Problem type: "Access denied for user ... (using password: YES)" error. Select Application and Configuration Issues. Problem subtype: Select Application crashing.

Azure Support Ticket: Summary of Issue

Subject: Node.js App Service Fails to Connect to MySQL Flexible Server with "Access Denied" Error Despite Correct Credentials

1. Summary of the Issue:

We have a Node.js application deployed to an Azure App Service that is consistently failing to connect to an Azure MySQL Flexible Server. The application starts successfully, but any attempt to query the database results in a fatal ER_ACCESS_DENIED_ERROR.

The core of the problem is a logical contradiction:

The application logs clearly and consistently show an "Access denied for user ... (using password: YES)" error.

We have manually, and repeatedly, verified in the Azure Portal that the application's configuration settings (specifically DB_HOST, DB_USER, and DB_PASSWORD) are 100% correct and synchronized with the database user's credentials.

This indicates a potential issue with how the App Service platform is passing the environment variables to the running container, or a more subtle networking/SSL issue that is incorrectly presenting as a password failure.

3. Summary of Troubleshooting Steps Performed:

We have exhaustively performed the following diagnostic and troubleshooting steps:

Deployment Method: We have used both git push and the recommended az webapp deploy --type zip methods. The ZIP deployment successfully builds and starts the application, but the runtime error persists.

Application Logging: We have enabled container logging (SCM_DO_BUILD_DURING_DEPLOYMENT=true) and added detailed diagnostic messages to the server.js file. The logs confirm the application starts but crashes on the first database query.

Credential Verification:

We have reset the database password multiple times.

We have manually verified the DB_PASSWORD in the App Service configuration settings in the Azure Portal to ensure it is an exact match.

We created a brand new, clean database user (app_user) to rule out any corruption with the original brecadmin user. The error persists with the new user.

Firewall Configuration: We have confirmed that the MySQL server's firewall is configured to "Allow public access from any Azure service within Azure to this server."

SSL/TLS Configuration: We have tested multiple SSL configurations in the Node.js connection code, from the most strict (requiring a specific certificate) to the most basic (ssl: { rejectUnauthorized: true }). The "Access Denied" error persists in all cases.

"Always On": The "Always On" feature for the App Service has been enabled.

4. Final Log Output:

The most recent application log shows the following definitive error when a login is attempted, proving that the application code is running but the database connection is failing:

[LOGIN_FATAL_ERROR] Unexpected error: Error: Access denied for user 'app_user@brec-mysql-db-prod-yourinitials123'@'52.151.50.149' (using password: YES)     at PromisePool.execute (/node_modules/mysql2/lib/promise/pool.js:54:22)     at /home/site/wwwroot/server.js:73:33     ... (stack trace continues)

Request:

Please investigate why the App Service container for brec-virtual-office-yourinitials123 is failing to authenticate with the MySQL server brec-mysql-db-prod-yourinitials123, even though the credentials in the App Service configuration have been manually verified as correct.

**3. Summary of Troubleshooting Steps Performed:**We have exhaustively performed the following diagnostic and troubleshooting steps:Deployment Method: We have used both git push and the recommended az webapp deploy --type zip methods. The ZIP deployment successfully builds and starts the application, but the runtime error persists.Application Logging: We have enabled container logging (SCM_DO_BUILD_DURING_DEPLOYMENT=true) and added detailed diagnostic messages to the server.js file. The logs confirm the application starts but crashes on the first database query.Credential Verification:We have reset the database password multiple times.We have manually verified the DB_PASSWORD in the App Service configuration settings in the Azure Portal to ensure it is an exact match.We created a brand new, clean database user (app_user) to rule out any corruption with the original brecadmin user. The error persists with the new user.Firewall Configuration: We have confirmed that the MySQL server's firewall is configured to "Allow public access from any Azure service within Azure to this server."SSL/TLS Configuration: We have tested multiple SSL configurations in the Node.js connection code, from the most strict (requiring a specific certificate) to the most basic (ssl: { rejectUnauthorized: true }). The "Access Denied" error persists in all cases."Always On": The "Always On" feature for the App Service has been enabled.**4. Final Log Output:**The most recent application log shows the following definitive error when a login is attempted, proving that the application code is running but the database connection is failing:[LOGIN_FATAL_ERROR] Unexpected error: Error: Access denied for user 'app_user@brec-mysql-db-prod-yourinitials123'@'52.151.50.149' (using password: YES)    at PromisePool.execute (/node_modules/mysql2/lib/promise/pool.js:54:22)    at /home/site/wwwroot/server.js:73:33    ... (stack trace continues)
Request:Please investigate why the App Service container for brec-virtual-office-yourinitials123 is failing to authenticate with the MySQL server brec-mysql-db-prod-yourinitials123, even though the credentials in the App Service configuration have been manually verified as correct.