Lesson Learned #327: Why is important to use SQL Service Tag in your NSG?
Published Feb 10 2023 04:29 AM 1,844 Views

Today, we got a service request that our customer has 30 databases in a server but was not able to connect of 3 of them. Following I would like to share with you my findings here. 


All the databases in this server 'XXX' are standalone databases and there is not possible to connect within Azure but it is possible to connect from OnPremise. 


After analyzing the details we found that our customer has Default connection policy that means that connecting from Azure we are going to use Redirection and from OnPremise they are going to use Proxy.


When you are using Redirection you need to know that besides connecting to the GW and port 1433 you need to connect to another port between 11000-12000 and another virtual name as we explained in these URLs:


Lesson Learned #216: Hands-On-Labs: How redirect connection policy type works - Microsoft Community ...

Lesson Learned #203: How can I know that my connection is using Redirect connectivity policy? - Micr...

Azure Support Academy: How to troubleshoot connectivity issues in Azure SQL DB - Part 1 - Microsoft ...

Lesson Learned #258: Python vs Connection Refused with Login timeout expired - Microsoft Community H...


Unfortunately, in the NSG of the Virtual Machine from Azure the have some IPs to connect to Azure SQL Database using 11000-12000 but not all of them were defined. In a dynamic environment it is better to use SQL or SQL<Region> as outbound to avoid this issue in the further. If not you are going to receive error code like 10060.





Version history
Last update:
‎Feb 10 2023 04:29 AM
Updated by: