@v-menakakota  @burakkaragoz ,

Thanks a lot for detail explanation and suggesstions.

our scneario is slighly different, we are want to enable connection over VNET and the connectivity issue with blob storage issue remains open.

#1: Storage account/ Vnet level no firewall restrictions

#2: Storage acocunt is hosted on public end point, all IP whitelisting ocncept is ruled out

#3: Subnet is delecated, not able to create a VM for testing. it requires additional resource and configurations. I feel not worth only for testing. I shall keep this as last option.

#4: Managed identity is yet to try, as it requires SPN creation. some dependencies and plan to do this activity.

#5: there are no any locaks, validated every checks.

additonally, Trouble shooting the connectivity - It is success. only connection creation is failing.

I am sharing few screen shots, please support if any alternatives

Regards,

suresh

Hi @Sureshmannem  ,
Thank you @burakkaragoz  , for the response.

 

Use the Azure REST API error code guide to verify your request isn’t missing required headers or malformed (e.g., auth header, query params).

Please go through the below document and screenshot:

https://learn.microsoft.com/en-us/rest/api/storageservices/common-rest-api-error-codes

 

If I misunderstand your needs or you still have problems on it, please feel free to let us know.   

 

Best Regards,
Community Support Team  

Hi @Sureshmannem ,

So when you get a generic 400 error trying to connect from Fabric to Azure Blob over a vnet gateway, even though the TCP test and firewalls seem fine, there’s a couple things to double-check. Sometimes this error means there’s an issue on the app/service layer (not just network).

• Double check the storage account firewall config: Is it set to allow trusted Microsoft services or only certain subnets? Sometimes if it’s too locked down, Fabric won’t be able to reach it even if network traffic is open.
• Make sure the private endpoint (if you use it) is properly set up and DNS is resolving the storage FQDN to the private IP from inside Fabric.
• Try to connect to the blob storage from a VM inside the same vnet/subnet as your gateway, just to see if it’s Fabric-specific or a general vnet problem.
• For Fabric, make sure the managed identity or credentials you use actually has Storage Blob Data Contributor or similar permission on the storage account.
• Also, check if there’s any custom policies (like conditional access or resource locks) on the storage account that might block connections.

If you can, check the diagnostic logs on the storage account for more detailed error info. That can sometimes give more clues than just the 400 code.

Let me know how it goes or if there’s more details from the logs!

If my response resolved your query, kindly mark it as the Accepted Solution to assist others. Additionally, I would be grateful for a 'Kudos' if you found my response helpful.

Translation & text editing supported by AI