Hi, we created a dedicated domain service account for ADF to access different data sources on-premise throught Self-hosted intergration RunTime server and granted that service account access on the local servers (SQL Servers DB & network shares)
What we notice is that domain service account require logon rights on every on-prem server it needs to retrieve data from (not just the self-hosted IR server) for it to work. Otherwise ADF will return error 'Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication' Even that service account have been granted the correct access on the SQL Server & network share.
As soon as we grant that service account LogOn rights to the server , everything started working. Our sercuity team has problem granting that service account logon permissons to all the SQL servers & file servers in Production enviroment. ( Self-Hosted Intergration RunTime Server is not the problem, but logOn rights to multiple SQL servers & file server is a sercuity concern. )
I searched online and did not find much results on this topic. There are document stating the log-on permission is required on the Self-Host Intergration RunTime Server, but none of them mention that access on the other on-prem Servers. Did we mis-configured something in our ADF setup? Does the domain account ADF use to access on-prem SQL database or network share (through Self-hosted intergration RunTime) have to have logOn (or log-on-as-service) permission on all the other on-prem servers as well?