Closed cat-mucius closed 6 months ago
@cat-mucius Thanks for your feedback! We will investigate and update as appropriate.
@cat-mucius Thank you for your feedback! I'd recommend working closer with our support team via an [Azure support request] (https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request). Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds. [Teams Q&A forum] (https://docs.microsoft.com/en-us/answers/topics/46488/office-teams-windows-itpro.html) for technical questions about the configuration and administration of Microsoft Teams on Windows. [Microsoft Teams Community forum] (https://answers.microsoft.com/en-us/msteams/forum?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&isFilterExpanded=false&page=1) Thank you for your time and patience throughout this issue.
If we enable the
Microsoft.CognitiveServices
Service Endpoint on a subnet of our Azure VNET, then TCP connectivity to https://speech.microsoft.com fails, noSYN-ACK
packets returned.What I saw is this:
This DNS name gets resolved to
20.93.196.39
.This very address is injected as a independent prefix
20.93.196.39/32
into the subnet's routing table - I can see it inEffective routes
of a virtual machine's NIC.The "Azure IP Ranges and Service Tags – Public Cloud" JSON file published by Microsoft also lists this prefix under the
CognitiveServicesManagement
section.If I detach the
Microsoft.CognitiveServices
Service Endpoint from the subnet, the site becomes reachable again.If it was some customer-specific resource, like
https://<mystorageaccount>.blob.core.windows.net
, I'd suspect our subnet simply isn't allowed on this resource's end. But https://speech.microsoft.com is a generic site, its name is not customer-specific, it doesn't make sense that our subnet should be explicitly allowed somewhere to reach it. If it is, it's seems as a bug.Can it be a Microsoft's routing problem?