Tag Archives: Azure SQL

Azure SQL Virtual Networks Endpoint

When creating an Azure SQL environment you will get a public IP address where you have to connect to. You can secure this using a Network Security Group (NSG), but a lot of customer are not too happy with this, and they want to access Azure SQL via the Virtual Network. When you have a Site-to-Site VPN connection between your on-premises environment and Microsoft Azure, you should be able to connect to Azure SQL this way.

Microsoft is aware of this is start now offering Azure SQL VNET Endpoints (as of October 2017 in Public Preview), which makes it possible to connect to Azure SQL via your Virtual Network infrastructure.


Note. This feature can only be used in Azure Resource Manager (ARM) Virtual Networks. ‘Classic’ Virtual Networks cannot be used.

More information regarding this feature can be found in the “Use Virtual Network service endpoints and rules for Azure SQL Database” article on https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview

Recovery Vault cannot be deleted

During a demo I created a Recovery Vault in Azure, and in Azure SQL I created a long-term retention policy. After the demo I deleted the Azure SQL instance and tried to remove the Recovery Vault. No luck, and I got the following error message:

Vault ‘databasebackupvault’ cannot be deleted as there are existing resources within the vault. Please delete any replicated items, registered servers, Hyper-V sites (Used for Site Recovery), policy associations for System Center VMM clouds (Used for Site Recovery) and then delete the vault.


After removing the backup items from the Recovery Vault I tried to remove the Recovery Vault again (the Vault was really empty), but still no luck. Waiting over the weekend didn’t solve it either, there was nothing in the Recovery Vault, but still no deletion.


Also Azure PowerShell was not willing to remove the Recovery Vault:


It turns out that the long-term retention from Azure SQL was still in the Recovery Vault, and you cannot see this anywhere. The only way to check this, and remove this is by using Azure PowerShell using the following script:

$RecoveryVault = Get-AzureRmRecoveryServicesVault
Set-AzureRmRecoveryServicesVaultContext -Vault $RecoveryVault

$Containers = Get-AzureRmRecoveryServicesBackupContainer -ContainerType AzureSQL -FriendlyName $RecoveryVault.Name
ForEach ($Container in $Containers) {
  $Items = Get-AzureRmRecoveryServicesBackupItem -container $Container -WorkloadType AzureSQLDatabase
  ForEach ($Item in $Items) {
    Disable-AzureRmRecoveryServicesBackupProtection -item $Item -RemoveRecoveryPoints -ea SilentlyContinue
  Unregister-AzureRmRecoveryServicesBackupContainer -Container $container
Remove-AzureRmRecoveryServicesVault -Vault $RecoveryVault

When running this script you get a warning message if you really want to remove this, and if yes the Recovery Vault is finally removed.