Error: Host Address Is Private and Not Accessible via the Internet

Issue

The error occurs when you connect to an Azure SQL database using the Direct Connection method while using Azure as the Cloud Service Provider (CSP). The issue may occur even if you have public network access enabled for the resource you are trying to connect to. Connection tests fail during sync with the following error messages:

• Connection tests failed. Host address is private and not accessible via the internet.
• Websocket connection blocked.

Environment

• Connectors: Azure SQL Server and Azure Blob Storage
• Destination: Azure Data Lake Storage

Cause

You do not have a private endpoint in the Azure region of the database that you specified in the setup form. However, you may have a private endpoint set up in a different region.

When you have a private link set up in a different region, Azure configures DNS for the SQL database to use aliases pointing to the private link URI, For example, prod-sqlserver.database.windows.net points to prod-sqlserver.privatelink.database.windows.net.

Inside Fivetran's Azure network, a private DNS zone for the privatelink.database.windows.net domain supports private endpoint resolution for all private links. If no private endpoint is configured with Fivetran, attempting to resolve the DNS zone results in a DNS resolution error, causing the connection to fail.

Resolution

To resolve this issue, do one of the following:

• Configure a Private Link for the source or destination. You must be on our Business Critical plan to use this feature.
• Disable Private endpoints across the Azure account.
• Use the source IP address if possible, although some sources like Azure SQL Database may not allow this due to dynamic IP changes.