Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends September 15. Request your voucher.

Reply
Maderthaner
Frequent Visitor

On Premise Data Gateway - Better Admin Support

‎04-15-2025 07:57 AM

Hey guys,

 

we really love using Fabric and are rolling it out big in our company.

 

We are still largely running on on-premise data sources, which requires us to use multiple On Premise Data Gateway servers.

 

The app works reasonly well, although I really ask for your support on making the administration on two things much better: 1) proxy settings, and 2) Kerberos-readiness

 

1) Proxies

The information in the documentation is outdated: Configure proxy settings for the on-premises data gateway (Konfigurieren von Proxyeinstellungen für ...

The fourth file is now called FabricPipelineWorker.exe.config - but really, we would love it if we could just enter the proxy in the GUI as it works for the Synapse On Premise Integration Runtimes so that the administration becomes easier!

 

2) Kerberos-readiness

Our company started turning off NTLM more and more and we need to switch to a Kerberos ready On Premise Data Gateway (OPDG) service. The information provided here: Configure Kerberos-based SSO from Power BI service to on-premises data sources - Power BI | Microsof... is daunting. If I need to do all of this on all my 10+ OPDG servers, every month or so there is an update (as updates often eat the settings, for example with the proxy), I almost feel like I need to hire a working student to go through this exercise every few months or so. Can you make this simpler for us? for example, configure once and ensure a proper takeover from update to update of the OPDG, better documentation, best practices or just start rooting out the NTML "default" in the first place.

 

Let me know your thoughts or hints - maybe we are doing it wrong - but the corporate guidelines on proxy and NTLM seem untouchable.

Labels:
Message 1 of 8
932 Views
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User

‎04-15-2025 08:23 AM

Thank you for mentioning

 

C:\Program Files\On-premises data gateway\FabricIntegrationRuntime\5.0\Shared\FabricPipelineWorker.exe.config

 

One more file to keep track of for proxy settings, sigh.

 

If this is important to you please consider voting for an existing idea or raising a new one at https://ideas.fabric.microsoft.com

View solution in original post

Message 2 of 8
911 Views
0
7 REPLIES 7
v-karpurapud
Community Support
Community Support

‎05-29-2025 09:54 PM

Hi @Maderthaner 

We are following up once again regarding your query. If the issue has been resolved, we kindly request you to share the resolution or key insights here to help others in the community. If we don’t hear back, we’ll go ahead and close this thread.

Should you need further assistance in the future, we encourage you to reach out via the Microsoft Fabric Community Forum and create a new thread. We’ll be happy to help.

 

Thank you for your understanding and participation.

 

Message 8 of 8
539 Views
0
v-karpurapud
Community Support
Community Support

‎04-20-2025 11:12 PM

Hi @Maderthaner 

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

Thank you.

Message 7 of 8
721 Views
0
v-karpurapud
Community Support
Community Support

‎04-16-2025 12:05 AM

Hi @Maderthaner 


Thank you for reaching out to the Microsoft Fabric Community Forum.

 

We understand your concern regarding  the challenges with the On-Premises Data Gateway (OPDG) administration, particularly the outdated documentation for configuring proxy settings, which mentions incorrect file names, and the complex Kerberos configuration process requiring domain admin intervention, SPN creation, and delegation setup across your 10+ OPDG servers.

 

Proxy Settings Solution

Since a GUI for proxy configuration is not yet available in the OPDG, we recommend manually editing the following configuration files on each OPDG server to include proxy settings, as suggested by @lbendlin .

Use the updated file name FabricPipelineWorker.exe.config for Fabric workloads:

        C:\Program Files\On-premises data gateway\FabricPipelineWorker.exe.config (for Fabric)

        C:\Program Files\On-premises data gateway\Microsoft.PowerBI.EnterpriseGateway.exe.config

 

Kerberos Readiness Solution

 

Although a fully automated Kerberos setup or removal of NTLM as the default is not currently available, we can simplify the configuration process:
 

Centralize Configuration with a Domain Account: Use a single domain account (e.g., CONTOSO\GatewaySvc) for all OPDG servers. Configure this account via the On-Premises Data Gateway app under Service Settings > Change Service Account, enter the credentials, and restart the gateway service. This requires domain admin rights only once per account.

Configure SPN and Delegation: As a domain administrator, create a single SPN using:

 

setspn -S gateway/OPDG01 CONTOSO\GatewaySvc

 

Replace OPDG01 with one server name (reusable across servers). In Active Directory Users and Computers (ADUC), navigate to the CONTOSO\GatewaySvc account, go to the Delegation tab, select Trust this user for delegation to specified services only > Use Kerberos only, and add the relevant service types (e.g., MSSQLSvc) and server names for your data sources. Apply this configuration once.

 

If this response resolves your query, kindly mark it as an Accepted Solution to assist other community members. A Kudos is also appreciated if you found the response helpful.
 

Thank You!

Message 4 of 8
871 Views
0
Maderthaner
Frequent Visitor
In response to v-karpurapud

‎04-23-2025 07:23 AM

Hi,

 

thanks for the hints - that I am aware of - but the request was to get help in automatic administration of these apps. I don't want to do these steps every time I update my gateway accounts.

I dont want to add every data source & server & service & account in the delegation tab to be Kerberos ready. And I don't think its best practice to use a single domain account for all different data gateways, but that's maybe just me.

 

also the location is wrong:
C:\Program Files\On-premises data gateway\FabricIntegrationRuntime\5.0\Shared\FabricPipelineWorker.exe.config

Message 5 of 8
699 Views
0
v-karpurapud
Community Support
Community Support
In response to Maderthaner

‎04-28-2025 12:35 AM

Hi @Maderthaner 

We apologize for the inconvenience. Since the auto-update for OPDG is currently unavailable, you can submit the idea in the forum (which you have already done), gather as many likes as possible (as they may prioritize the most requested features), and wait for Microsoft to roll it out as a feature. We hope your issue gets resolved soon.

Thank you.

Message 6 of 8
652 Views
0
lbendlin
Super User
Super User

‎04-15-2025 08:23 AM

Thank you for mentioning

 

C:\Program Files\On-premises data gateway\FabricIntegrationRuntime\5.0\Shared\FabricPipelineWorker.exe.config

 

One more file to keep track of for proxy settings, sigh.

 

If this is important to you please consider voting for an existing idea or raising a new one at https://ideas.fabric.microsoft.com

Message 2 of 8
912 Views
0
Maderthaner
Frequent Visitor
In response to lbendlin

‎04-23-2025 07:24 AM

Yeah, I raised the OPDG auto update idea like many months ago. Not sure where that is 😕

Message 3 of 8
698 Views
0

Helpful resources

Announcements
August Fabric Update Carousel

Fabric Monthly Update - August 2025

Check out the August 2025 Fabric update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Kudoed Authors
View All