Lesson Learned #520: Troubleshooting Azure SQL Database Redirect Connection over Private Endpoint
A few days ago, we handled an interesting support case where a customer encountered the following connection error when using sqlcmd to connect to their Azure SQL Database "Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Login timeout expired. Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : TCP Provider: Error code 0x102. Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to servername.database.windows.net (Redirected: servername.database.windows.net\xxxx8165ccxxx,6188). Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online." At first glance, what immediately caught our attention was the port number mentioned in the error 6188. This is not the typical 1433 port that SQL Server usually listens on. Additionally, the message referenced a "Redirected" connection, which gave us the first strong clue. We asked the customer to run the following commands for diagnostics steps: ping servername.database.windows.net to identify the IP address resolved for the Azure SQL Database Server, returning a private IP: 10.1.0.200. nslookup servername.database.windows.net to confirm whether the resolution was happening through a custom DNS or public DNS. ifconfig -a to determine the local IP address of the client, which was 10.1.0.10 (our customer is using Linux environment - RedHat) With all this information in hand, we asked the customer to open a terminal on their Linux machine and execute sudo tcpdump -i eth0 host 10.1.0.200 meanwhile they are attempting to connect using another terminal with sqlcmd and we observed that the sqlcmd was: First making a request to the port 1433 that is expected And then immediately attempting a second connection to port 6188 on the same private IP. It was during this second connection attempt that the timeout occurred. After it, based on the port and the message we asked to our customer what type of connection has this server and they reported Redirect. We explained in Azure SQL, when Redirect mode is enabled, the client: Connects to the gateway on port 1433 Receives a redirection response with a new target IP and dynamic port (e.g., 6188) Attempts a new connection to the private endpoint using this port We reviewed the connection configuration and confirmed that Redirect mode was enabled. After speaking with the customer's networking and security team, we discovered that their firewall rules were blocking outbound connections to dynamic ports like 6188. We proposed two alternative solutions: Option 1: Adjust Firewall Rules Allow outbound traffic from the client’s IP (10.1.0.10) to the Private Endpoint IP (10.1.0.200) for the required range of ports used by Azure SQL in Redirect mode. This keeps the benefits of Redirect mode: Lower latency Direct database access via Private Link Reduced dependence on Azure Gateway Option 2: Switch to Proxy Mode Change the Azure SQL Server's connection policy to Proxy, which forces all traffic through port 1433 only. This is simpler for environments where security rules restrict dynamic port ranges, but it may introduce slightly higher latency. In this case, the customer opted to update the VNet's NSG and outbound firewall rules to allow the necessary range of ports for the Private Endpoint. This allowed them to retain the benefits of Redirect mode while maintaining secure, high-performance connectivity to their Azure SQL Database.
FSLogix local userfolder with numbers
Hello, we got a problem with FSLogix. We are using FSLogix for about 3 years now and everything works, but there is a problem with the local folders (local_username folder). We got no redirections running, so there is just the default folders like temp being redirected in that local folder. As we got a new software which saves data temporary to the local_username\temp folder, we noticed that there is a problem with the folder creation / delete. FSLogix creates sometimes new local_username folders with numbers added. On some computers there are folders with numbers from e.g. 1-6. The actual used folder is the highest number. A problem now occures, because when logging on at another machine, the TEMP variable points at the local_username\temp folder with no number and this folder of course doesn't work because the acutal used folder set by fslogix is local_username5\temp for example. Why are these folders with additional numbers are being created and how to fix this? We can't find a solution. Thanks in advance for every help!
Customizing the "viewer.aspx" Page Redirect in SharePoint Online
Hello everyone, I am currently working on a project where I need to customize the behavior of the "viewer.aspx" page in SharePoint Online. Specifically, I want to intercept the call to the "viewer.aspx" page and redirect the user to a different page. Here's the scenario: When I use "Bing search for work" and search for a document, the search results point to the document using the "viewer.aspx" handler in the following format: `https://<tenant>.sharepoint.com/sites/<Site>/_layouts/15/viewer.aspx?sourcedoc={29g142de-1564f-47b7-af87-e7e51af931b3}` My requirement is to intercept this call landing on the "viewer.aspx" page and redirect the user to a different page. I am looking for a way to achieve this either programmatically or through configuration. I have done extensive research on this topic, but I haven't found a solution that specifically addresses this requirement. Most resources discuss general redirection in SharePoint Online, but none seem to cover the customization of the "viewer.aspx" page. Can anyone provide guidance on how to achieve this? Any help or direction would be greatly appreciated. Thank you in advance for your assistance. Best regards, Hasan
Risks of allowing USB/Printer/Scanner Redirection in AVD?
Hello, one of our customers has asked us what the risks can be of allowing webcams, microphones or printers to be redirected to AVD. They don't want to allow USB drives for obvious reasons, but don't know if an infected printer, for example, could pose a risk to their environment if connected to AVD.
(WVD) Windows Virtual Desktop USB Redirection Full
Hi Guys, I was wondering if there are plans for (or if it is already available) adding USB redirection - for Other Supported RemoteFX USB devices , which is available using RDS and MSTSC, and was previously available in Azure RemoteApp. This was/is required for redirecting footpedals (and some other peripherals) All tests so far seem to suggest this isn't possible.Azure Support Academy: How to troubleshoot connectivity issues in Azure SQL DB - Part 1
First published on MSDN on Nov 29, 2016 Hello everyone!Just a couple of weeks ago, we recorded our first video of 10 minutes of duration about how to troubleshoot connectivity issue connecting from your local desktop to Azure SQL DB.
