Azure Cosmos DB
An Azure NoSQL database service for app development.
My cosmosDB network settings are stuck on Updating since a week. Means we cannot update from public to IP-limited access.
Simon Grund Sørensen
0
Reputation points
My cosmosDB network settings are stuck on Updating since a week. Means we cannot update from public to IP-limited access.
Azure Cosmos DB
{count} votes
-
Manoj Kumar Boyini 930 Reputation points Microsoft External Staff Moderator
2025-11-17T16:47:08.86+00:00 Thank you for reaching out to Microsoft QA.
What exact change did you attempt to make?When did you first try the update, and when did it get stuck?
Have you tried reverting or reapplying the change?
Are there multiple regions configured for the Cosmos DB account?
Do you have any Private Endpoints or VNet configurations?
Have you added the correct IP ranges or subnets for your client IP or Azure portal?
Are there any Azure Policies that could block this update?
Are there any ongoing operations (like scaling or failover) on the Cosmos DB account?
Can you access the Cosmos DB account, and is it functioning correctly?
Have you tried using the Azure CLI or PowerShell to check the resource status?
-
Manoj Kumar Boyini 930 Reputation points Microsoft External Staff Moderator
2025-11-19T10:09:50.1733333+00:00 Just following up on my previous comment. Could you please provide the details I requested regarding the Cosmos DB issue. Specifically, the information about the changes you attempted, any ongoing operations, and network configurations will help us investigate further.
-
Simon Grund Sørensen 0 Reputation points
2025-11-19T10:15:15.1866667+00:00 I was removing the Norway East Read Region backup of the DB in "Replicate data globally"
-
Manoj Kumar Boyini 930 Reputation points Microsoft External Staff Moderator
2025-11-19T13:02:26.1+00:00 Check Azure Resource Health to see if there are any ongoing platform issues or maintenance tasks. Since you are removing the Norway East Read Region backup, ensure that operation is fully complete. You can look at the activity logs to see if it's still in progress or if there are any errors.
Make sure your IP ranges or subnet settings are correct. If you are using Private Endpoints, ensure that your firewall rules allow the necessary access. It might also be useful to check the current status or force the update using Azure CLI or PowerShell. For example, you can run:
az cosmosdb show --name <cosmos-db-name> --resource-group <resource-group-name>If the update is still stuck, try reapplying it by toggling the network settings in the Azure portal or using Azure CLI. Also, check if there are any other ongoing operations like scaling or failovers that might be preventing the update. If there are, just wait for them to complete before retrying.
Please let us know if you have any questions or concerns.
-
Simon Grund Sørensen 0 Reputation points
2025-11-20T12:36:51.36+00:00 Hi Manoj,
There are no Health issues reported and the Activity Log is empty. I use Public access, so no issue with IP ranges. In fact, I need to change this to a set of IP ranges, but am limited to do so by this never-ending update. Is there possibly a way to get a technician on call? Since I cannot update the security setting of the networking, I am facing trouble living up to my customers demands.
-
VRISHABHANATH PATIL 1,480 Reputation points Microsoft External Staff Moderator
2025-11-21T05:33:08.4166667+00:00 If your Cosmos DB account’s Networking settings are stuck on “Updating” and you’re trying to switch from Public access to Selected networks or IP-based access, here’s what you can do:
Check what’s holding it up
First, confirm the account’s current state. Use the Azure CLI to see if the provisioning state is still “Updating” and whether there are pending private endpoints or firewall rules:
az cosmosdb show -g <resourceGroup> -n <accountName> --query "properties.provisioningState"If it’s been stuck for more than an hour, something is blocking the update.
Common blockers to clear
- Pending Private Endpoint approvals: Go to Networking → Private endpoints in the portal and make sure none are stuck in “Pending.” Approve or reject them.
- Resource Locks: Check for any locks on the resource group or account and remove them.
- Provider registration: Re-register the Cosmos DB resource provider:
- Portal access toggle: Temporarily enable “Allow access from Azure portal” under Networking to help the update complete.
Apply changes in small steps
Instead of making multiple changes at once, update the settings in two steps using CLI:
Example: set IP rules
az cosmosdb update -g <resourceGroup> -n <accountName> \--set publicNetworkAccess=Enabled \--ip-range-filter "203.0.113.10,198.51.100.0/24"Then enable VNet filter if needed
az cosmosdb update -g <resourceGroup> -n <accountName> \--set isVirtualNetworkFilterEnabled=trueFor MongoDB vCore clusters, use az resource update with the correct API version.
Ref: -
https://learn.microsoft.com/en-us/azure/documentdb/how-to-scale-cluster?tabs=portal
https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#configure-an-ip-access-control-policy-by-using-the-azure-cli
https://learn.microsoft.com/en-us/azure/cosmos-db/security
https://learn.microsoft.com/en-us/samples/azure/azure-quickstart-templates/cosmosdb-private-endpoint/ -
Simon Grund Sørensen 0 Reputation points
2025-11-21T13:04:31.7566667+00:00 From the CLI I can see the error is on deleting the Norway East redundant copy:
{"documentEndpoint": "https://mentimove-db-norwayeast.documents.azure.com:443/", "failoverPriority": 1, "id": "mentimove-db-norwayeast", "isZoneRedundant": false, "locationName": "Norway East", "provisioningState": "DeletionFailed" }... I tried solving directly in the CLI:
az cosmosdb update \
-g <ressourceGroup> \
-n <accountName> \
--locations regionName="Sweden Central" failoverPriority=0 isZoneRedundant=false
But the CLI gets timeout before anything happens.
What more can I do from my part? I would like to repeat the wish to be set up with a technician as I believe this is an error too deep in the system for me to fix on our end.
-
Manoj Kumar Boyini 930 Reputation points Microsoft External Staff Moderator
2025-11-22T07:26:05.4266667+00:00 Thank you for your patience. Based on the details you have shared we have identified that the Norway East region removal process did not complete successfully and is stuck in a DeletionFailed state. Unfortunately, this prevents any other updates, such as switching to IP-based access from completing successfully.
When this happens the control plane operations are blocked which is why attempts to update the networking settings or make changes via the portal or CLI are timing out. This issue requires backend intervention to clear the failed region.
I tried reaching out to you on Teams, but it seems you were unavailable. I'm sharing the update here, and to assist further, I need some specific details. Since these contain sensitive information, please share them with me in a private message
Sign in to comment
Sign in to answer