Purview scan on-prem sql database fails with 403

Question

I want to use Purview to scan MS SQL Server on-prem. For that reason, I installed an integration runtime on an onprem server. The SHIR is connected, and I ran the diagnostics tool and everything showed as green.

When I create a scan from Purview and run it, I am monitoring the logs on the SHIR server, and I get this error:

=The remote server returned an error: (403) Forbidden.,Source=Microsoft.DataTransfer.Execution.DataScanExecutor,StackTrace= at Microsoft.DataTransfer.Execution.DataScan.Retry.<DoAsync>d__1`1.MoveNext()

Any ideas?

Answer 1

@AH - Welcome to MS Q&A paltform.

It seems like you are facing an issue while scanning your on-premises SQL Server using Microsoft Purview. The error message you received indicates that the remote server returned a 403 Forbidden error. This error usually occurs when the user or service principal used to authenticate the scan does not have sufficient permissions to access the SQL Server.

To resolve this issue, you need to ensure that the userl used to authenticate the scan has the necessary permissions to access the SQL Server.

There are two authentication methods supported for SQL server on-premises:

• SQL Authentication
• Windows Authentication - Not supported by a Kubernetes SHIR.

If SQL Authentication is applied, ensure the SQL Server deployment is configured to allow SQL Server and Windows Authentication.

Additionally, you can also check the following:

• Ensure that the firewall rules on the SQL Server are configured to allow traffic from the IP address of the integration runtime.
• Check if the SQL Server is configured to use SQL authentication. If yes, then ensure that the password for the SQL login is stored in the key vault and is accessible to the integration runtime.
• Verify that the integration runtime is running and connected to the on-premises SQL Server.

If you have followed all the above steps and still face the issue, then it might be a good idea to check the logs on the SQL Server to see if there are any errors or warnings that might help identify the issue.

For more details, refer to Connect to and manage an on-premises SQL server instance in Microsoft Purview

Hope this helps. Do let us know if you any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 2

@AH - I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .

Ask: Purview scan on-prem sql database fails with 403

Solution: The issue is resolved. The issue was that the storage account managed under Purview to store the data assets didn't accept connections from public network. I had to configure the windows server to resolve the blob urls to private endpoint IPs and this solved the issue.

If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.

---

Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.