Forum Discussion
Purview Synapse Workspace Connection denied
Have a classic Purview setup and trying to scan a Synapse workspace serverless with an integration runtime and a service principal. When we try to select from synapse workspace on the scan, we an error. We can scan dedicated from the with the same integration runtime and service principal. Here is the error. Can anyone assist? Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes (https://docs.microsoft.com/azure/azure-sql/database/connectivity-settings#deny-public-network-access). To connect to this server, use the Private Endpoint from inside your virtual network (https://docs.microsoft.com/azure/sql-database/sql-database-private-endpoint-overview#how-to-set-up-private-link-for-azure-sql-database).
3 Replies
Synapse serverless and dedicated sql pools are using separate private endpoints. Therefore, my initial guess is that either the private endpoint for the serverless sql pool is missing or it is present but the corresponding DNS entry is missing or incorrect.
We're seeing similar behaviour setting up scans. Our workaround at present is to manually specify the settings and database names which appears to allow them to be targeted directly.
Potentially related, we're also currently unable to get Purview Information Security to see Synapse for the purpose of setting up automatic sensitivity labelling against a privately networked data lake and Synapse instance.
milgoMicrosoft
Ideally the Deny Public Network Access setting is always enabled based on the documentation you have linked above. Possible cause is that the connection attempt is being made over a public network.
Use the second documentation to set up a private endpoint and follow the wizard guides. Double check your DNS configuration as well to resolve the private endpoint.
