Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,384 questions
synapse private endpoints created on an unknown azure tenant - no access error
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
481
Reputation points
When creating managed private endpoints within Synapse analytics onto SQL server, what I have found is that when the managed private endpoints are created and need to be approved from within the Azure SQL server database, the endpoints are created on an Azure tenant/subscription that is unknown and I wonder if this is an Internal azure backend, and if so if further light can be shed on the matter.
Ibn this case, the SQL server does not have public access and all traffic are routed via private endpoints
SQL server >> Networking >> Private Access
Then select the approved synapse private endpoint. Get the no access page below.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 48%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Harishga 3,425 Reputation points Microsoft Vendor2024-04-16T08:07:16.99+00:00 Hi @MrFlinstone
Welcome to Microsoft Q&A platform and thanks for posting your question here.
It is possible that the managed private endpoints are being created in a different subscription or tenant than the one being used by the Synapse workspace, which could result in the endpoints being created on an unknown Azure tenant/subscription. This can be resolved by verifying the subscription and tenant information before creating the endpoints and ensuring that the necessary permissions and access rights are in place to access the resource.
Regarding the question of whether this is an internal Azure backend, it is possible that the unknown Azure tenant/subscription is an internal Azure backend used for managing resources. Without more information, it is difficult to determine the exact nature of this backend.
In this case, the SQL server does not have public access and all traffic is routed via private endpoints, the approved Synapse private endpoint will result in a "no access" page when trying to access it if it is not approved from within the Azure SQL server database. To solve this issue, ensure that the private endpoint is approved from within the SQL server's Networking settings by selecting the approved Synapse private endpoint.
I hope this information helps you. Let me know if you have any further questions or concerns.
-
MrFlinstone 481 Reputation points
2024-04-16T08:12:01.6766667+00:00 Thank you for the information, the information that I have is what I have posted up. I guess it is up to Microsoft to confirm if the tenant/subscription is an internal one as its not clear from your answer if it is indeed an internal one or not.
-
Harishga 3,425 Reputation points Microsoft Vendor
2024-04-16T11:51:11.18+00:00 @MrFlinstone
We can say that the unknown Azure tenant/subscription that you are seeing is actually the subscription where the Managed Virtual Network associated with their Azure Synapse workspace is located based on the following.- When you create a managed private endpoint in Azure Synapse Analytics, it establishes a private link to an Azure resource, such as an Azure SQL database.
- The private endpoint is created in a Managed Virtual Network associated with your Azure Synapse workspace.
- The Managed Virtual Network associated with your Azure Synapse workspace is located in a specific Azure subscription.
- When you approve the managed private endpoint from within the Azure SQL server database, it creates a private endpoint connection in the Managed Virtual Network associated with your Azure Synapse workspace.
I hope this information helps you. Let me know if you have any further questions or concerns.
-
MrFlinstone 481 Reputation points
2024-04-16T12:09:25.3866667+00:00 In the case of the example above, whilst I agree with your explanation, the screenshot above is not one of our subscriptions hence why I ask if its a backend one within Azure ?
Sign in to comment