Azure Synapse Linked Service - Failed to resolve the server name

cthivierge 4,056 Reputation points
2022-02-23T14:54:47.66+00:00

Hi,

Here's a weird issue and i hope someone would be able to give me a hint.

We have a Synapse Workspace that use only the Serverless. The public network is disabled and we use Private Endpoints to connect to Synapse as well as Managed private endpoint to connect Synapse to other PaaS services. Managed virtual network is enabled.

All private endpoints (any PaaS services) are in the same virtual network.

We want to create a Linked Service to a Azure KeyVault.

The KeyVault has already an Endpoint and a valid DNS record in the Private DNS Zone.
There is a Managed Private Endpoint from Synapse to the KeyVault as well and it has been approved on the KeyVault.

When we want to create the Linked Service, we select the KeyVault resource type and we select the KeyVault from the Azure Subscription / KeyVault name. The test connection is to the Linked Service.

When we test the connection, we receive this error message

Failed to resolve the server name "MyWorkspaceName.dev.azuresynapse.net", please refer to troubleshooting doc and check network configuration.

The thing is why it ask me to resolve the DNS name of the workspace ?

From a NSLookup, i can resolve MyWorkspaceName.dev.azuresynapse.net

The user that did that was Synapse Administrator and had Contributor rights on the Resource Group.

Any hints ?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,286 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,927 questions
0 comments No comments
{count} votes

Accepted answer
  1. ShaikMaheer-MSFT 38,441 Reputation points Microsoft Employee
    2022-02-25T16:24:58.417+00:00

    Hi @cthivierge ,

    Thanks for posting query in Microsoft Q&A Platform.

    As per my understanding, you observe that linked service test connection for synapse studio using client computer instead of Synapse. Please correct me if my understanding is wrong.

    Usually linked services uses Integration runtimes while performing test connections. But in case of Key vault linked service we don't see IR option. Could you please confirm what is the Authentication method you used in your linked service?

    I am checking about this internally as well. I will share updates once I hear back. Thank you.


1 additional answer

Sort by: Most helpful
  1. cthivierge 4,056 Reputation points
    2022-02-24T16:29:21.297+00:00

    After investigation, we found the issue.

    It was a missing DNS conditional forwarding zone in our internal DNS Servers.
    I did a quick test by adding the DNS Name into the host file of my computer and it worked.

    It seems that the "testing connection" button in the Linked Service creation in synapse studio use the client computer instead of Synapse. Weird...

    But my question... why does the testing connection is using the client ? I thought it was a connection between Synapse and the KeyVault and the client computer was never involved in this test...

    I also did a netmon trace and i was able to see that my computer is connecting to the dev.azuresynapse.net endpoint.

    Thanks!

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.