Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 11, 2019 5:29 PM
instead of
name.xxxxxxxxxxxxxxxx.database.windows.net
Is there some way to add a dns entry where it will respond to
name.domain.com ?
I tried a simple Cname already and get the
The connection was successfully established with the server but then an error occurred during the logon process . Target principal name is incorrect
Anyone have a remedy for this?
Chaos causes progress, Order inhibits it.
All replies (7)
Friday, December 13, 2019 6:19 PM âś…Answered
Hi Goofoff,
This additional information would have been helpful. You can achieve this through the following:
Can a managed instance have the same name as on-premises SQL Server?
Managed instance must have a name that ends with database.windows.net. To use another DNS zone instead of the default, for example, mi-another-name.contoso.com:
- Use CliConfig to define an alias. The tool is just a registry settings wrapper, so it could be done using group policy or script as well.
- Use CNAME with TrustServerCertificate=true option.
Please let me know if you have any additional questions.
Regards,
Mike
Wednesday, December 11, 2019 6:25 PM
Goofoff,
You can set a custom DNS for a Managed Instance. Typically, you would set this up before you deploy the Managed Instance but there is the ability to do this post deployment but please be aware that all existing leases must expire before the change take affect:
Updating virtual network DNS servers won't affect Managed Instance immediately. Managed Instance DNS configuration is updated after the DHCP lease expires or after the platform upgarade, whichever occurs first. Users are advised to set their virtual network DNS configuration before creating their first Managed Instance.
Configuring a Custom DNS for Azure SQL Database Managed Instance
Please let me know if you have additional questions.
Regards,
Mike
Wednesday, December 11, 2019 6:47 PM
I had seen that article before but exactly how are you supposed to know what to alias?ip/name beforehand.
I have custom DNS servers setup on my vnets already.
That article was about allowing a managed instance to use custom dns servers. I didn't really get the feeling that it was about using a custom dns name FOR the managed instance itself.
This thing is brand new and if I need to destroy and remake it to get a custom name I would like to know how before I understand that considering it takes almost all day to deploy.
Wednesday, December 11, 2019 7:24 PM
Understood, Goofoff.
Did you want the name resolution for a public endpoint or a private endpoint? I have included the instructions for both below.
For Private DNS Zone: Quickstart: Create an Azure private DNS zone using the Azure portal
And for a Public DNS Zone: Quickstart: Create an Azure DNS zone and record using the Azure portal
The public zone instructions include setting up a custom name resolution with a 3rd party and having this resolve to your Azure hosted Managed Instance deployment.
~Mike
P.S. You shouldn't have to redeploy your Managed Instance, as all these steps pertain to the VNET and related networking detail but, do be aware that existing leases might be in place that are causing resolution issues.
Thursday, December 12, 2019 3:24 AM
Should Advise
Custom dns servers on my vnets are my internal Domain controllers which is hybrid back to on Prem through VPN.
I also have some separate public dns zones in azure, mainly for externally available app services.
This (and future) managed instances will need to be publicly available for external client connections. So I know turning on the public endpoint.
If I have to use an azure based dns system for this then so be it.
I just want to be able to use an alias for attaching to the managed instance because that target principal name issue is irritating.
ManagedInstance.internaldomainname.com and or external.
Saturday, December 14, 2019 4:43 PM
Thanks for the information, I will attempt this and get back with you next week.
Chaos causes progress, Order inhibits it.
Wednesday, April 1, 2020 12:32 PM
Are there more specific steps to this? I'm using an on-prem DNS to setup a CNAME for our SQL MI. I tried using SSMS to connect with the checkbox selected to Trust Server Certificate, but I'm still unable to login with the CNAME. Looks like this is supported, but no one has documented in detail how it is done. Thanks for any pointers you can offer. We will be moving Azure datacenters soon and want to be sure our CNAME is in place beforehand so we don't have as much config changes to make.