Share via

SSL/TLS error in Azure Data Factory Lookup activities

dipeshsgdl 0 Reputation points
2026-02-23T13:41:27.24+00:00

Getting this kind of transport layer error in the 'lookup' activity types that we are using in our pipelines in ADF. It often succeeds on retries but it would be great to get rid of it if possible.

'An error occurred while sending the request. The request was aborted: Could not create SSL/TLS secure channel.'

These activities are trying to run query to a sql database in azure that have required minimum TLS version of 1.2. The errors are occurring intermittently. That is activities mostly run fine. But these errors occur out of nowhere once in a while. Can see that no integration runtime gets assigned to these activities when they fail. While these activities that succeed get auto resolved integration runtime. So unsure where to check further.

Azure Data Factory
Azure Data Factory

An Azure service for ingesting, preparing, and transforming data at scale.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pilladi Padma Sai Manisha 5,315 Reputation points Microsoft External Staff Moderator
    2026-02-26T09:46:42.2933333+00:00

    Hi dipeshsgdl,
    Thankyou for reaching microsoft Q&A!
    Since the Lookup activity succeeds on retries and fails intermittently with “Could not create SSL/TLS secure channel”, this usually indicates a transient TLS negotiation or Integration Runtime resolution issue rather than a permanent configuration problem.

    You mentioned that failed runs show no Integration Runtime assigned while successful runs use AutoResolve IR. This can happen when the activity fails during the initial connection handshake before the IR allocation completes. In most cases, this is transient platform or network behavior and not a pipeline configuration issue.

    Because your Azure SQL database enforces TLS 1.2, please confirm that the linked service has encryption enabled and that there are no legacy TLS settings anywhere in the connection path. If any Self-Hosted Integration Runtime is used, make sure the machine OS and .NET framework are fully updated and support TLS 1.2, as outdated components can cause intermittent SSL negotiation failures.

    These types of errors commonly occur due to temporary backend connection resets, network latency, or short-lived cipher negotiation issues between the Integration Runtime and Azure SQL. Since retries succeed, this strongly suggests a transient connectivity condition rather than a misconfiguration.

    You can review the ADF Monitor activity run details to confirm the failure happens before dataset resolution or query execution. Also verify whether failures correlate with high pipeline concurrency and check if any recent firewall, DNS, or Private Endpoint changes were made on the SQL side.

    As a mitigation, configure a retry policy on the Lookup activity with a few retries and short intervals, which is the recommended way to handle intermittent TLS handshake issues in Azure Data Factory. If the failures start occurring more frequently or begin affecting all executions, collect a few Activity Run IDs with timestamps so backend telemetry can be reviewed.

    If you want to narrow this down further, let me know whether you are using Azure IR or Self-Hosted IR, the linked service authentication type, and whether the SQL server is accessed via Private Endpoint or Public Endpoint.

  2. Q&A Assist
    2026-02-23T13:41:42.17+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error message you are encountering, "Could not create SSL/TLS secure channel," typically indicates that there is an issue with the SSL/TLS handshake during the connection process. This can be related to several factors, including the version of the TLS protocol being used or issues with the certificates involved in the connection.

    Here are some steps you can take to troubleshoot and potentially resolve this issue:

    1. Check TLS Protocol Versions: Ensure that your environment supports the required TLS versions (TLS 1.2 is recommended). If your application or service is configured to use older versions (like TLS 1.0 or 1.1), it may lead to connection failures.
    2. Certificates: Verify that the certificates used in the connection are valid and trusted. If there are issues with the certificate chain or if the certificates are expired or misconfigured, it can cause SSL/TLS handshake failures.
    3. Integration Runtime: Since you mentioned that no integration runtime is assigned when the error occurs, ensure that the integration runtime is correctly configured and that it has access to the necessary network resources. If you're using a self-hosted integration runtime, check its connectivity and configuration settings.
    4. Network Configuration: Review your network settings, including firewalls and NSG rules, to ensure that they are not blocking the necessary ports or protocols for SSL/TLS communication.
    5. Retry Logic: Since you noted that the operation often succeeds on retries, consider implementing a more robust retry logic in your pipeline to handle transient errors more gracefully.

    If the issue persists after checking these aspects, you may want to gather more detailed logs or network traces to identify the root cause of the SSL/TLS handshake failure.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.