Blog Post

Azure Database Support Blog
1 MIN READ

Lesson Learned #251: Error 40532 using Private Endpoint IP in the server name

Jose_Manuel_Jurado's avatar
Dec 16, 2022

We use to receive cases where our customers wants to connect to their Azure SQL Database servers using the Private Endpoint IP instead the Azure SQL DB FQDN. 

 

Two main errors you could face:

  • Error 40532: Cannot open server "xxx.xxx.xxx.xxx" requested by the login. The login failed. (Microsoft SQL Server, Error: 40532)
  • A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)

In this article we are going to explain why and how to mitigate those. 

 

Regarding the error 40532:

 

  • In this situation, we need to change the user name by username@servername, in order to instruct the server name that you want to connect. If not the Azure SQL Database Gateway is not able to find the real node to connect. Please, remember that use an IP is not a recommended option and FQDN will be the best option. You have other alternatives like Custom DNS, Localhost file, etc..

 

Regarding the error: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022):

 

  • This is caused by it is not possible to validate the certificate to encrypt the data between Azure SQL DB and application. In this situation, we need to enable Trust Server Certificate to bypass, but, it is an option that is not recommended in terms of security.

 

 

Enjoy!

Updated Dec 16, 2022
Version 1.0
  • anoop50's avatar
    anoop50
    Copper Contributor

    I used this method, but I am still unable to connect using private end point ip and useraname as username@servername to my managed instance. My username looks like email address removed for privacy reasons. Also I able to connect to port 1433 using IP from destination. 

     

    Please let me know what else i can check.

     

    Thanks

    Anoop