On-premises data gateway

Question

On-premises data gateway

Hadas Eliyahu 5

Hello,

I have a problem connecting to the On-premises data gateway.

I try to login to the app in the computer, I get to connect to the account via browser and then I have this error:

"the gateway is configured correctly but is unreachable due to local network connectivity problems"

the gateway service is on.

I checked the logs and it says there:

"Microsoft.ServiceBus.RelayNotFoundException Relay must be created at this address before using the binding with IsDynamic set to false" ,"ServiceEndpoint Connection status: Offline sb://wabi-west-europe-relay26.servicebus.windows.net"

Can anyone help me to find a solution?

Thank you!

0 comments

3 answers

Your answer

Answer 1

Brian Huynh 3,295 Microsoft External Staff Moderator

Hello Hadas Eliyahu, thank you for posting in the Microsoft Q&A community.

This behavior occurs when the gateway software can successfully authenticate with Microsoft Entra ID (via port 443) but fails to establish the persistent outbound connection to Azure Service Bus. This is almost caused by a local firewall, proxy server, or network security group blocking the required non-standard outbound TCP ports or intercepting the traffic.

To resolve this, please try forcing the Gateway to use HTTPS Mode:

Open the data gateway app on the host machine.
Go to the Network tab.
Toggle the switch for HTTPS mode to On.
Click Apply. The gateway service will restart automatically.

(Note: HTTPS mode is highly effective for bypassing strict firewall port rules, though it may introduce a very slight performance overhead depending on your data volume).

If the issue persists after turning on HTTPS mode or unblocking the ports, I will need a bit more data to assist you further. Could you please export the gateway logs by going to the Diagnostics tab and selecting Export logs. Review the GatewayErrors.log file for any specific System.ServiceModel, Proxy, or SocketException error codes and share the exact error text here.

I will follow up on this thread to ensure your issue is completely resolved. Please keep me updated on your progress, and if this helps, please consider clicking "Accept answer".

Official Microsoft References:

Hadas Eliyahu 5 Reputation points

2026-05-19T11:45:19.2833333+00:00

The HTTPS mode is already on

We have this errors in the file:

Microsoft.ServiceBus.RelayNotFoundException: Relay must be created at this address before using the binding with IsDynamic set to false

We also see:

Failed to enumerate uploadable files. Error: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\powerbi\AppData\Local\Microsoft\On-premises data gateway\MSessions'.
Brian Huynh 3,295 Reputation points Microsoft External Staff Moderator

2026-05-20T05:59:23.41+00:00
Hello, thank you for following up and providing log details. T

The first error, Microsoft.ServiceBus.RelayNotFoundException, means that your local gateway is successfully reaching the Azure network, but the specific Azure Relay endpoint it expects to use does not exist or the connection is being severed at the certificate level. This happens if the gateway registration in the Power Platform Admin Center was accidentally altered, or firewall/proxy is performing "TLS/SSL Inspection" which strips and replaces the Microsoft certificates, breaking the Service Bus binding.

The second error, System.IO.DirectoryNotFoundException, is a local file system issue. By default, the gateway runs under the NT SERVICE\PBIEgwService account, but your logs show it is running under the powerbi user profile. The service is failing to write session logs because it cannot find the MSessions directory in that user's local AppData path.

Let's first fix the local directory structure so the gateway can operate stably. Please navigate to C:\Users\powerbi\AppData\Local\Microsoft\On-premises data gateway\ and manually create a new folder named MSessions. Once created, right-click the folder, go to Properties, and ensure the powerbi user account has Full Control permissions.

Next, we need to force the gateway to rebuild its connection to the cloud. You can do this by executing a gateway restore:

Open the data gateway app.

Sign in with your admin credentials.

Select Migrate, restore, or takeover an existing gateway.

Choose your gateway from the list and enter your original Recovery Key.

Click Configure.

If the gateway still fails to connect after the restore, you will need to verify that the proxy/firewall is bypassing any TLS/SSL Decryption or Deep Packet Inspection (DPI) for traffic destined to .servicebus.windows.net.

Answer 2

Hadas Eliyahu 5

I tried this - Diagnostics and run Network ports test.

and it all got success.

the Network → HTTPS mode is on

I checked this on the power shell and it all got success

Test-NetConnection wabi-west-europe-relay26.servicebus.windows.net -Port 5671

Test-NetConnection wabi-west-europe-relay26.servicebus.windows.net -Port 5672

Test-NetConnection wabi-west-europe-relay26.servicebus.windows.net -Port 443

-- I still have the problem - any other things to check?

0 comments

Answer 3

The error and log entry indicate a connectivity problem between the on-premises data gateway and Azure Relay, not a sign-in problem with the account.

Use these steps on the gateway machine:

Verify gateway network connectivity
- Open the On-premises data gateway app.
- Go to Diagnostics and run Network ports test.
- If the result is Completed (Failed, see last test results), open the last test results and identify which servers/ports are reported as Closed. These must be allowed on your firewall/proxy.
Ensure required FQDNs and ports are open Make sure outbound access is allowed from the gateway machine to at least the following (for public cloud):
- *.servicebus.windows.net on ports 5671–5672 and 443, 9350–9354 (Azure Relay)
- *.powerbi.com on 443
- *.analysis.windows.net on **443`
- *.login.windows.net, login.live.com, aadcdn.msauth.net, login.microsoftonline.com, *.microsoftonline-p.com on 443 (sign-in)
- Any other domains listed in the required ports table that apply to your scenario. If any of these are blocked by a corporate firewall or proxy, the gateway will show as configured but unreachable, and the Relay connection will stay offline.
Check firewall/proxy specifics
- If using a proxy, confirm the gateway is configured with the correct proxy settings as described in Configure proxy settings for the on-premises data gateway.
- If the proxy only allows ports 80 and 443, either:
  - Open the additional required ports for *.servicebus.windows.net, or
  - In the gateway app, enable Network → HTTPS mode to force communication with Azure Relay over HTTPS (port 443) instead of direct TCP.
- If using a firewall that filters by IP, allow the Azure data center IP ranges for your region as described in the networking documentation.
Validate no unsupported Bring Your Own Relay configuration
- If Bring Your Own Azure Relay is enabled for this gateway, ensure Private Link is not enabled on that Relay namespace. Private Link with BYO Relay is not supported and can cause connectivity failures.
- If BYO Relay is not required, disable it so the gateway uses the default managed Relay.
Confirm gateway service account and restart
- In the gateway app, under Service Settings, confirm the gateway Windows service is running.
- If a proxy requires domain authentication, change the gateway service account from the default NT SERVICE\PBIEgwService to a suitable domain user account, then restart the gateway service.
- After any network or account change, restart the gateway service from Service Settings → Restart the gateway and then try signing in again.
Use logs and Event Viewer for further detail
- In the gateway app, under Diagnostics, use Export logs and review them for additional Relay or connectivity errors.
- In Event Viewer on the gateway machine, check Applications and Services Logs → On-premises data gateway service for detailed error messages around the time of the failure.

Once the network ports test shows Completed (Succeeded) and the required FQDNs/ports are open, the Relay status should move online and the “configured correctly but unreachable due to local network connectivity problems” error should stop appearing.

References:

Share via

On-premises data gateway

3 answers

Your answer