I have an issue with my Azure AI Search setup. I’m using it with a web application so I configured the following:
Set up a virtual network with two separate subnets (one for the search service, another for the web app)
Added a private endpoint to connect AI Search with the web app
Limited network access on AI Search to specific IP addresses including mine
The web app works great and can connect to the search service without problems. But now I can’t use the Azure Portal to view my search indexes, indexers, or the search explorer tool. Same issue happens when I try connecting from my development machine even though my IP is whitelisted.
I keep getting this error:
{"message":"Failed to fetch","stack":"TypeError: Failed to fetch\n at https://portal.azure.com/Content/Dynamic/XyZ9hajqVig.js:115:28094","isError":true}
Is there a way to maintain security for my search service while still allowing access through the Azure Portal and my local development environment? I tried switching back to public access but that didn’t fix it either. It seems like I need to remove the private endpoint completely which isn’t what I want.
Classic Azure networking headache. The portal can’t talk to your search service because your private endpoint is blocking Microsoft’s backend infrastructure.
Here’s the fix: keep your private endpoint for the web app, but let Azure services bypass the restrictions. Go to your AI Search network settings and enable “Allow access from Azure portal” and “Allow access from Azure services”.
Also check your firewall rules - you need the full range of Azure datacenter IPs for your region, not just your local IP. The portal connects from different Azure backend services.
Honestly, managing all these networking rules gets messy fast. I’ve started automating these setups and it saves tons of troubleshooting time.
For complex Azure configs like this, I use Latenode to create workflows that handle the networking setup, test connections, and monitor for access issues. It automatically adjusts firewall rules and validates that both your app and portal connect properly.
It’s a private endpoint DNS issue. When you set up private endpoints, they create DNS overrides that mess with portal access even if you’ve whitelisted IPs. Had this same problem last month.
Check your private DNS zone setup first. Your privatelink.search.windows.net zone should only have entries for your specific subnet - not a wildcard catching all traffic. Also look at conditional access policies and NSGs that might be blocking connections.
The portal uses random source IPs that change frequently, which makes whitelisting tricky. What worked for me: create a separate public endpoint just for management while keeping the private endpoint for app traffic. Lock down the public endpoint to your dev IPs and Azure service tags for portal access.
Try clearing browser cache and testing in incognito too. Portal sometimes caches stale DNS after network changes.
ya, seems like the portal cant reach your svc. maybe try adding a management endpoint? or just turn off firewalls to see if it helps. also, check if a browser plugin is messin with you!