Azure Data Factory - Azure SFTP storage account connectivity error: Failed to connect to Sftp server 'sftpstorage.blob.core.windows.net'. The connection was closed by the server:

Question

Azure Data Factory - Azure SFTP storage account connectivity error: Failed to connect to Sftp server 'sftpstorage.blob.core.windows.net'. The connection was closed by the server:

Jora Singh Randhawa 6

While trying to establish a connection (linked service) from Azure Data Factory to an SFTP storage account I get the mentioned error. My settings are "enabled from selected virtual networks and IP addresses" in the SFTP account. It works fine when i enable from all networks. I assume the problem is with the setting "public network access", cause the connection to WinSCP works fine. I also get an error when connecting to SFTP with cloud shell: ![![271009-image.png][1]][1] [1]: /api/attachments/271111-image.png?platform=QnA Does anyone know how to fix this?

2 answers

Your answer

Answer 1

Jora Singh Randhawa 6

Thanks for the help, I managed to connect to the sftp account by enabling managed private network on the default AutoResolveIntegrationRuntime when deploying ADF.
Then I created a managed private endpoint in ADF and approved the connection in the storage account (under networking/private endpoint connections).

Bhargava-MSFT 31,256 Reputation points Microsoft Employee Moderator

2022-12-20T15:05:34.627+00:00

Hi anonymous user,
Thank you for sharing the resolution via private endpoint connections. I converted your comment to an answer as it helps the community members who are looking for answers to similar questions.

Answer 2

Bhargava-MSFT 31,256 Microsoft Employee Moderator

Hello anonymous user,

Welcome to the MS Q&A platform.

The issue seems like your ADF is not in the same Vnet as the SFTP storage account. This is the reason for the error.

To resolve this, You can add the ADF in the same Vnet (or) white-list the data factory IP address. But ADF will keep on adding the IP addresses, so it's hard to track and add IP addresses.

The best approach is to add the same Vnet to ADF.

If you enable "enabled from selected virtual networks and IP addresses" and configured firewall(not using Vnet) then you can enable "Allow Azure services on the trusted services list to access this storage account." to access the SFTP storage account via ADF. Please see the below blog for more details.

https://techcommunity.microsoft.com/t5/azure-data-factory-blog/data-factory-is-now-a-trusted-service-in-azure-storage-and-azure/ba-p/964993

I hope this helps. Please let me know if you have any further questions.

Jora Singh Randhawa 6 Reputation points

2022-12-16T11:56:04.74+00:00

Hello @Bhargava-MSFT The "Allow Azure services on the trusted services ..." option was already checked. I even added the data factory contributor role and access to storage account based on system assigned mananged identity; ![271423-image.png][1] [1]: /api/attachments/271423-image.png?platform=QnA It gives me the same error message. The linked service in adf works fine on other storage accounts but not the SFTP option.
Bhargava-MSFT 31,256 Reputation points Microsoft Employee Moderator

2022-12-17T01:49:33.233+00:00

Hello anonymous user,

"Allow Azure services on the trusted services list to access this storage account." works only when you configured the firewall.
Since you have Vnet enabled, you need to add ADF into the same Vnet as the SFTP storage account or whitelist the data factory IP addresses.
I hope this helps. Please let me know if you have any further questions
Bhargava-MSFT 31,256 Reputation points Microsoft Employee Moderator

2022-12-19T14:15:06.057+00:00

Hello anonymous user,
I am checking to see if you got a chance to look into my above response.

Share via

Azure Data Factory - Azure SFTP storage account connectivity error: Failed to connect to Sftp server 'sftpstorage.blob.core.windows.net'. The connection was closed by the server:

2 answers

Your answer