Overview
In rare instances, a client may be presented with an error saying they "Can not reach this page". This is about the vClient provisioner URL being unable to connect.
Table of Contents:
Behavior
DNS Resolution Failing to Service Account.
Error message:
You are getting 'This site cannot be reached' / 'can't reach this page' on attempting to upload your data or download a report
See the following article -
Error: The remote name could not be resolved
or
vConnect is not available or a communication error has happened
The remote name could not be resolved: 'valixxstrg.blob.core.windows.net'
Explanation
Private Links enable the creation of endpoints within Azure that facilitate internal-only traffic, ensuring it traverses the Microsoft network instead of the public internet.
We use Private Links as a matter of course within our infrastructure including in the Storage Account configuration that we have (as of release 21.39.0 for Storage Accounts) and as these are set on an SA level, rather than a Container/blob level, the outcome is as we have seen with respect of CNAME resolution. The CNAME resolution is a feature of Microsoft’s design which we consume.
You may find that this issue occurs when connected to a VPN as Private Link DNS records are intercepted when connected to your VPN and using your internal DNS server. Private Link traffic may be routed over a separate connection (keeping your connections internal).
We use Storage Accounts for different use cases and containers/blob storage, both internal and external with different access rules. If the full chain of DNS responses cannot be resolved to one of our Service Account object stores in Azure, then you may be experiencing this issue.
This issue would affect any other services that are consumed that use Private Links.
Troubleshooting
Firstly check that the appropriate URL has been whitelisted.
Error: The remote name can not be resolved
We advise that if you have an IT Support team they enter the nslookup command to check if the full chain of DNS responses is being resolved to the corresponding blob storage for your region:
- UK - nslookup valiukstrg.blob.core.windows.net
- US - nslookup valiusstrg.blob.core.windows.net
- CA - nslookup valicastrg.blob.core.windows.net
- AU- nslookup valiaustrg.blob.core.windows.net
Windows DNS Resolution
If your Domain Name Server isn't resolving the address then it may be that your DNS Resolver configuration is attempting to resolve every *.windows.net address to your managed DNS servers.
For our services (and other public services that use the same DNS space) to be resolvable when clients use your DNS resolvers, you must ensure that you aren't trying to resolve to a non-existent destination.
The address won't resolve correctly for any services that aren't configured within your setup (or Azure tenant).
How to Fix
To resolve this issue please set up a conditional forward to other DNS resolvers within the configuration of your DNS system, pointing to our service name (e.g. valiukstrg.blob.core.windows.net) so that your Internal DNS servers don’t intercept the response.