Lesson Learned #251: Error 40532 using Private Endpoint IP in the server name

[Guest Jose_Manuel_Jurado]

We use to receive cases where our customers wants to connect to their Azure SQL Database servers using the Private Endpoint IP instead the Azure SQL DB FQDN.

 

 

 

Two main errors you could face:

 

• Error 40532: Cannot open server "xxx.xxx.xxx.xxx" requested by the login. The login failed. (Microsoft SQL Server, Error: 40532)
  
• A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022)
  

 

In this article we are going to explain why and how to mitigate those.

 

 

Regarding the error 40532:

 

 

 

 

• In this situation, we need to change the user name by username@servername, in order to instruct the server name that you want to connect. If not the Azure SQL Database Gateway is not able to find the real node to connect. Please, remember that use an IP is not a recommended option and FQDN will be the best option. You have other alternatives like Custom DNS, Localhost file, etc..
  

 

Regarding the error: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The target principal name is incorrect.) (Microsoft SQL Server, Error: -2146893022):

 

 

 

 

• This is caused by it is not possible to validate the certificate to encrypt the data between Azure SQL DB and application. In this situation, we need to enable Trust Server Certificate to bypass, but, it is an option that is not recommended in terms of security.
  

 

 

 

 

 

 

Enjoy!

 

Continue reading...