Share via

Not able to connect to Azure AI search from Foundry Agent

Sandesh Poudel 60 Reputation points Microsoft Employee
2026-04-10T12:59:00.2866667+00:00

AI foundry Project's agent can't connect to index on AI search. 

tool_user_error: Error: search_service_request_error; Unable to connect to Azure AI Search Resource. Please ensure the Azure AI Search Connection has the correct endpoint and the search resouce has appropriate network settings for the agents setup. Cannot connect to host *****.search.windows.net:443 ssl:default [DNS server returned answer with no data] RunId: run_**

Initially, AI search was behind the firewall, made following changes but didn't seems to fix the issue

  • Having AI search with public network access
  • Setting Foundry's restrictOutboundNetworkAccess to false
  • Setting AI Search as connected resources with Project Only access and Entra ID authentication

Let us know if any steps for remediations .

Azure AI Search
Azure AI Search

An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.

Answer accepted by question author
  1. SRILAKSHMI C 17,700 Reputation points Microsoft External Staff Moderator
    2026-04-10T16:56:10.47+00:00

    Hello Sandesh Poudel,

    Thank you for sharing the details and the error message.

    Based on what you’ve provided, the key issue appears to be that the Foundry agent is unable to resolve the DNS name of your Azure AI Search service, rather than a problem with authentication or permissions.

    The specific error “DNS server returned answer with no data” indicates that the request is failing at the DNS resolution stage, before it even attempts to connect to the service.

    What this typically means

    When the agent tries to reach your Search endpoint it is not able to resolve this hostname to an IP address. This is usually caused by a network or DNS configuration issue, most commonly related to Private Endpoints or custom DNS settings.

    Most likely cause

    From experience, the most common scenario is:

    • The Azure AI Search service was previously configured with a Private Endpoint
    • A Private DNS zone (privatelink.search.windows.net) is still linked
    • Even after enabling public access, DNS continues to resolve the service to a private IP

    Since Foundry agents are not deployed داخل your VNet, they cannot reach private IP addresses, which results in the DNS failure you are seeing.

    Recommended steps to resolve

    1. Validate Azure AI Search networking configuration

    In the Azure portal:

    Go to your Azure AI Search resource - Networking

    Ensure:

    • Public network access = Enabled
    • Access configuration = All networks (for testing purposes)
    • Enable “Allow Azure services and resources to access this service” (important for Entra ID scenarios)
    1. Check for Private Endpoint and DNS configuration

    If your service previously used Private Endpoint:

    • Review Private Endpoint connections
    • Check if a Private DNS zone (privatelink.search.windows.net) is still linked

    If so, you have two options:

    • Remove the Private Endpoint (simplest approach), or
    • Unlink/update the Private DNS zone so the service resolves to a public IP

    If this step is skipped, DNS may continue resolving to a private address even though public access is enabled.

    1. Validate DNS resolution

    From a test environment (local machine or Azure VM)

    Expected result A public IP address

    If you see A private IP (10.x, 172.x, 192.168.x), or No IP returned

    then this confirms a DNS configuration issue.

    4. Verify Foundry outbound connectivity

    what You’ve already set which is correct.

    Additionally, if your Foundry workspace is deployed in a VNet:

    • Ensure NSGs allow outbound traffic
    • Check that UDRs are not forcing traffic through a blocked path
    • If using custom DNS servers, confirm they correctly resolve the Search endpoint
    1. Verify the endpoint in Foundry connection

    In your Foundry project:

    Confirm the endpoint is exactly:

    Ensure there are:

    • No typos
    • No private endpoint URLs
    • No additional suffixes

    Also verify that the index name matches exactly

    6. Recreate the connection in Foundry

    After making any network/DNS changes:

    • Delete the existing Azure AI Search connection
    • Recreate it

    This is important because connection metadata (including DNS resolution) may be cached.

    7. Validate authentication and RBAC

    Once DNS and connectivity are confirmed:

    Use Microsoft Entra ID authentication in the connection

    Assign the following roles to the Foundry project’s managed identity:

    • Search Index Data Contributor
    • Search Service Contributor (if required)

    At this point, the behavior strongly indicates a DNS resolution problem, most likely caused by Private Endpoint or DNS configuration still directing traffic to a private IP.

    Once the service resolves to a public IP and outbound connectivity is allowed, the Foundry agent should be able to connect successfully.

    Connect an Azure AI Search index to Foundry agents (troubleshooting table): https://learn.microsoft.com/azure/foundry/agents/how-to/tools/ai-search#troubleshooting

    AI Search Readiness overview: https://supportability.visualstudio.com/AzureDev/_wiki/wikis/AzureDev/1494270/[SB]_Azure_Search/Training/AI_Search_Readiness

    I Hope this helps. Do let me know if you have any further queries.

    Thank you!

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.