ADF SFTP Linked Service Error code 9978: Access to sftp(configured on one of Azure VM) is not allowed on Azure integrate runtime.

Question

we are having issue while creating(test connection) SFTP linked service from ADF.

SFTP configured in one of Azure VM.

Error code 9978

Error: Access 'XXXXXXXX.corp.XXXXX.net' is not allowed on Azure integrate runtime.

please suggest

.

Answer 1

Hi @Pamidi, Venkateswarlu

Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

Error code 9978 Error: Access 'XXXXXXXX.corp.XXXXX.net' is not allowed on Azure integrate runtime.

The error message "Error code 9978: Access 'XXXXXXXX.corp.XXXXX.net' is not allowed on Azure integration runtime" indicates that your Azure Data Factory or another Azure service using an Azure Integration Runtime (AIR) is encountering permission issues when trying to connect to your SFTP server on "XXXXXXXX.corp.XXXXX.net".

Here are some troubleshooting steps that might help you in resolving your query:

Verify Azure Integration Runtime (AIR) Permissions:

• Whitelist the AIR IP Address:
  • Identify the IP Range: Since AIR IP addresses are dynamic, you need to whitelist a range of IP addresses. You can find the current Azure IP Ranges and Service Tags for Public Cloud in Microsoft’s documentation.
  • Whitelist the Range: Add the appropriate IP range for your region to your SFTP server’s firewall settings.
• Use Self-Hosted Integration Runtime (SHIR):
  • If whitelisting a range of IPs is not feasible, consider using a Self-Hosted Integration Runtime (SHIR). This allows you to install the integration runtime software on a VM within your own network, closer to your SFTP server.
  • This avoids the need to whitelist Azure's dynamic IP addresses.

Check Username and Host Configuration:

Ensure that the username and host are correctly configured in the connection string. Based on your connection string format, you should split it as follows:

• Username - The part before the "@" symbol. For example, if your connection string is ******@Storageaccount.blob.core.windows.net, then the username should be Storageaccount.sftpuser.
• Host - The part after the "@" symbol. In this case, it would be Storageaccount.blob.core.windows.net.

Configure the SFTP Linked Service in ADF:

• Go to your Azure Data Factory instance.
• Navigate to the "Manage" section and select "Linked services.
• " Click on the "+ New" button to create a new linked service.
• Select the "SFTP" connector.
• Enter the required details:
  • Host: Storageaccount.blob.core.windows.net
  • Port: 22 (or the port your SFTP server is configured to use)
  • User name: Storageaccount.sftpuser
  • Password: Enter your SFTP password or use SSH private key authentication if applicable.

Network and Firewall Configuration:

• Ensure that the Azure VM hosting the SFTP server is reachable from the Azure Integration Runtime. Check your network security groups (NSGs) and firewall settings to allow traffic from the integration runtime's IP range to the SFTP server's IP and port.
• If the SFTP server is within a VNet and not publicly accessible, consider using a self-hosted integration runtime instead of the Azure integration runtime.

Test the Connection:

• After entering the details, click the "Test connection" button to verify that ADF can successfully connect to the SFTP server.

By ensuring the username and host are correctly configured as described, you should be able to resolve the connection issue and successfully connect to your SFTP server using Azure Data Factory. If the problem persists, double-check the network settings, DNS resolution, and authentication details.

For additional details, please refer: https://techcommunity.microsoft.com/blog/azurepaasblog/troubleshooting-connectivity-to-azure-storage-over-sftp-via-windows-or-linux-mac/3990625

I hope this information helps. Please do let us know if you have any further queries.

---

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.