Solved: Azure IotHub connection fails with Managed Private...

aswary · ‎02-13-2026

I am trying to pull live data from Azure IotHub by following these 2 documentations for establishing connection between Fabric and Azure:

- https://learn.microsoft.com/en-us/fabric/security/security-managed-private-endpoints-create

- https://learn.microsoft.com/en-us/fabric/real-time-intelligence/event-streams/add-source-azure-iot-h...

The Azure is behind a Vnet and firewall and doesn't allow public access.

I have the private endpoint created and approved on IotHUB. When I try to create an eventstream and create a new connection to this IoTHub, it fails with this error:

{

 "code":"AsaDataPreviewFailure",
 "message":"Unexpected status code when previewing input data. Expected Accepted or OK, but received BadRequest. Error message: {status":"ErrorConnectingToInput",
 "eventsDownloadUrl":null,
 "error":{
 "code":"BadArgument",
 "message":"Unable to connect to IoT Hub 'azure-iot-hub' using connection string. Please make sure you have configured the IoT Hub input correctly. Exception details System.IO.IOException: Transport is closed ---> System.ObjectDisposedException: Cannot access a disposed object.Object name: 'sasl6285'. --- End of inner exception stack trace --- at Microsoft.Azure.Amqp.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.Azure.Amqp.AmqpObject.OpenAsyncResult.End(IAsyncResult result) at Microsoft.Azure.Amqp.AmqpObject.EndOpen(IAsyncResult result) at Microsoft.Azure.Amqp.Transport.AmqpTransportInitiator.HandleTransportOpened(IAsyncResult result) at Microsoft.Azure.Amqp.Transport.AmqpTransportInitiator.OnTransportOpenCompete(IAsyncResult result)--- End of stack trace from previous location --- at Microsoft.Azure.Amqp.AsyncResult.End[TAsyncResult](IAsyncResult result) at Microsoft.Azure.Amqp.Transport.AmqpTransportInitiator.<>c.<ConnectAsync>b__17_1(IAsyncResult r) at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)--- End of stack trace from previous location --- at Microsoft.Streaming.Services.TestConnectionAndSampleDataService.EventHubClient.IotHubConnection.CreateAndOpenConnectionAsync(Uri serviceEndpoint, String iotHubName, String sharedAccessKeyName, String sharedAccessKey, TimeSpan timeout) in C:__w1sProductSourceServicesTestConnectionAndSampleDataEventHubClientIotHubConnection.cs:line 196 at Microsoft.Streaming.Services.TestConnectionAndSampleDataService.EventHubClient.IotHubConnection.RequestEventHubsConnectionStringAsync(String iotHubConnectionString, Nullable`1 timeout) in C:__w1sProductSourceServicesTestConnectionAndSampleDataEventHubClientIotHubConnection.cs:line 76 at Microsoft.Streaming.Services.TestConnectionAndSampleDataService.JobAnnotationService.JobAnnotator.GetIotHubConfig(String iotHubConnectionString, String iotHubName) in C:__w1sProductSourceServicesTestConnectionAndSampleDataJobAnnotationServiceJobAnnotator.cs:line 389",
 "details":null},
 "diagnostics":null,
 "lastArrivalTime":null}"}

This is how I have created the IOThub connection (as suggested in the doc):

and then:

consumer_group and data_format

Error:

v-echaithra · ‎02-16-2026

Hi @aswary ,

Thank you for the details and error trace you shared.

Based on the behavior observed, the connection failure is caused by network reachability to the IoT Hub data-plane endpoint, not by authentication or connector configuration.

Although a Managed Private Endpoint to the IoT Hub has been created, Fabric Eventstream reads telemetry through the IoT Hub built-in Event Hubs–compatible endpoint. Fabric must be able to reach all required IoT Hub service endpoints over Private Link. If only the IoT Hub (azure-devices) endpoint is exposed, the streaming connection is dropped during AMQP negotiation.

The Eventstream service cannot resolve or connect to <your-hub>.servicebus.windows.net
This endpoint is used for telemetry ingestion. If it resolves to a public IP (or is blocked by NSG/Firewall), the connection fails with errors.

Please try again by the following additional networking configuration is in place:

Create an Additional Private Endpoint

Create a Private Endpoint for the IoT Hub with:
Resource type: Microsoft.Devices/IotHubs
Subresource: eventHub (in addition to iotHub)

This exposes the streaming endpoint required by Fabric.

Configure Private DNS (Critical)

Create and link the Private DNS zone, ensure the namespace resolves to the private IP and verify outbound access from the Fabric Managed VNet allows:

TCP 5671 – AMQP over TLS (primary)

TCP 5672 – AMQP fallback

TCP 443 – WebSocket fallback

If only port 443 is open, AMQP negotiation may still fail.

Validate DNS Resolution

From a VM in the same VNet, run:

nslookup <your-hub>.servicebus.windows.net

If this returns a public IP, this is the cause of the failure. After correct configuration, it should return a private IP. Once the Event Hubs compatible endpoint is reachable privately, the connection should succeed without requiring public access to the IoT Hub.

Hope this helps.
Thank you.

View solution in original post

v-echaithra · ‎02-22-2026

Hi @aswary ,

May I ask if you have resolved this issue? Please let us know if you have any further issues, we are happy to help.

Thank you.

v-echaithra · ‎02-19-2026

Hi @aswary ,

We’d like to follow up regarding the recent concern. Kindly confirm whether the issue has been resolved, or if further assistance is still required. We are available to support you and are committed to helping you reach a resolution.

Thank you.

v-echaithra · ‎02-16-2026

Hi @aswary ,

Thank you for the details and error trace you shared.

Based on the behavior observed, the connection failure is caused by network reachability to the IoT Hub data-plane endpoint, not by authentication or connector configuration.

Although a Managed Private Endpoint to the IoT Hub has been created, Fabric Eventstream reads telemetry through the IoT Hub built-in Event Hubs–compatible endpoint. Fabric must be able to reach all required IoT Hub service endpoints over Private Link. If only the IoT Hub (azure-devices) endpoint is exposed, the streaming connection is dropped during AMQP negotiation.

The Eventstream service cannot resolve or connect to <your-hub>.servicebus.windows.net
This endpoint is used for telemetry ingestion. If it resolves to a public IP (or is blocked by NSG/Firewall), the connection fails with errors.

Please try again by the following additional networking configuration is in place:

Create an Additional Private Endpoint

Create a Private Endpoint for the IoT Hub with:
Resource type: Microsoft.Devices/IotHubs
Subresource: eventHub (in addition to iotHub)

This exposes the streaming endpoint required by Fabric.

Configure Private DNS (Critical)

Create and link the Private DNS zone, ensure the namespace resolves to the private IP and verify outbound access from the Fabric Managed VNet allows:

TCP 5671 – AMQP over TLS (primary)

TCP 5672 – AMQP fallback

TCP 443 – WebSocket fallback

If only port 443 is open, AMQP negotiation may still fail.

Validate DNS Resolution

From a VM in the same VNet, run:

nslookup <your-hub>.servicebus.windows.net

If this returns a public IP, this is the cause of the failure. After correct configuration, it should return a private IP. Once the Event Hubs compatible endpoint is reachable privately, the connection should succeed without requiring public access to the IoT Hub.

Hope this helps.
Thank you.

Azure IotHub connection fails with Managed Private endpoint

Helpful resources

Join our Fabric User Panel

Fabric Monthly Update - February 2026