Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
Tanuja_5
New Member

GCP VM instance unable to connect to Fabric Warehouse

‎11-06-2023 01:09 AM
I am encountering the following exception when testing fabric warehouse and lakehouse endpoints from GCP VM
The issue we faced is related to authentication, and we received the following exception:
 
{"error":"invalid_grant","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'e406a681-f3d4-42a8-90b6-c2b029497af1'. Trace ID: 32ca807a-302a-45f8-8249-fbcc3e7eef00 Correlation ID: 65cf184f-2ea5-412d-9c1f-a4d618589dce Timestamp: 2023-11-03 13:38:14Z","error_codes":[50076],"timestamp":"2023-11-03 13:38:14Z","trace_id":"32ca807a-302a-45f8-8249-fbcc3e7eef00","correlation_id":"65cf184f-2ea5-412d-9c1f-a4d618589dce","error_uri":"https://login.microsoftonline.com/error?code=50076","suberror":"basic_action"}
 
Curl commands:
 
Lakehouse endpoint
 
curl --location 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token
--header 'Content-Type: application/x-www-form-urlencoded' 
--header 'Cookie: fpc=Ag3N3mUT6ClCglqY-z0avHVlHrAYAQAAAJLi1twOAAAAy09xYgEAAAAX49bcDgAAAHY0pfoBAAAAuOTW3A4AAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' 
--data-urlencode 'password=XXX' 
--data-urlencode 'username=YYY' 
--data-urlencode 'grant_type=password' 
--data-urlencode 'scope=https://storage.azure.com/.default offline_access' 
--data-urlencode 'client_id=ZZZ' 
 
Warehouse endpoint
 
curl --location 'https://login.microsoftonline.com/striim.com/oauth2/v2.0/token' \
--header 'Cookie: fpc=Ag3N3mUT6ClCglqY-z0avHVlHrAYAQAAAJLi1twOAAAAy09xYgEAAAAX49bcDgAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--form 'password="XXX"' \
--form 'grant_type="password"' \
--form 'scope="https://database.windows.net//.default offline_access"' \
--form 'username="YYY"' \
--form 'client_id="ZZZ"'
The VM is not contrained by any firewall rule as the below ping is succesful
ping login.microsoftonline.com
 
To confirm this issue isn't because of the region of GCP VM, we tested it on different regions and faced the same issue.
However, the AWS EC2 machines on the same region works fine.
 
Finally, we tried temporarily disabling the security policy and revoked the MFA session of the account and this allowed the connection from GCP VM. Upon re-enabling the security policy, the application on GCP continued to function correctly.
 
This security policy is enabled by default in Azure and is not configurable because of the azure license owned. 
Therefore, we would like to understand the specifics of this default security policy which restricts connection from GCP VM. 
Labels:
Message 1 of 1
285 Views
0
0 REPLIES 0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All