Azure Sql database export to Azure blob storage failed

Question

I tried to export an azure Sql database to an azure blob storage via the Azuer portal and got an error:

Error encountered during the service operation. ; 
Exception Microsoft.SqlServer.Management.Dac.Services.ServiceException:Unexpected exception encountered while retrieving metadata for blob https://<blobstoragename>.blob.core.windows.net/databases/<databaseName>_12.10.2020-11:13:24.bacpac;.; Inner exception Microsoft.WindowsAzure.Storage.StorageException:The remote server returned an error: (403) Forbidden.;
Inner exception System.Net.WebException:The remote server returned an error: (403) Forbidden.

In the blob storage account's firewall settings all networks access is denied. It's only possible to connect for selected networks and I activated the option "Allow trusted Microsoft services to access this storage account". The Sql Server and the storage have an private endpoint connection to the same network.

I setup an vm in the same network which was able to access the blob storage.

Is it possible to export a sql database to the azure storage when the public network access is denied? If yes, which setting am I missing?

Answer 1

According to my research, when exporting a SQL database to the azure storage, the Azure Storage account behind a firewall is currently not supported. For more details, please refer to here. Besides, you can vote up the feedback to make Microsoft improve the features.

Answer 2

Is it possible to export a sql database to the azure storage when the public network access is denied?

Yes, it's impossible. But it will limit the access according the IP address.

If we only set the Storage firewall settings: Allow access from Selected network and Allow trusted Microsoft services to access this storage account, we will get the 403 error when access the storage from Azure SQL database.

The thing you missed is that when we set Allow access from Selected network, the Storage firewall will be more like Azure SQL database firewall settings! We can see there is an client IP in Firewall setting. We must add the client IP to the firewall then Azure SQL database could access it.