dec 03, 2025
Version 1.0
#AzurePostgreSQL
Azure Database for PostgreSQL Flexible Server
Point in time
Postgres
Restore
restore backup
No CommentsBe the first to comment