Forum Discussion

Amanwandb's avatar
Amanwandb
Copper Contributor
Jun 25, 2024

Failed to create remote connection for private endpoint

 

Hi Team,

We have set up an application gateway in Azure and enabled the private link service within the Azure application gateway. However, after configuring the above setup, we have encountered an issue while trying to create a private endpoint from either another tenant or the same tenant. We consistently receive the following error: An error occurred. Failed to create remote connection for private endpoint /subscriptions/175b2/resourceGroups/test/providers/Microsoft.Network/privateEndpoints/tstt (Code: InternalServerError)

This configuration was working correctly until about 20 days ago, but since then, we have been facing this error continuously.

We have strictly followed the Azure documentation to create the application gateway and configure the private link within it: Configure Azure Application Gateway Private Link

Any assistance or insights on resolving this issue would be greatly appreciated.

 

  • DTB's avatar
    DTB
    Iron Contributor
    Jun 26, 2024

    Hi Amanwandb,

     

    The issue you're experiencing with creating a private endpoint for your Azure Application Gateway can be frustrating, especially when it was previously working. Here are some steps and insights to help diagnose and resolve the issue.

    Troubleshooting Steps for Private Endpoint Creation

     

    1. Check Azure Service Health

    Before diving into configuration issues, check the Azure Service Health dashboard to see if there are any ongoing issues or outages that could be affecting your service.

     

    2. Review Configuration and Logs

    Double-check the configuration and review the logs for any clues.

    • Application Gateway Logs:

      • Go to your Application Gateway resource in the Azure portal.
      • Navigate to Diagnostics settings and ensure that diagnostic logging is enabled.
      • Review the logs for any errors or warnings.

    • Network Watcher:

      • Use Azure Network Watcher to diagnose and visualize the network topology.
      • Verify the network path using the Connection Monitor.

     

    3. Validate Private Endpoint Configuration

    Ensure that the private endpoint is correctly configured and all dependencies are in place.

    • DNS Configuration:

      • Verify that the DNS settings for your private endpoint are correctly configured. Private endpoints require correct DNS resolution to function.

    • Network Security Groups (NSGs):

      • Ensure that the NSGs associated with the subnet of the private endpoint allow the necessary traffic.
      • Specifically, check for any inbound or outbound rules that might be blocking traffic.

    • Subnet Configuration:

      • Confirm that the subnet used for the private endpoint has the required IP address space available and is correctly associated with the virtual network.

     

    4. Check Role-Based Access Control (RBAC)

    Ensure that the necessary permissions are in place.

    • Verify that your account has the required roles assigned to manage private endpoints and the Application Gateway.
    • Check the IAM settings for both the Application Gateway and the private endpoint resource groups.

     

    5. Update or Recreate Resources

    If the configuration seems correct, but the issue persists, consider updating or recreating the resources.

    • Update Private Endpoint:
      • Try updating the private endpoint configuration to refresh the settings.
    • Recreate Private Endpoint:
      • If updating doesn’t work, delete and recreate the private endpoint. Ensure you follow the latest Azure documentation closely.

    Example Steps to Recreate Private Endpoint

    1. Delete Existing Private Endpoint:

      • Navigate to your private endpoint resource in the Azure portal.
      • Delete the existing private endpoint.

    2. Create a New Private Endpoint:

      • Go to the Azure portal and navigate to the Application Gateway.
      • Select Private Link > + Add.
      • Configure the private endpoint, ensuring all settings match your network configuration and DNS settings.

    3. Validate the New Configuration:

      • Once created, validate the new private endpoint by checking connectivity and ensuring it is correctly linked to the Application Gateway.

     

    Conclusion

    By following these troubleshooting steps, you should be able to identify and resolve the issue preventing the creation of the private endpoint. Pay particular attention to DNS settings, NSGs, and Azure Service Health for any anomalies. If the issue persists, consider reaching out to Azure Support for further assistance.

     

Resources