We encountered an interesting case with our customer who faced connectivity issues immediately after migrating from the General Purpose to Business Critical tier in Azure SQL Managed Instance. We would like to share the lessons learned from this experience and how we resolved the issue.
The Challenge: Facing Error 10060 Post-Migration
Our customer began to encounter Error 10060 after scaling up to the Business Critical tier. Upon investigation, we realized that the "Proxy" connection type was working, but the "Redirect" type was causing issues.
Network Traces and NSG Rules
In the General Purpose tier, our customer had set their Network Security Group (NSG) rules to only allow traffic through port 11000, in addition to the standard port 1433. This configuration was based on network traces, which indicated that only port 11000 was necessary for the "Redirect" connection type. This makes sense in the context of General Purpose tier, which employs a single Virtual Machine to handle the database.
The Culprit: Multiple Nodes in Business Critical
In Business Critical, the environment operates on an Always On architecture with multiple machines. Consequently, the port requirements are different: the port range expands from a single port to a range between 11000-11999.
The Solution: Updating NSG Rules and Connection Type
The customer resolved the issue by performing two key actions:
Updating NSG Rules: The NSG was updated to allow the new port range of 11000-11999.
az network nsg rule update \
--name MyNsgRule \
--nsg-name MyNsg \
--resource-group MyResourceGroup \
--destination-port-ranges 11000-11999
Changing Connection Type: The connection type was switched from "Proxy" to "Redirect," which then worked seamlessly with the new NSG settings.
