ADF not working for ADLS with already created Private end Point

Frequent Visitor

I have following components, ADF with private endpoint for data factory, ADLS with private endpoint, Azure VM (for SHIR). I have created a VNet with a subnet. I have created a VM in the subnet with private IP and with out any public IP, in this VM I have hosted a Self Hosted Integration Runtime(SHIR), the SHIR is up and running in ADF. In the ADLS, given Blob reader and blob contributor access to ADF.

Scenario 1 (working) :- I created a delimited text file in the VM, using ADF copy activity in the source I used SHIR and able to read the content, with ADLS public endpoint, the copy activity is working with SHIR both in source and sink.

Scenario 2 (not working):- I created a delimited text file in the VM, using ADF copy activity in the source I used SHIR and able to read the content, but in the sink not able to write ADLS (with private endpoint) using SHIR. The error is 1). It's possible because the service principal or managed identity don't have enough permission to access the data. (2). It's possible because the IP address of the self-hosted integration runtime machines are not allowed by your Azure Storage firewall settings. (3). If the self-hosted integration runtime use proxy server, it's possible because the IP address of the proxy server is not allowed by your Azure Storage firewall settings.. Account: 'accountrajaadfadls'. FileSystem: 'rajavmtoadls'. Path: 'VMfile.txt'. ErrorCode: 'AuthorizationFailure'. Message: 'This request is not authorized to perform this operation

Please help me why Scenario 2 is not working?

Scenario 3 (working):- Then I created Azure Integration runtime, in the copy activity, I tried source with SHIR and in the sink, used Azure-IR and able to write to ADLS (Public end point)

Scenario 4 (Not working):- Then I created Azure Integration runtime, created a managed private end point for adls and got it approved in the adls public endpoint. In the copy activity, I tried source with SHIR and in the sink, used Azure-IR it is not working error is (1). It's possible because the service principal or managed identity don't have enough permission to access the data. (2). It's possible because the IP address of the self-hosted integration runtime machines are not allowed by your Azure Storage firewall settings. (3). If the self-hosted integration runtime use proxy server, it's possible because the IP address of the proxy server is not allowed by your Azure Storage firewall settings.. Account: 'accountrajaadfadls'. FileSystem: 'rajavmtoadls'. Path: 'VMfile.txt'. ErrorCode: 'AuthorizationFailure'. Message: 'This request is not authorized to perform this operation.

Please help me why scenario 2 and Scenario 4 with ADLS (with private endpoint) is not working.

 

0 Replies