Troubleshooting

Most networking issues in Azure are actually DNS issues. Here is why DNS is hard in Azure, and how we handle it. Public and Private DNS Do Not Play Well Together Azure resources have public endpoints by default. They resolve via public DNS. When you add a private endpoint, the resource gets a private IP. Now you have two IPs for the same resource: public IP (internet-facing) private IP (VNET-only) DNS must resolve to the private IP from within your VNET, and the public IP from outside. ...

We spent hours debugging connectivity when the real issue was authentication. Here is why identity failures masquerade as network failures. The Error Message Lies Your app cannot connect to Azure SQL. The error says: “Connection timeout.” You check: firewall rules network security groups VNET configuration DNS resolution Everything looks correct. The issue is not networking. It is identity. The Managed Identity does not have permissions on the database. But the error said “timeout,” not “access denied.” ...

The role assignment is correct. The scope is right. Access is still denied. Here are the hidden reasons why. Propagation Delay Is Real You add a role assignment. You test immediately. It fails. Azure RBAC changes are not instant. Propagation can take up to 30 minutes, though it is usually faster. We spent hours debugging issues that fixed themselves while we investigated. Now we wait five minutes before testing any new role assignment. ...