synapse private endpoints created on an unknown azure tenant - no access error

MrFlinstone 646 Reputation points
2024-04-15T18:33:23.9566667+00:00

When creating managed private endpoints within Synapse analytics onto SQL server, what I have found is that when the managed private endpoints are created and need to be approved from within the Azure SQL server database, the endpoints are created on an Azure tenant/subscription that is unknown and I wonder if this is an Internal azure backend, and if so if further light can be shed on the matter.

Ibn this case, the SQL server does not have public access and all traffic are routed via private endpoints

SQL server >> Networking >> Private Access

Then select the approved synapse private endpoint. Get the no access page below.

User's image

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,178 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Seth Randall 0 Reputation points
    2025-02-04T17:03:45.7966667+00:00

    This is a Microsoft Tenant used for Managed Resources

    From https://www.jlaundry.nz/2024/overview_of_azure_managed_vnets/:

    • When you try to click on a Private Endpoint in the Azure Portal, and you get a 401 No access error with the message "The access token is from the wrong issuer 'https://sts.windows.net/.../'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription.", this is a Managed Private Endpoint. 33e01921-4d64-4f8c-a055-5bdaffd5e33d is the Tenant ID associated with Azure managed infrastructure (MSAzureCloud.onmicrosoft.com).
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.