Connection Issue

Cannot connect to Managed Instance

Matt Mansoomi

3 min read
Cannot connect to Managed Instance

Sometimes connecting to Managed Instance can be confusing. Lots of things about connection to Azure Managed Instance like Public endpoint, Private endpoint, proxy, redirect and so on! And probably that’s why sometimes users don’t know what’s the issue? I believe if they can have some idea about what’s wrong that could be helpful.

So, in this post I only want to introduce the power shell command that can give you some idea and helpful recommendation base on the issue. We normally ask the users to run the command and share the result with us.

For example, I got MI and was not able to connect, I got the following error message.

A network-related or instance-specific error occurred while establishing a connection to SQL Server.

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 – A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.) (Microsoft SQL Server, Error: 10060)

How we can find what’s the root cause?

So, network related, what’s that? What’s wrong with the network? Let’s run the PowerShell command. You can always have the latest version from GitHub, Please see the referral link

Copy the script in notepad, you only need to replace Server, Database, User and Password and then run the command. That what you need to connect to Managed Instance.

I already explained about Cloud Shell, that’s easy way and you don’t need to install or setup anything, connect to the portal and run the command from there, that’s like I did then after a couple of minutes you’ll have the result.
The script tries to check a few things like DNS validation, gateway connectivity and so on. You can also have access to the result from later, you can download and save it.

It also gives you some recommended actions that normally can fix the issue. In my case that shows that the port is blocked in my computer, and I need to check that. I’ll explain later how we can fix and open the port.

RECOMMENDED ACTION(S):

Gateway connectivity to xx.x.xx.x:1433 FAILED
Please fix the connectivity from this machine to xx.x.xx.x:1433
You can connect to SQL Managed Instance via private endpoint if you are connecting from one of the following:

  • machine inside the same virtual network
  • machine in a peered virtual network
  • machine that is network connected by VPN or Azure ExpressRoute
    Failure to reach the Gateway is usually a client-side networking issue (like DNS issue or a port being blocked) that you will need to pursue with your local network administrator.
    We strongly recommend you request assistance from your network administrator, some validations you may do together are:
  • The host name is valid and port used for the connection is 1433, format is tcp:..database.windows.net,1433
  • The Network Security Groups (NSG) on the managed instance subnet allows access on port 1433.
  • If you are unable to connect from an Azure hosted client (like an Azure virtual machine), check if you have a Network Security Group set on the client subnet that might be blocking outbound access on port 1433.
  • If the connection type is Redirect:
    • Ensure the Network Security Groups (NSG) on the managed instance subnet allows access on ports 11000-11999.
    • If you are unable to connect from an Azure hosted client (like an Azure virtual machine), check if you have a Network Security Group set on the client subnet that might be blocking outbound access on ports 11000-11999.
  • Any networking device used (like firewalls, NVAs) do not block the traffic mentioned above.