I'm trying to access an Azure Key Vault from my on-premises RHEL server using a private endpoint, but I'm running into a roadblock. I've created a bash script that authenticates with a service principal, retrieves a key, and performs some operations, which runs smoothly in Azure Cloud Shell. However, when I execute the same script from my on-prem server, I get a 'Connection reset by peer' error during the login phase. I'm wondering if this issue could be related to certificate or TLS version discrepancies on my server. How can I verify that, and if it is the case, what steps should I take to resolve this? Any help would be greatly appreciated!
5 Answers
Have you tried running an nslookup to see if it resolves the private IP correctly? Just to confirm your server can reach the Azure services.
Just a quick update: I've implemented firewall rules, but I'm still facing the same connection error. This might take some more troubleshooting.
Make sure your on-premises server can navigate through the entire TLS cert chain. I usually run a curl -v command against the DNS names to see if it gets stuck anywhere.
Remember to check your Key Vault's private endpoint settings too. Sometimes the Network Security Group (NSG) might allow connections from one source but not another.
Have you tried using curl with the -vv flag from your RHEL box? It can give you more detailed error messages about what's going on.
Yes, the nslookup resolves correctly. I believe the issue is with our firewall settings; they haven't allowed access to *.login.microsoftonline.net. I'm checking that first before diving deeper.