ADF Unable to write to BLOB Storage using Private end Point

Gurvinder Kandhola 46 Reputation points
2021-06-18T19:47:25.787+00:00

Can any one please help on this, we are stuck on this and this is in production.

We are getting this error message in ADF while writing to the BLOB (ADLS Gen2) storage.(
"Failure happened on 'Sink' side. Error Code=AdlsGen2OperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=ADLS Gen2 operation failed for: Operation returned an invalid status code 'Forbidden'.Account ")
While using the selected networks option under Networking in Storage Account. We have given the Storage blob data contributor Role to ADF in the Storage Account. This is working fine with All networks, but not with the Private End Point. We had created a private end point and have approved the permissions to the request from ADF , which is generated while creating the end point in data factory.

107192-image.png

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,575 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,012 questions
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee
    2021-06-24T08:13:19.38+00:00

    Hi @Gurvinder Kandhola ,

    As per my repro, I did experience the same error message as described above:

    108896-image.png

    Here are the steps which I followed to resolve the issue:

    Step1: I had set Firewalls and virtual networks to selected networks:

    108874-image.png

    Step2: Approved the Data Factory requested private endpoint connection:

    108780-image.png

    Step3: Grant Data Factory service managed identity access to your Azure Data Lake Storage Gen2.

    108944-image.png

    Note: After completing the step3, please do wait at least for 5mins for the permission to reflect.

    Step4: Created linked service for the Azure Storage account with Authentication method Managed Identity:

    108935-image.png

    Successfully able to run the copy activity pipeline without any issue:

    108895-image.png

    Hope this helps. Do let us know if you any further queries.

    ---------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful