Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
henrikmo1
Frequent Visitor

Fabric Lakehouse shortcut to ADLS gen2 not working

Hi,

I'm trying to create a shortcut to our ADLS gen2 from Fabric Lakehouse, but I get an error saying; "Connection could not be updated." when trying to create a shortcut to our production storage account. For some reason, when I'm trying to connect to our development storage account, the error is saying; "Invalid credentials."

I'm using the dfs-endpoint (Data Lake Storage) and I've been trying to authenticate both with organizational account and with Account Key, but both are giving an error.
lakehouse.JPG

 


My IP address is added in the storage accounts address range, and I've also checked the "Allow Azure services on the trusted services list to access this storage account" box - for testing purposes. But still, no luck.. Has anyone experienced the same issue and found a way around this?

2 ACCEPTED SOLUTIONS
ppotasinski
Microsoft Employee
Microsoft Employee

In the documentation (OneLake shortcuts - Microsoft Fabric | Microsoft Learn) you can read that "Access to storage account endpoint can't be blocked by storage firewall or VNET.".

 

I believe it's not your IP that is blocked by storage firewall but IPs used by Fabric (and Fabric uses dynamic IPs behind the scenes).

 

If you need this scenario to be addressed (storage using firewall or in VNET) you can submit an idea to https://aka.ms/fabricideas to make sure the team has it in the backlog (I believe it's on the roadmap as a part of Fabric's security story, but don't have an ETA or any details).

 

View solution in original post

The ability to connect to Azure storages via firewalls will come to Fabric very soon. See here: What's new and planned for Administration and governance in Microsoft Fabric - Microsoft Fabric | Mi....

View solution in original post

7 REPLIES 7
riaraphael
New Member

I am also facing the same issue. when I try to create a shortcut to my ADLS gen2 from Fabric Lakehouse, it says "invalid credentials". I tried using account key, organizational account and sas token. None of them worked. There is no firewall or vnet for my storage account.

maverick1978
New Member

Hi,

 

I am also getting the same error of "Invalid Credentials" while trying to create a shortcut to my ADLS storage account from Fabric Lakehouse. I am trying to authenticate using Organizational account.

 

I checked and I have Contributor rights on the ADLS Storage Account. My storage account is in Development subscription. However I don't know under which subscription of my tenant, the Fabric Lakehouse (and the dataset) is created? I searched all the subscriptions but could not find the resources. So I am not sure whether any other permissions or missing here?

 

One more aspect I observed is, my PowerBI premium is hosted in North Europe however the Storage account (for which I am creating the shortcut) is in West Europe. Though this could lead to latency, I don't think this would block the connection? Anything I am missing on this front?

 

Thanks for your support.

I was getting Invalid Credentials error too.

I asked admin to give me Owner permission on the storage account and then Invalid Credentials error went away.

However, I then started getting 

 

 

Error in sending request The HttpClient returned a response with status code InternalServerError and will retry

 

ppotasinski
Microsoft Employee
Microsoft Employee

In the documentation (OneLake shortcuts - Microsoft Fabric | Microsoft Learn) you can read that "Access to storage account endpoint can't be blocked by storage firewall or VNET.".

 

I believe it's not your IP that is blocked by storage firewall but IPs used by Fabric (and Fabric uses dynamic IPs behind the scenes).

 

If you need this scenario to be addressed (storage using firewall or in VNET) you can submit an idea to https://aka.ms/fabricideas to make sure the team has it in the backlog (I believe it's on the roadmap as a part of Fabric's security story, but don't have an ETA or any details).

 

thank you so much for your reply, @ppotasinski. I was trying to do the same, but in my case, I created a private endpoint (within fabric workspace) and got approved in my azure tenant (storage container). Even then it gives me the same 'invalid credentials' error. Would really appreciate your thoughts here. Thanks!

But typically in a organisation setup we have storage accounts protected with firewall settings , what is the other option to securely make a connection from Fabric ?

The ability to connect to Azure storages via firewalls will come to Fabric very soon. See here: What's new and planned for Administration and governance in Microsoft Fabric - Microsoft Fabric | Mi....

Helpful resources

Announcements
FabricCarousel_June2024

Fabric Monthly Update - June 2024

Check out the June 2024 Fabric update to learn about new features.