Cannot connect to Azure Database for MySQL Flexible Server from Cloud Shell.

Question

Cannot connect to Azure Database for MySQL Flexible Server from Cloud Shell.

abdul shakoor 0

I am unable to connect to my Azure Database for MySQL Flexible Server, and I need help troubleshooting a persistent network connectivity issue.

Problem Description

I am trying to connect to my Azure Database for MySQL Flexible Server with the hostname sumradb.mysql.database.azure.com from a PHP application running on a server with the IP address 20.198.197.154.

The connection from my PHP application fails with the following error: Failed to connect to database: SQLSTATE[HY000] [1045] Access denied for user 'sumradb@sumradb'@'20.198.197.154' (using password: YES)

To fix this, I have attempted to connect from the Azure Cloud Shell, but I am now facing a new error at the network level. The command and the error message are as follows:

Command:

az mysql flexible-server connect --admin-user sumradb --name sumradb.mysql.database.azure.com

Error:

Failed connection to sumradb.mysql.database.azure.com. Check error and validate firewall and public access or virtual network settings. Unable to connect to flexible server: (2003, "Can't connect to MySQL server... errno 2 Name or service not known")

Troubleshooting Steps I Have Taken

Firewall Rules: I have verified that the firewall rules in the Azure portal on the Networking page for my sumradb server are configured to allow my application's IP address (20.198.197.154).

Azure Services Access: The option "Allow public access from any Azure service within Azure to this server" is also enabled.

Server Status: I have confirmed that the database server's status in the Azure portal is Ready.

Authentication: I have also tried to create a new user via MySQL Workbench using the GRANT command, but I am receiving a Error Code: 1410. You are not allowed to create a user with GRANT error, suggesting a privilege issue with my admin account itself.

Despite these steps, the Cloud Shell cannot resolve the server's name, which is preventing me from creating a new user to resolve the initial Access denied error.

My Question

Why is the Cloud Shell unable to resolve the hostname of my Flexible Server, and what is causing the Name or service not known error, given that my networking settings are correct?

Manoj Kumar Boyini 330 Reputation points Microsoft External Staff Moderator

2025-10-15T10:32:15.4833333+00:00

Hi abdul shakoor,

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.

Thanks,
Manoj
Manoj Kumar Boyini 330 Reputation points Microsoft External Staff Moderator

2025-10-16T07:09:42.8133333+00:00
Hi abdul shakoor,

Thanks for sharing all the details — that really helps understand what’s going on.

From what you have described, there are actually two separate problems here: one with the Cloud Shell connection and another with the database login from your PHP app.

Cloud Shell connection issue

The error “Name or service not known” usually means Cloud Shell can’t resolve the server name.
This happens when your MySQL Flexible Server is using Private access (VNet Integration).

Since Cloud Shell runs in Microsoft’s managed network, it doesn’t have access to private endpoints inside your VNet.

You can check this in the Azure portal under:
Azure Database for MySQL → Networking → Connectivity method

If it’s set to Private access, Cloud Shell won’t be able to connect.
You can either:

Switch the server to Public access (allowed), or

Connect from a VM or Bastion host inside the same VNet.

Azure CLI command syntax

In your command, you used the full hostname (sumradb.mysql.database.azure.com) in the --name field.
That’s what’s causing the DNS issue.

The CLI automatically adds .mysql.database.azure.com, so when you type the full FQDN, it duplicates it and becomes invalid.

Try this instead:

az mysql flexible-server connect --admin-user sumradb --name sumradb

Access denied from PHP

This error means the server is reachable, but the authentication is failing.
It’s separate from the Cloud Shell issue.

Please check:

You’re using the right username format: sumradb@sumradb

The password is correct and matches what’s set in the portal

If you want to create another user for your app:

CREATE USER 'appuser'@'%' IDENTIFIED BY 'StrongPassword!'; GRANT ALL PRIVILEGES ON your_database.* TO 'appuser'@'%'; FLUSH PRIVILEGES;

The admin account in Flexible Server doesn’t have full SUPER privileges, so you’ll get an error if you try to use WITH GRANT OPTION.

Cloud Shell connection issue is likely happening because the MySQL Flexible Server is set to private access or because the full server name (FQDN) was used in the command. Cloud Shell can’t reach servers on private networks, and using the full hostname causes a DNS error since the CLI automatically appends “.mysql.database.azure.com.” To fix this, try connecting with --name sumradb or connect from a virtual machine within the same VNet.

The “Access denied” error from your PHP application is a separate issue related to authentication. It usually means the username or password is incorrect, or the user mapping isn’t properly set up. Make sure you’re using the correct credentials (sumradb@sumradb) and, if needed, create a new user with proper privileges to allow the application to connect successfully.

Do let us know if you have questions and queries.

Thanks,
Manoj
Manoj Kumar Boyini 330 Reputation points Microsoft External Staff Moderator

2025-10-23T19:11:55.76+00:00

Hi abdul shakoor,

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.

Thanks,
Manoj

1 answer

Your answer

Manoj Kumar Boyini 330 Reputation points Microsoft External Staff Moderator

2025-10-15T10:32:15.4833333+00:00

Hi abdul shakoor,

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.

Thanks,
Manoj
Manoj Kumar Boyini 330 Reputation points Microsoft External Staff Moderator

2025-10-23T19:11:55.76+00:00

Hi abdul shakoor,

I hope you had a chance to review the information shared earlier, and I hope this information has been helpful! If you still have questions, please let us know what is needed in the comments so the question can be answered.

Thanks,
Manoj

Answer 1

Hello @abdul shakoor !

This issue is not related to firewall rules or MySQL authentication. What you’re seeing is a DNS resolution failure. In other words, Cloud Shell cannot translate sumradb.mysql.database.azure.com into an IP address.

The key detail is that the --name parameter in az mysql flexible-server connect expects only the server name, not the full FQDN. Example for a correct command:

az mysql flexible-server connect --admin-user sumradb --name sumradb

When you pass the full FQDN, the CLI appends .mysql.database.azure.com again, producing an invalid hostname that DNS cannot resolve.

If your Flexible Server is configured with private access only (inside a VNet), Cloud Shell (which runs in a Microsoft-managed VNet) will never be able to reach it. In that case, you have two options:

Enable public access on the Flexible Server:
- Go to the Azure portal → Networking → confirm that Public access (allowed) is selected.
- If it’s set to Private access (VNet Integration), Cloud Shell cannot connect. You’ll need a VM in the same VNet.
Use a Bastion host or jumpbox VM inside the VNet to connect.

On your PHP app: Access denied for user

This is a MySQL authentication problem, separate from the DNS issue. The error:

Access denied for user 'sumradb@sumradb'@'20.198.197.154'

This indicates that the server is reachable, but either the password is incorrect or the user mapping is invalid. To resolve this, you can try:

Double-check that you’re using the admin password you set when creating the server.
If you’ve reset the password in the portal, make sure your PHP app is updated with the new one.

Regarding the GRANT error (1410):

Flexible Server’s admin account is not a full MySQL SUPER user. It has elevated privileges but cannot use WITH GRANT OPTION. To create application users, use:

CREATE USER 'appuser'@'%' IDENTIFIED BY 'StrongPassword!';
GRANT ALL PRIVILEGES ON *.* TO 'appuser'@'%';

I hope this helps!

Tony Dinh (WICLOUD CORPORATION) 3,585 Reputation points Microsoft External Staff

2025-10-22T03:16:24.9933333+00:00

Hello @abdul shakoor !

Haven't heard you from for a while! I hope everything has worked as expected. If you still need any help, feel free to ping back anytime so I can help you!

If you find my answer is useful, please kindly mark this as final answer!

Thank you!

Share via

Cannot connect to Azure Database for MySQL Flexible Server from Cloud Shell.

Problem Description

Error:

My Question

1 answer

Your answer