Merge pull request #103605 from paulth1/troubleshoot-private-connectivity

edit pass: troubleshoot-private-connectivity

Author: ShawnJackson

articles/private-link/troubleshoot-private-endpoint-connectivity.md

@@ -17,92 +17,92 @@ ms.author: rdhillon
 
 ---
 
-# Troubleshoot Private Endpoint connectivity problems
+# Troubleshoot Azure Private Endpoint connectivity problems
 
-This guide provides step-by-step guidance to validate and diagnose your private endpoint connectivity setup. 
+This article provides step-by-step guidance to validate and diagnose your Azure Private Endpoint connectivity setup.
 
-Azure Private Endpoint is a network interface that connects you privately and securely to a Private Link service. This solution helps you secure your workloads in Azure by providing private connectivity to your Azure service resources from your virtual network. This effectively bringing those services to your virtual network. 
+Azure Private Endpoint is a network interface that connects you privately and securely to a private link service. This solution helps you secure your workloads in Azure by providing private connectivity to your Azure service resources from your virtual network. This solution effectively brings those services to your virtual network.
 
-Here are the connectivity scenarios that are available with Private Endpoints 
-- virtual network from the same region 
-- regionally peered virtual networks
-- globally peered virtual networks
-- customer on-premises over VPN or Express Route circuits
+Here are the connectivity scenarios that are available with Private Endpoint:
 
-## Diagnosing connectivity problems 
-Go over the steps listed below to make sure all the usual configurations are as expected to resolve connectivity problems with your private endpoint setup.
+- Virtual network from the same region
+- Regionally peered virtual networks
+- Globally peered virtual networks
+- Customer on-premises over VPN or Azure ExpressRoute circuits
 
-1. Review Private Endpoint configuration by browsing the resource 
+## Diagnose connectivity problems 
 
-    a) Go to **Private Link Center**
+Review these steps to make sure all the usual configurations are as expected to resolve connectivity problems with your private endpoint setup.
+
+1. Review Private Endpoint configuration by browsing the resource.
+
+    a. Go to **Private Link Center**.
 
       ![Private Link Center](./media/private-endpoint-tsg/private-link-center.png)
 
-    b) Select Private Endpoints from the left navigation pane
+    b. On the left pane, select **Private endpoints**.
 
-      ![Private Endpoints](./media/private-endpoint-tsg/private-endpoints.png)
+      ![Private endpoints](./media/private-endpoint-tsg/private-endpoints.png)
 
-    c) Filter and select the private endpoint that you want to diagnose
+    c. Filter and select the private endpoint that you want to diagnose.
 
-    d) Review the virtual network and DNS information
+    d. Review the virtual network and DNS information.
+     - Validate that the connection state is **Approved**.
+     - Make sure the VM has connectivity to the virtual network that hosts the private endpoints.
+     - Check that the FQDN information (copy) and Private IP address are assigned.
 
-     - Validate connection state is **Approved**
-     - Make sure the VM has connectivity to the VNet hosting the Private Endpoints
-     - FQDN information (copy) and Private IP address assigned
+       ![Virtual network and DNS configuration](./media/private-endpoint-tsg/vnet-dns-configuration.png)
 
-       ![VNet and DNS Configuration](./media/private-endpoint-tsg/vnet-dns-configuration.png)    
-    
-2. Use [**Azure Monitor**](https://docs.microsoft.com/azure/azure-monitor/overview) to review data is flowing
+1. Use [Azure Monitor](https://docs.microsoft.com/azure/azure-monitor/overview) to see if data is flowing.
 
-    a) On Private Endpoint resource, select **Monitor**
-     - Select data-in or data-out and review if the data is flowing when attempting to connect to the Private Endpoint. Expect a delay of approx. 10 mins.
+    a. On the private endpoint resource, select **Monitor**.
+     - Select **Data In** or **Data Out**. 
+     - See if data is flowing when you attempt to connect to the private endpoint. Expect a delay of approximately 10 minutes.
 
-       ![Verify Private Endpoint Telemetry](./media/private-endpoint-tsg/private-endpoint-monitor.png)
+       ![Verify private endpoint telemetry](./media/private-endpoint-tsg/private-endpoint-monitor.png)
 
-3. Use VM Connection Troubleshoot from **Network Watcher**
+1.  Use **VM Connection troubleshoot** from Azure Network Watcher.
 
-    a) Select the client VM
+    a. Select the client VM.
 
-    b) Select the **Connection troubleshoot** section, **Outbound connection** tab
+    b. Select **Connection troubleshoot**, and then select the **Outbound connections** tab.
 
       ![Network Watcher - Test outbound connections](./media/private-endpoint-tsg/network-watcher-outbound-connection.png)
 
-    c) Select **Use Network Watcher for detail connection tracing**
+    c. Select **Use Network Watcher for detailed connection tracing**.
 
       ![Network Watcher - Connection troubleshoot](./media/private-endpoint-tsg/network-watcher-connection-troubleshoot.png)
 
-    d) Select **Test by FQDN**
-     - Paste the FQDN from the Private Endpoint resource
-     - Provide a port (*typically 443 for Azure Storage or COSMOS, 1336 for Sql ...* )
+    d. Select **Test by FQDN**.
+     - Paste the FQDN from the private endpoint resource.
+     - Provide a port. Typically, use 443 for Azure Storage or Azure Cosmos DB and 1336 for SQL.
 
-    e) Click **Test** and validate the test results
+    e. Select **Test**, and validate the test results.
 
-      ![Network Watcher - test results](./media/private-endpoint-tsg/network-watcher-test-results.png)
+      ![Network Watcher - Test results](./media/private-endpoint-tsg/network-watcher-test-results.png)
 
 
-4. DNS resolution from the test results must have the same private IP address assigned to the Private Endpoint
-
-    a) If DNS settings are incorrect, do the following
-     - Using Private Zone: 
-       - Make sure client VM VNet is associated with the Private Zone
-       - Review Private DNS zone record exists, create if not existing
-    
-     - Using custom DNS:
-       - Review your customer DNS settings and validate DNS configuration is correct.
-       Refer to [Private Endpoint overview - DNS Configuration](https://docs.microsoft.com/azure/private-link/private-endpoint-overview#dns-configuration) for guidance.
-
-    b) If connectivity is failing because of NSG/UDRs
-     - Review NSG outbound rules and create appropriate outbound rules to allow traffic
+1. DNS resolution from the test results must have the same private IP address assigned to the private endpoint.
+
+    a. If the DNS settings are incorrect, follow these steps:
+     - If you use a private zone: 
+       - Make sure that the client VM virtual network is associated with the private zone.
+       - Check to see that the private DNS zone record exists. If it doesn't exist, create it.
+     - If you use custom DNS:
+       - Review your custom DNS settings, and validate that the DNS configuration is correct.
+       For guidance, see [Private endpoint overview: DNS configuration](https://docs.microsoft.com/azure/private-link/private-endpoint-overview#dns-configuration).
+
+    b. If connectivity is failing because of network security groups (NSGs) or user-defined routes:
+     - Review the NSG outbound rules, and create the appropriate outbound rules to allow traffic.
 
        ![NSG outbound rules](./media/private-endpoint-tsg/nsg-outbound-rules.png)
 
-5. If the connection has validated results, the connectivity issue might be related to other aspects like secrets, tokens, passwords at the application layer.
-   - In this case, review configuration of the Private Link resource associated with the private endpoint. Refer to [Private Link troubleshooting guide](troubleshoot-private-link-connectivity.md). 
+1. If the connection has validated results, the connectivity problem might be related to other aspects like secrets, tokens, and passwords at the application layer.
+   - In this case, review the configuration of the private link resource associated with the private endpoint. For more information, see the [Azure Private Link troubleshooting guide](troubleshoot-private-link-connectivity.md).
 
-6. Contact [Azure Support](https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview) team if your problem is still unresolved and connectivity problem still exists. 
+1. Contact the [Azure Support](https://ms.portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview) team if your problem is still unresolved and a connectivity problem still exists.
 
 ## Next steps
 
- * [Create a Private Endpoint on the updated subnet (Azure portal)](https://docs.microsoft.com/azure/private-link/create-private-endpoint-portal)
-
- * [Private Link troubleshooting guide](troubleshoot-private-link-connectivity.md)
+ * [Create a private endpoint on the updated subnet (Azure portal)](https://docs.microsoft.com/azure/private-link/create-private-endpoint-portal)
+ * [Azure Private Link troubleshooting guide](troubleshoot-private-link-connectivity.md)