Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
banto87
Frequent Visitor

Cosmos DB with private link not reacheble in Data Pipeline connection

‎06-20-2025 06:38 AM

Hi,

 

I have an Azure CosmosDB with private link (it is within a VNET). I have followed the doc to create a VNET data gateway for Fabric. The VNET Data gateway is successfully generated, and in the troubleshooting session it is able to solve Cosmos DNS and ping it. Now, in the Fabric Data Pipeline's Copy Data activity where I create the Azure Cosmos DB V2 connection it fails with message: Unable to create connection for the following reason: Unable to connect to the data source. Either the data source is inaccessible, a connection timeout occurred, or the data source credentials are invalid. Please verify the data source configuration and contact a data source administrator to troubleshoot this issue.

 

What can it be wrong?

Labels:
Message 1 of 11
806 Views
0
10 REPLIES 10
v-lgarikapat
Community Support
Community Support

‎06-22-2025 11:33 PM

Hi @banto87 ,

Thanks for reaching out to the Microsoft fabric community forum.

 

  1. Connection string mismatch: If you're using a private endpoint, make sure the connection string uses the correct FQDN  instead of the public endpoint. Using the wrong one can silently fail or time out.
  2. Firewall or NSG rules: Double-check that the subnet where the VNET Data Gateway is deployed is explicitly allowed in the CosmosDB firewall settings. Even if DNS resolves, CosmosDB might still block traffic from unauthorized subnets.
  3. Private DNS zone linkage: If you're using a private DNS zone for CosmosDB, ensure it's correctly linked to the VNET where the gateway resides. Misconfigured DNS zones can cause resolution to succeed but route traffic incorrectly.
  4. Sub-resource mismatch: When creating the private endpoint, ensure the target sub-resource is set to Sql or SqlDedicated depending on your CosmosDB API. If this is misaligned, the connection will fail silently.
  5. Gateway region mismatch: The VNET Data Gateway and the Fabric workspace should ideally be in the same region. Cross-region traffic can introduce latency or even fail due to policy restrictions.
  6. Authentication issues: If you're using managed identity or service principal, confirm that the identity has the correct role (like Cosmos DB Account Reader Role) on the CosmosDB account.

Configure virtual network based access for an Azure Cosmos DB account | Microsoft Learn

On-premises and virtual network (VNet) data gateways documentation | Microsoft Learn

 

Best Regards,

Lakshmi Narayana

 

Message 2 of 11
735 Views
0
banto87
Frequent Visitor
In response to v-lgarikapat

‎06-23-2025 04:17 AM

@v-lgarikapat thanks.

 

Unfortunately those suggestions do not help me to succeed.

 

One note though: the VNET is in North EU while I see that Fabric shows the message: Your data is stored in Switzerland North (Zurich)

 

Is this what you mean in point 5 maybe?

Message 4 of 11
709 Views
0
banto87
Frequent Visitor
In response to v-lgarikapat

‎06-27-2025 06:03 AM

@v-lgarikapat thanks. I've followed all instructions. Now I have Cosmos DB and its private EP in the same region as Fabric tenant and still get a connectivity error from the Copy Data activity in Fabric:

 

banto87_0-1751029413847.png

 

Please suggest.

Message 6 of 11
555 Views
0
v-lgarikapat
Community Support
Community Support
In response to banto87

‎07-03-2025 02:41 AM

Hi @banto87 ,

 

Based on the screenshot you shared, here are a few troubleshooting steps: 

 

Since you already put Cosmos DB and the private endpoint in the same region as your Fabric tenant, next make sure you're using the private FQDN in your Fabric connection (not the public one) and check that the private DNS zone (privatelink.documents.azure.com) is linked to the VNET with your data gateway try doing an nslookup from a VM in that VNET to confirm it's resolving to a private IP. Also, if you're using Managed Identity, give it access to Cosmos DB by assigning the right role like Reader or Contributor. The SSL certificate error may come up if the Fabric gateway can't validate the Cosmos DB certificate, especially if it's using a public CA the runtime can’t reach so as a test, try enabling the skip certificate validationcheckbox in your connection settings (but only temporarily). Also double-check that the Cosmos private endpoint is created for the correct subresource depending on the API you’re using (like Sql or SqlDedicated). If everything seems right but still fails, try recreating the Cosmos DB connection in Fabric from scratch, making sure you test the connection before saving. Let me know if you want help checking DNS from a VM or reviewing your JSON connection config.

 

Configure Azure Private Link for Azure Cosmos DB | Microsoft Learn

Configure Azure Cosmos DB for NoSQL in a copy activity - Microsoft Fabric | Microsoft Learn

Azure Private Endpoint DNS Integration Scenarios | Microsoft Learn

 

Best Regards,

Lakshmi Narayana

Message 7 of 11
404 Views
0
banto87
Frequent Visitor
In response to v-lgarikapat

‎07-03-2025 03:04 AM

hello,

 

can you pls elaborate more on how this can be done: "try enabling the skip certificate validationcheckbox in your connection settings (but only temporarily)"

 

thanks

Message 8 of 11
392 Views
0
v-lgarikapat
Community Support
Community Support
In response to banto87

‎07-07-2025 04:35 AM

Hi @banto87 ,

Thanks for the follow up

To enable the Skip certificate validation option in Microsoft Fabric when setting up a Cosmos DB connection, head to your Fabric workspace and open the Manage connections and gateways section. Either edit your existing connection or start creating a new one, and once you reach the configuration screen, select your preferred authentication method like Managed Identity and look for the advanced settings or security options. There, you’ll find a checkbox labeled something like Skip server certificate validation. Check that box to temporarily bypass SSL certificate checks, then test the connection to see if it resolves your issue. Just make sure to turn it off again once you've confirmed the root cause, since leaving it enabled can pose security risks in production environments

 

Best Rgards,

Lakshmi Narayana

Message 9 of 11
313 Views
0
v-lgarikapat
Community Support
Community Support
In response to v-lgarikapat

‎07-09-2025 08:00 AM

Hi @banto87 ,

 

I wanted to follow up and confirm whether you’ve had the opportunity to review the information we provided. Should you have any questions or require further clarification, please don't hesitate to reach out.

 

Best Regards,

Lakshmi Narayana

Message 10 of 11
255 Views
0
v-lgarikapat
Community Support
Community Support
In response to v-lgarikapat

Wednesday

Hi @banto87 ,

I wanted to follow up and confirm whether you’ve had the opportunity to review the information we provided. Should you have any questions or require further clarification, please don't hesitate to reach out.

 

Best Regards,

Lakshmi Narayana

Message 11 of 11
123 Views
0
banto87
Frequent Visitor
In response to v-lgarikapat

‎06-20-2025 06:13 AM

Hi,

 

I have an Azure CosmosDB with private link (it is within a VNET). I have followed the doc to create a VNET data gateway for Fabric. The Data gateway is successfully generated, and in the troubleshooting option it is able to solve Cosmos DNS and ping it. Now, in the Fabric Data Pipeline's Copy Data activity where I create the Azure Cosmos DB V2 connection it fails with message: Unable to create connection for the following reason: Unable to connect to the data source. Either the data source is inaccessible, a connection timeout occurred, or the data source credentials are invalid. Please verify the data source configuration and contact a data source administrator to troubleshoot this issue.

 

What can it be wrong?

Message 3 of 11
786 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June FBC25 Carousel

Fabric Monthly Update - June 2025

Check out the June 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All