ADLS Gen2 failed for forbidden: Storage operation 'CreateFile' on container ' ' and path ' ' get failed with 'Operation returned an invalid status code 'Forbidden''

Mahasiva, Ravi (CSW) 60 Reputation points
2024-06-11T15:57:03.4033333+00:00

Hi team, getting the below error while running the adf job, could you please check.

ErrorCode=AdlsGen2ForbiddenError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=ADLS Gen2 failed for forbidden: Storage operation 'CreateFile' on container 'ewe' and path 'LOPS/2024/queue/HFE_OPS_2024_04_EWG_EWE_20240410.csv' get failed with 'Operation returned an invalid status code 'Forbidden''. Possible root causes: (1). It's possible because the service principal or managed identity don't have enough permission to access the data. (2). It's possible because the IP address of the self-hosted integration runtime machines are not allowed by your Azure Storage firewall settings. (3). If the self-hosted integration runtime use proxy server, it's possible because the IP address of the proxy server is not allowed by your Azure Storage firewall settings.. Account: 'adls'. FileSystem: 'ewe'. Path: 'LOPS/2024/queue/HFE_OPS_2024_04_EWG_EWE_20240410.csv'. ErrorCode: 'AuthorizationPermissionMismatch'. Message: 'This request is not authorized to perform this operation using this permission.'. RequestId: 'b9077dbd-801f-0019-7114-bcb110000000'. TimeStamp: 'Tue, 11 Jun 2024 15:33:28 GMT'..,Source=Microsoft.DataTransfer.ClientLibrary,''Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Operation returned an invalid status code 'Forbidden',Source=,''Type=Microsoft.Azure.Storage.Data.Models.ErrorSchemaException,Message=Operation returned an invalid status code 'Forbidden',Source=Microsoft.DataTransfer.ClientLibrary,'

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,161 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bhargava-MSFT 28,956 Reputation points Microsoft Employee
    2024-06-11T19:40:32.26+00:00

    Hello Mahasiva, Ravi (CSW),

    Can you try the below steps and see if it helps.

    • Check the permissions for the service principal or managed identity that is being used to access the data. Make sure that it has the necessary permissions to access the data in ADLS Gen2.
    • Check the Azure Storage firewall settings to ensure that the IP address of the self-hosted integration runtime machines is allowed. If it is not allowed, add the IP address to the firewall settings.
    • If the self-hosted integration runtime uses a proxy server, check the Azure Storage firewall settings to ensure that the IP address of the proxy server is allowed. If it is not allowed, add the IP address to the firewall settings.

    I hope this helps.

    0 comments No comments