Troubleshooting connectivity to Blob Storage using Azure Storage Explorer with Private Endpoint

Published 03-01-2021 03:19 AM 950 Views
Microsoft

Scenario:

You want to connect to Blob Storage having Private Endpoint via Azure Storage Explorer. This blog talks about some of steps to verify the setup and troubleshooting that can be followed depending upon the error message you are encountering.

 

Actions:

 

Creating/Verifying the Setup Configuration

There is certain list of steps that you need to follow in case you are creating a fresh setup. The documentation will be very helpful in the setup process.

 

In case you already have setup, below are the pointers to verify:

 

  • The VM from where you are trying to connect to, and your storage account need to be part of same Virtual Network and Subnet. You can verify them by navigating via respective resources through Azure Portal.

 

Amrinder_Singh_0-1614591774514.png

Amrinder_Singh_1-1614591785328.png

 

  • Another mechanism you can try is to do the nslookup over the storage account. It should resolve in a private IP and you can verify this from the IP assigned to FQDN under private endpoint configuration.

Amrinder_Singh_2-1614591823077.png

Amrinder_Singh_3-1614591858264.png

 

  • Lastly, you can verify if the machine IP from where connection is being made is part of same subnet

Troubleshooting Scenarios

 

Troubleshooting depends upon the operations you are trying to perform on the storage. The connection might get established however the actual error might appear when you try to perform listing or other operation.

 

A common error you might get will be unable to retrieve child resources however the important point here is check on the error in the details and to what error it points too.

 

  • If that points to some kind of “403 - Authorization Error”, you need to isolate based on what kind of error it is and why it is coming. Some common scenarios here could be in-sufficient roles, Firewall and VNET configurations etc. Ensure that you have right access already in place.
  • In case, if points to error such as “Account Does Not Exsist”, first verify the account exists and hasn’t been deleted. In case you have a setup, where in you are making use of Hosts File by specifying IP of the storage account, kindly ensure that you are having updated public IP mentioned in the host file entry. The file can be found at the path C:\Windows\System32\drivers\etc. Although, the public IP does not get changed that often however still verify it again too. If the IP has got updated then also this message may appear as explorer won’t be find out the account with the one mentioned in file. In that scenario, kindly update the entry in the Hosts file with the current public IP Address for the storage account.
  • If there are any other error observed specific to storage explorer, you can review this link as well.

 

Hope this helps!

Co-Authors
Version history
Last update:
‎Mar 01 2021 03:13 AM
Updated by: