Unable to access secrets in key vault - "The connection to data plane failed"

Kav 36 Reputation points
2023-12-10T06:20:50.9466667+00:00

Hello,

I created a new key vault and when trying to view/manage secrets I get the error across the top of the page saying:

"The connection to data plane failed. Please refresh and try again. If Private Links are enabled on the vault and the issue persists please follow the steps in the following link https://go.microsoft.com/fwlink/?linkid=2156688"

I have 'Key Vault Administrator' access over the vault

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,451 questions
{count} votes

4 answers

Sort by: Most helpful
  1. TP 125.8K Reputation points Volunteer Moderator
    2023-12-29T00:12:53.9866667+00:00

    Hi Kav,

    From one of your comments above it appears you are getting 5xx error from Key Vault, which would need to be fixed by support (by creating new support request in portal), or perhaps if you didn't need the contents of the vault you could create a new one.

    Please open Cloud Shell, run command similar to below, and post output in a comment. Output will hopefully give us better idea of the error you are getting as well as a potential clue of cause, etc.

    Get-AzKeyVaultSecret -VaultName yourKeyVaultName -Debug
    

    Do you remember last change that was made before it started returning an error? For example, a new secret was created, and then after that it was broken? Are there any characters in any of the secret names besides a-z 0-9?

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    2 people found this answer helpful.

  2. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2023-12-27T11:01:17.5366667+00:00

    Hi @Kav
    Thank you for posting your query on Q&A I apologize for the delayed response!

    I Understand that when you trying to view/manage secrets you are getting the following error message.

    The connection to data plane failed. Please refresh and try again. If Private Links are enabled on the vault and the issue persists please follow the steps in the following link https://go.microsoft.com/fwlink/?linkid=2156688"

    The error message states that there is a problem with network connection between Azure key vault and client it could be following reasons.

    • A Firewall rule is blocking traffic to the Azure Key Vault. Check your firewall rules to make sure that traffic to the Azure Key Vault is not being blocked.
    • A connectivity issue between your client and the Azure Key Vault. Check the connectivity between your client and the Azure Key Vault.
    • Ensure that you are using the correct subscription and resource group for the Azure Key Vault and Azure Key Vault is not in a deleted state.
    • Make sure that your Private Link is correct configured. More details please go through the below documents. Diagnose private links configuration issues on Azure Key Vault
      Azure Private Link Troubleshooting Guide

    If your Private Link is correctly configured or if you aren't using a Private Link or If you aren't experiencing any connectivity issues the error message might also be cause by a Tenant Mismatch if you recently deployed your Key Vault to a subscription that contains a different Tenant ID, or the subscription that owned the KV was moved to a different Tenant.

    For More Info - The connection to Data Plane Failed
    To resolve a potential Tenant Mismatch issue, you can update your Key Vault's Tenant ID. For more info - Moving an Azure Key Vault to another subscription.
    I hope this Answer helps!

    Thanks,
    Akhilesh.

    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.


  3. Duray Akar 11 Reputation points
    2024-03-12T12:06:30.55+00:00

    Please make sure that the key vault data plane is in the same tenant(directory) as the tenant(directory) you are in.

    In the key vault overview pane, you will see the "Directory ID" of the key vault data plane.

    When you click on your name at the top right corner, you will see a link to "change directory". Make sure that the directory you see in the key vault overview pane is selected.

    If you don't see the directory, then you do not have access to the data plane of the key vault.

    Note that you can manage the key vault if you have RBAC permissions and you are in a different directory, but you cannot access the data (keys, secrets, certificates) if you are not in the same directory as the key vault.

    Hope this helps...

    0 comments No comments

  4. Jerrill Johnson 0 Reputation points
    2024-07-16T17:08:53.2733333+00:00

    I had this issue and had forgotten to remove an entry in my hosts file that pointed the keyvault URL to 127.0.0.1 that I had added to simulate client failures the week before. Hope this saves someone a minute in the future.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.