Error AADSTS650052 when linking tableau and Azure Data Lake gen 2

Jake Courtright 0 Reputation points
2025-03-27T13:34:35.2733333+00:00

I am getting the below error when linking my tableau and Azure data lake gen2. I believe I have completed the app registration steps in Entra, and I do have an Entra ID P2 license assigned to my user, but it seems like I don't have it quite right. Can you help?

GET /auth/add_oauth_token?error=invalid_client&error_description=AADSTS650052%3a+The+app+is+trying+to+access+a+service+%27e9f49c6b-5ce5-44c8-925d-015017e9f7ad%27(Azure+Data+Lake)+that+your+organization+%27courtrightent.com%27+lacks+a+service+principal+for.+Contact+your+IT+Admin+to+review+the+configuration+of+your+service+subscriptions+or+consent+to+the+application+in+order+to+create+the+required+service+principal.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Raja Pothuraju 23,715 Reputation points Microsoft External Staff Moderator
    2025-03-28T14:23:37.9466667+00:00

    Hello @Jake Courtright,

    Based on the error message, it appears that when linking Tableau with Azure Data Lake Gen2, the system is searching for a service principal in your tenant. However, the error occurs because the required resource does not exist in your organization. To resolve this, please register the Azure Data Lake app (App ID: e9f49c6b-5ce5-44c8-925d-015017e9f7ad) in your tenant and grant the necessary permissions. Run the following PowerShell commands to create a new service principal for the first-party application:

    Install-Module Microsoft.Graph -Scope CurrentUser 
    #Accept the Untrusted Repository. Type Y to install from the Untrusted Repository 
    #Wait for the installation to finish 
    Connect-MgGraph -Scopes Directory.ReadWrite.All #Use Global Admin account 
    New-MgServicePrincipal -AppId "e9f49c6b-5ce5-44c8-925d-015017e9f7ad"
    

    Once you run the above commands, verify that the service principal was created successfully:

    1. Navigate to Microsoft Entra ID
    2. Go to Enterprise Applications
    3. Remove Application Type = Enterprise applications filter
    4. Search using the App ID (e9f49c6b-5ce5-44c8-925d-015017e9f7ad) or App Name (Azure Data Lake)

    User's image

    If you still encounter the same error, use the following admin consent URL to grant permissions:

    https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=e9f49c6b-5ce5-44c8-925d-015017e9f7ad (Replace {tenant-id} with your actual tenant ID)

    I hope this helps! Please let me know if you need further assistance, and we can take the troubleshooting offline if necessary.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.