Share via

Connect to a Cosmos Mongo Vcore instance over an Azure P2S VPN

dweber-LTCH 0 Reputation points
2025-02-04T14:46:10.71+00:00

I'm trying to connect to a Cosmos Mongo vcore database over a p2s vpn and am having a hard time pinning down why this isn't working.

We have a hub vnet that contains a vpn gateway subnet, a private endpoint subnet, and a dns resolver subnet.

I created the Cosmos Mongo DB with a private endpoint in the correct hub subnet.

Private DNS was created and attached to the hub vnet.

Public access disabled on the Cosmos Mongo DB.

Point to site vpn is using the dns resolver as DNS.

Cannot connect. We get an ESERVFAIL error or a timeout error.

We have this working for SQL databases.

Any ideas?

Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,749 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mahesh Kurva 2,670 Reputation points Microsoft Vendor
    2025-02-04T18:02:11.24+00:00

    Hi @dweber-LTCH,

    Welcome to Microsoft Q&A forum.

    As I understand, you've set up everything correctly, but there are a few potential issues that could be causing the ESERVFAIL or timeout errors when connecting to your Cosmos MongoDB over a P2S VPN.

    Here are some troubleshooting steps you can try:

    1. Ensure that the DNS resolver is correctly configured and that it can resolve the private endpoint's DNS name.

    Verify that the private DNS zone is correctly linked to the hub VNet and that the DNS records for the Cosmos Mongo DB are present.

    Check if there are any firewall rules blocking the connection. Ensure that the necessary ports (typically port 10255 for MongoDB) are open and that the VPN client's IP range is allowed.

    Confirm that the private endpoint is correctly set up and associated with the correct subnet. Ensure that the network security group (NSG) rules for the subnet allow inbound traffic from the VPN client.

    1. Make sure you are using the correct connection string provided in the Azure portal. It should include the mongodb+srv:// protocol.
    2. Double-check the VPN configuration to ensure that it is correctly routing traffic to the hub VNet and that the DNS resolver is being used.

    For more information, please refer the documents:

    https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/vcore/troubleshoot-common-issues

    https://learn.microsoft.com/en-us/azure/cosmos-db/mongodb/connect-account

    https://stackoverflow.com/questions/68875026/error-querysrv-eservfail-mongodb-tcp-cluster0-abcd0-mongodb-net

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.