ADF Unable to write to BLOB Storage using Private end Point

Gurvinder Kandhola 46

Can any one please help on this, we are stuck on this and this is in production.

We are getting this error message in ADF while writing to the BLOB (ADLS Gen2) storage.(
"Failure happened on 'Sink' side. Error Code=AdlsGen2OperationFailed,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=ADLS Gen2 operation failed for: Operation returned an invalid status code 'Forbidden'.Account ")
While using the selected networks option under Networking in Storage Account. We have given the Storage blob data contributor Role to ADF in the Storage Account. This is working fine with All networks, but not with the Private End Point. We had created a private end point and have approved the permissions to the request from ADF , which is generated while creating the end point in data factory.

ShaikMaheer-MSFT 38,321 Reputation points Microsoft Employee

2021-06-21T10:37:57.16+00:00
Hi @Gurvinder Kandhola ,

Thank you for posting query in Microsoft Q&A platform. Could you please help on below clarifications to help you better in resolving issue.

Is linked service test connection is successful? If No, Kindly share error details.

Thank you
Gurvinder Kandhola 46 Reputation points

2021-06-21T16:46:33.123+00:00

Hi @ShaikMaheer-MSFT

Thanks for your reply.

In our case the Linked Service is working fine.
We have also given the approval to the ADF on the BLOB as shown in the below picture. Storage Blob Data Contributor Role has been provided to the Data Factory using managed identity. If we used the All Network option under Networking, then its working fine with the same Linked Service .Its failing (Ref : Previous post) when we are using Selected networks.
Gurvinder Kandhola 46 Reputation points

2021-06-30T18:48:23.433+00:00

Hi @PRADEEPCHEEKATLA-MSFT
When i click on the Accept Answer , it takes me to this error page
"404 - Page not found
Hmm, we could not find this link. If you feel you are seeing this page in error, please enter a Site feedback and tell us which page you expected to find."
Nandhagopal Veluchamy 136 Reputation points

2021-06-30T19:52:26.79+00:00

@Gurvinder Kandhola - Are you referring the 404 error when clicking on "Accept the answer" under the highlighted answer section ?
Gurvinder Kandhola 46 Reputation points

2021-06-30T20:04:27.347+00:00

Yes @Nandha22
Nandhagopal Veluchamy 136 Reputation points

2021-06-30T20:16:58.63+00:00

@Gurvinder Kandhola - Thanks for the confirmation. The Article moved to new location https://learn.microsoft.com/en-us/answers/support/accepted-answers and the old path is no longer exist. This could have created confusion here. Going forward we will share the new path.
PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee

2021-07-01T02:53:13.13+00:00

Hi @Gurvinder Kandhola ,

Apologize for the inconvenience caused and I had updated the article link with the new path.

Thank you.

Accepted answer

PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee

2021-06-24T08:13:19.38+00:00

Hi @Gurvinder Kandhola ,

As per my repro, I did experience the same error message as described above:

Here are the steps which I followed to resolve the issue:

Step1: I had set Firewalls and virtual networks to selected networks:

Step2: Approved the Data Factory requested private endpoint connection:

Step3: Grant Data Factory service managed identity access to your Azure Data Lake Storage Gen2.

Note: After completing the step3, please do wait at least for 5mins for the permission to reflect.

Step4: Created linked service for the Azure Storage account with Authentication method Managed Identity:

Successfully able to run the copy activity pipeline without any issue:

Hope this helps. Do let us know if you any further queries.

---------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Please sign in to rate this answer.

3 people found this answer helpful.
PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee

2021-06-28T05:25:25.11+00:00

Hi @Gurvinder Kandhola ,

Just checking in to see if the above answer helped. If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

Gurvinder Kandhola 46 Reputation points

2021-06-28T18:53:12.337+00:00

Hi @PRADEEPCHEEKATLA-MSFT ,Yes this helped and I was able to resolve the issue. I was missing the Managed Identity part and were using the Account Key for Authentication. After changing the Authentication Method to Managed Identity, the Pipeline was working fine. Thanks for your Help.

PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee

2021-06-29T03:59:32.547+00:00

Hi @Gurvinder Kandhola ,

Glad to know that your issue has resolved. Now, you can "Accept the answer". This can be beneficial to other community members. Thank you.

Gurvinder Kandhola 46 Reputation points

2021-06-29T15:58:13.223+00:00

Thanks for the Reply, This helped to resolve the issue.

PRADEEPCHEEKATLA-MSFT 84,376 Reputation points Microsoft Employee

2021-06-30T03:24:21.287+00:00

Hi @Gurvinder Kandhola ,

Did you get a chance to click on Accept Answer?
Sign in to comment

Share via

ADF Unable to write to BLOB Storage using Private end Point

0 additional answers