Share via

App Service to Azure MySQL (Private Endpoint) Connection Timeout

Pavol Karkas 0 Reputation points
2025-11-21T21:40:59.7966667+00:00

My Azure App Service is failing to establish a TCP connection to an Azure Database for MySQL Flexible Server over a pre-existing, approved Private Endpoint connection. The application consistently throws a Connection timed out (mysqli_sql_exception) error.

Everything was working fine until i decided to reboot both the web app and the database due to some sluggish performance.

I can connect to the database from external public IP (which i allowed in) but not over the established private link.

To isolate the issue to the Private Link/VNet routing, setting MySQL parameter 'require_secure_transport to OFF' was successful on a public network path (i tested this via XAMPP).

Credentials are correct, database is running, and the public firewall/port 3306 is open. The issue is not SSL or database credentials, or NSG, or User Defined Routes.

Any ideas?

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-21T21:42:16.8366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you are experiencing a connectivity issue with your Azure App Service when trying to connect to your Azure Database for MySQL Flexible Server over a Private Endpoint. Since you mentioned that you can connect via a public IP but not through the private link, here are some steps to troubleshoot the issue:

    1. Private Endpoint Configuration: Ensure that the Private Endpoint is correctly configured and that its connection state is Approved. You can check this in the Azure portal under the Private Link Center.
    2. Network Configuration: Verify that the virtual network where your App Service is deployed has proper connectivity to the virtual network hosting the Private Endpoint. Ensure that the App Service is in the same VNet or has VNet integration configured correctly.
    3. DNS Resolution: Check that the DNS settings for your App Service are resolving to the private IP address of the Private Endpoint. Incorrect DNS settings can lead to connection timeouts.
    4. Firewall Rules: Although you mentioned that the public firewall is open, ensure that the firewall settings for the Azure Database for MySQL are configured to allow connections from the private IP addresses of your App Service.
    5. Network Security Groups (NSGs): Double-check any NSGs associated with the subnet where the Private Endpoint resides to ensure they are not blocking traffic.
    6. Testing Connectivity: Use tools like Azure Network Watcher to test the connection from your App Service to the Private Endpoint. This can help identify if there are any routing issues.
    7. Logs and Monitoring: Review logs in Azure Monitor to see if there are any indications of failed connection attempts or other errors that could provide more context about the timeout.

    By following these steps, you should be able to identify and resolve the connectivity issue between your Azure App Service and the Azure Database for MySQL Flexible Server over the Private Endpoint.

    0 comments
  2. Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator
    2025-11-21T22:16:31.2566667+00:00

    Hello @Pavol Karkas,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand your question about the Azure App Service failing to establish a TCP connection to the Azure Database for MySQL Flexible Server over an existing approved Private Endpoint connection, where the application consistently throws a Connection timed out (mysqli_sql_exception) error.

    It looks like the problem is with the private connection setup rather than your database or login details, since you can connect over the public internet just fine.

    Sometimes after restarting your app and database, the private network settings or DNS (which helps your app find the database) can get mixed up. To fix this, please check these things:

    1. From your app service, run a DNS lookup for your database's name. It should point to the private IP address. If it points to the public IP, then the private DNS settings might need to be reconnected.
    2. Make sure the private DNS zone (privatelink.mysql.database.azure.com) is properly linked to the virtual network your app uses.
    3. Confirm your app is still connected to the right virtual network and subnet.
    4. Check in the Azure portal that the private endpoint is still showing as Approved and Connected.
    5. Verify your app is connecting using the full database name (like yourserver.mysql.database.azure.com) rather than a direct IP address.

    Looks like turning off secure transport only helped on the public connection, so SSL isn’t the reason for the timeout. The real issue seems to be that your app’s traffic isn’t making it to the database over the private link.

    Next, please check the DNS lookup first. If it shows the public IP, try relinking the private DNS zone to your network. If it shows the private IP but still times out, double-check the private endpoint status.

    Reference:
    https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-troubleshoot-common-connection-issues
    https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-networking-private-link

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the Answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.