Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

The ultimate Microsoft Fabric, Power BI, Azure AI & SQL learning event! Join us in Las Vegas from March 26-28, 2024. Use code MSCUST for a $100 discount. Register Now

Reply

On-Premises data gateway - the remote certificate is invalid according to the validation procedure

I've been having problems configuring On-Premises data gateway.  The problems seem to be around certificates.  When I first tried installing from the package which retrieves installation files from a server, it would fail with a similar message.  However I downloaded the larger 'offline' installer, which has enabled me to install the data gateway, but I'm unable to register using my Power BI account.  I get the following error; 

OnPremDG_Error_02.jpg

I've checked the event log and can't find anything related to it.  I can't find anything logged under C:\Program Files\On-premises data gateway.  I'm not entirely sure why its failing, it just vaguely mentions 'the validation procedure'.

 

Can someone point me in the right direction of where to proceed?


Thanks

15 REPLIES 15
Huib-van-Mierlo
New Member

Make sure you install the root- and intermediate CA certificates in the computer certificate store, in the correct containers (trusted root certification authorities and Intermediate Certification Authorities)

 

You can get them from my drive:

https://drive.google.com/drive/folders/1gOt-dp2-WkfzGmMCZiZNn_-i2Xutanfa?usp=sharing

 

---------------------------------------------------------------------------------------------------

Alternatively, you get them yourself using the scripts below. 

1. Create a file named:  Check-SSLCerts.cmd with this content:

 

pushd "%~dp0"
echo Generating report...
SET URLs="https://api.powerbi.com"
SET ReportFile=SslReport.txt
PowerShell -ExecutionPolicy bypass -Command ./Check-SSLCerts.ps1 -URLs %URLs% -ReportFile %ReportFile%
echo Report is at %ReportFile%
pause
rem -----------------------------end of file-------------------------------

create a second file named Check-SSLCerts.ps1 with this content, en then start Check-SSLCerts.cmd

 

# Check SSL certs by @chentiangemalc
# Source : http://chentiangemalc.wordpress.com
#
# - Runs through all URLs specified in URLs parameter, checks their cert, and downloads entire cert chain to %TEMP%\SslCerts in PCS7 format (.P7B)
# - If specified URLs redirect, the redirects will be followed
# - Outputs reasons for certificate failures
# - If report file parameter is specified log is generated
# - Specify UserAgent if desired
#
# If URLs redirect back & forth to each other
[CmdletBinding()]
param(
[string[]]$urls=@("https://api.powerbi.com"),
[string]$ReportFile="",
[string]$UserAgent="Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko")

if (![string]::IsNullOrEmpty($reportfile)) { Start-Transcript $ReportFile }

$global:currentURI = $null

# using GLOBAL so we display SSL error info to console
$global:RemoteCertificateValidationCallback = [System.Net.Security.RemoteCertificateValidationCallback]{
param(
[object]$sender,
[System.Security.Cryptography.X509Certificates.X509Certificate]$certificate,
[System.Security.Cryptography.X509Certificates.X509Chain]$chain,
[System.Net.Security.SslPolicyErrors]$sslPolicyErrors)

# save certificate
$certs = New-Object Security.Cryptography.X509Certificates.X509Certificate2Collection
$chain.ChainElements | ForEach-Object {[void]$certs.Add($_.Certificate)}

$sslCertPath = $env:TEMP + "\SslCerts"
if (!(Test-Path $sslCertPath))
{
mkdir $sslCertPath
}
$certFilename = $sslCertPath + "\" + $uri.DnsSafeHost + ".p7b"
Write-Host "Certificate saved to $certFilename"
Set-Content -Path $certFilename -Value $certs.Export("pkcs7") -Encoding Byte

if ($sslPolicyErrors -eq [System.Net.Security.SslPolicyErrors]::None)
{
Write-Host "SSL Certificate OK!" -ForegroundColor Green
}
else
{
Write-Host "SSL Certificate Errors!" -ForegroundColor Red
}

if ($sslPolicyErrors.HasFlag([System.Net.Security.SslPolicyErrors]::RemoteCertificateChainErrors))
{
Write-Host "- Remote Certificate Chain Errors" -ForegroundColor Red
ForEach ($status in $chain.ChainStatus) { Write-Host "- $($status.StatusInformation)" -ForegroundColor Red }
}

if ($sslPolicyErrors.HasFlag([System.Net.Security.SslPolicyErrors]::RemoteCertificateNameMismatch))
{
Write-Host "- Remote Certificate Name Mismatch" -ForegroundColor Red
}

if ($sslPolicyErrors.HasFlag([System.Net.Security.SslPolicyErrors]::RemoteCertificateNotAvailable))
{
Write-Host "- Remote Certificate Not Available" -ForegroundColor Red
}

# ignore invalid certificates
return $true
}

Function Check-SSLCertificate
{
param([parameter(Mandatory=$true)][uri]$uri)

$hostname = $uri.DnsSafeHost
$port = $uri.Port
#Create a TCP Socket to the computer and a port number
$tcpsocket = New-Object Net.Sockets.TcpClient($hostname, $port)

#test if the socket got connected
if(!$tcpsocket)
{
Write-Error "Error Opening Connection: $port on $hostname Unreachable"
exit 1
}
else
{
#Socket Got connected get the tcp stream ready to read the certificate
write-host "Successfully Connected to $hostname on $port" -ForegroundColor Green -BackgroundColor Black
$tcpstream = $tcpsocket.GetStream()
Write-host "Reading SSL Certificate…." -ForegroundColor Yellow -BackgroundColor Black
#Create an SSL Connection 4
$global:currentURi = $uri
$sslStream = New-Object System.Net.Security.SslStream($tcpstream,$false,$global:RemoteCertificateValidationCallback)
#Force the SSL Connection to send us the certificate
$sslStream.AuthenticateAsClient($hostname)

#Read the certificate
$certinfo = New-Object System.Security.Cryptography.x509certificates.x509certificate2($sslStream.RemoteCertificate)
}

return $certinfo
}

Function Write-URL($url)
{
$uri = [System.Uri]$url
Write-Host "$($uri.Scheme)://" -ForegroundColor Gray -NoNewLine
Write-Host $uri.Host -ForegroundColor Yellow -NoNewLine
Write-Host $uri.LocalPath -ForegroundColor Gray -NoNewLine
Write-Host $uri.Query -ForegroundColor DarkGray -NoNewline
}
Function Get-HttpContent($url)
{
try
{
Write-Host "Reading " -NoNewLine
Write-URL $url
Write-Host ""

$request = [System.Net.WebRequest]::Create($url)
$request.UserAgent = $UserAgent
$request.AllowAutoRedirect = $false

# 30 second timeout
$request.Timeout = 30000
$request.Method = "GET"
$request.UseDefaultCredentials = $true

$response = $request.GetResponse()
if ($response.StatusCode -eq "OK")
{
Write-Host "Status Code OK" -ForegroundColor Green
}
else
{
Write-Host "Status Code $($response.StatusCode)" -ForegroundColor Magenta
}

if ($response.StatusCode -eq "Ambiguous" -or
$response.StatusCode -eq "Found" -or
$response.StatusCode -eq "Redirect" -or
$response.StatusCode -eq "Moved" -or
$response.StatusCode -eq "MultipleChoices" -or
$response.StatusCode -eq "RedirectKeepVerb" -or
$response.StatusCode -eq "SeeOther" -or
$response.StatusCode -eq "TemporaryRedirect" -or
$response.StatusCode -eq "RedirectMethod" -or
$response.StatusCode -eq "MovedPermanently")
{
$redirectURL = $response.Headers["location"]
# relative redirect
if ($redirectURL.StartsWith("/"))
{
$redirectURL = $url + $redirectURL
}

Write-URL $url
Write-Host " redirects to "
Write-URL $redirectURL
Write-Host ""
Process-URL($redirectURL)

}
else
{
$stream = $response.GetResponseStream()
$reader = [System.IO.StreamReader]$stream
return $reader.ReadToEnd()
}
}
catch
{
Write-Host "FAILED. Error: $($_.Exception.InnerException.Message)" -ForegroundColor Red
}

}

Function Process-URL($url)
{
$uri = [System.Uri]$url
Write-Host "Checking certificate for " -NoNewLine
Write-Host "$($uri.Scheme)://" -NoNewLine -Foregroundcolor Gray
Write-Host "$($uri.Host)" -ForegroundColor Yellow
if ($uri.Scheme -eq "https")
{
$certInfo = Check-SSLCertificate $uri
Write-Host ""
Write-Host "Certificate Summary for " -NoNewline
Write-Host $($uri.Host) -ForegroundColor Yellow
Write-Host $certInfo
Write-Host ""
}

$content = Get-HttpContent($url)
if (![String]::IsNullOrEmpty($content))
{
if ($content -match '<meta\s{1,}http-equiv(\s)?=(\s)?"Refresh".*url\s{0,}=(.*)"')
{
$redirectURL = $Matches[3].Trim()
# relative redirect
if ($redirectURL.StartsWith("/"))
{
$redirectURL = $url + $redirectURL
}

Write-URL $url
Write-Host " redirects to "
Write-URL $redirectURL
Write-Host ""
Process-URL($redirectURL)
}
}
}

ForEach ($url in $urls)
{
Write-Host "**************************** " -NoNewLine -ForegroundColor Cyan
Write-Host $URL -NoNewline -ForegroundColor Yellow
Write-Host " ****************************" -ForegroundColor Cyan
Write-Host ""
Process-URL($url)
Write-Host ""
}

if (![string]::IsNullOrEmpty($reportfile)) { Stop-Transcript }

 

 




 

shamsuddeenvp
Post Patron
Post Patron

Dear @ChrisOnesBroken

 

WHether this issue got resolved.

 

We are also facing the same issue.

 

Can @v-yuezhe-msft help?

 

Br,

SHams

 

 

@shamsuddeenvp - nope, this is still ongoing.  It amazes me that this tool, most likely to be used by enterprises/business, those who have PITA firewall and/or proxy setups, takes so much configuring.  Its as if Microsoft are surprised their customers are using a firewall/proxy.

@ChrisOnesBroken any luck yet 🙂 ? I am also facing exactly the same issue and am looking for any pointers. Would appreciate if you have any update, please do post them.

This is now resolved, but only becuase our BI Service subscription has just been set up, and my personal account has beens swallowed up by the enterprise solution. 

v-yuezhe-msft
Employee
Employee

Hi @ChrisOnesBroken,

There are some proposals for you troubleshooting this issue.

1. Ensure that you download the latest version of Power BI Gateway from this link.
2. Make sure  that you add required ports and whitelist the IP addresses described in this article in your firewall.
3. Uninstall the current gateway, restart your machine, then install gateway and check if it is successful.

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Lydia (@v-yuezhe-msft),

 

Thanks for your reply.  I've ensured that I have the latest versions of Power BI Gateway.  As I said in my original post, the 556KB installer didn't even install the gateway, so I had to find the 30MB 'offline' download.

 

The required ports and IP addresses were configured on our firewall by our networking team according to the article you reference.

 

I've installed and uninstalled the gateway, with reboots inbetweem several times.

I've found the trace log files from;

 

C:\Users\[USERNAME]\AppData\Local\Microsoft\On-premises data gateway\

 

...and the contents are as follows;

 

Starting trace on 14/03/2017 11:39:31 UTC
Version: 13.0.1700.1099


EnterpriseGatewayConfigurator.exe Information: 0 : Initialize MainViewModel
EnterpriseGatewayConfigurator.exe Information: 0 : GetConfiguratorStateAsync
EnterpriseGatewayConfigurator.exe Information: 0 : Configuration client returned null
EnterpriseGatewayConfigurator.exe Information: 0 : Sign In
EnterpriseGatewayConfigurator.exe Error: 0 : Exception: Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.EmailDiscoveryServiceException: Network request returned unexpected error. ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.ConfiguratorClientExtensions.<DiscoverEmailProperties>d__19.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   --- End of inner exception stack trace ---
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DoNext(Object param)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardViewModelBase.DoNextWorker(Object param)
   at Microsoft.PowerBI.DataMovement.GatewayUXCommon.RelayCommand.<>c__DisplayClass6.<Execute>b__4()

Hi @ChrisOnesBroken,

The issue is related to certificate.  You can use Fiddler to capture request URL during the installation process, then check the certificate of the URL in IE,  for more details, you can following the instructions in this similar blog.

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

I've run fiddler, and the URL it seems to want to connect to is;

 

api.powerbi.com

 

OnPremDG_Error_03.jpg

 

In the on-premises data gateway, it presents the following error;

 

OnPremDG_Error_04.jpg

 

So are you saying I need to get the certificate for api.powerbi.com and add it as a trusted certificate on the server?

 

The log file is as follows;

 

EnterpriseGatewayConfigurator.exe Information: 0 : Initialize MainViewModel
EnterpriseGatewayConfigurator.exe Information: 0 : GetConfiguratorStateAsync
EnterpriseGatewayConfigurator.exe Information: 0 : Configuration client returned null
EnterpriseGatewayConfigurator.exe Information: 0 : Sign In
EnterpriseGatewayConfigurator.exe Error: 0 : Exception: Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.EmailDiscoveryServiceException: Network request returned unexpected error. ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.ConfiguratorClientExtensions.<DiscoverEmailProperties>d__19.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   --- End of inner exception stack trace ---
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DoNext(Object param)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardViewModelBase.DoNextWorker(Object param)
   at Microsoft.PowerBI.DataMovement.GatewayUXCommon.RelayCommand.<>c__DisplayClass6.<Execute>b__4()
EnterpriseGatewayConfigurator.exe Information: 0 : Sign In
EnterpriseGatewayConfigurator.exe Error: 0 : Exception: Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.EmailDiscoveryServiceException: Network request returned unexpected error. ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:8888
   at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
   --- End of inner exception stack trace ---
   at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
   at System.Net.Http.HttpClientHandler.GetRequestStreamCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.ConfiguratorClientExtensions.<DiscoverEmailProperties>d__19.MoveNext()
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   --- End of inner exception stack trace ---
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DiscoverCloudServiceDetails(HttpClient httpClient, String emailAddress)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardSignInViewModel.DoNext(Object param)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.WizardViewModelBase.DoNextWorker(Object param)
   at Microsoft.PowerBI.DataMovement.GatewayUXCommon.RelayCommand.<>c__DisplayClass6.<Execute>b__4()
EnterpriseGatewayConfigurator.exe Information: 0 : Update checks
EnterpriseGatewayConfigurator.exe Error: 0 : Failed to resolve DNS host for dns.msftncsi.com
EnterpriseGatewayConfigurator.exe Error: 0 : System.Net.Sockets.SocketException (0x80004005): This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server
   at System.Net.Dns.GetAddrInfo(String name)
   at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
   at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.Checks.NetworkCheck.CheckDNSQuery()
EnterpriseGatewayConfigurator.exe Information: 0 : Create webrequest for Uri: http://www.msftncsi.com/ncsi.txt
EnterpriseGatewayConfigurator.exe Information: 0 : Checking for On-premises data gateway service
EnterpriseGatewayConfigurator.exe Information: 0 : Fetch state for On-premises data gateway service
EnterpriseGatewayConfigurator.exe Information: 0 : Service state: Running
EnterpriseGatewayConfigurator.exe Error: 0 : System.AggregateException: One or more errors occurred. ---> System.TimeoutException: The operation has timed out.
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.Checks.CheckManager.<RunChecks>d__0.MoveNext()
   --- End of inner exception stack trace ---
---> (Inner Exception #0) System.TimeoutException: The operation has timed out.
   at Microsoft.PowerBI.DataMovement.EnterpriseGatewayConfigurator.Checks.CheckManager.<RunChecks>d__0.MoveNext()<---

EnterpriseGatewayConfigurator.exe Error: 0 : Gateway service health check Timeout failed with error : Health check failed because it cannot finish in 2000 ms.
EnterpriseGatewayConfigurator.exe Information: 0 : Create httpclient request for Uri: http://www.msftncsi.com/ncsi.txt

Hi @ChrisOnesBroken,

Do you use Proxy in your scenario? If so, have you followed the instructions in the articles below to configure proxy setting?

https://powerbi.microsoft.com/en-us/documentation/powerbi-gateway-proxy/
https://powerbi.microsoft.com/en-us/documentation/powerbi-gateway-onprem-tshoot/#firewall-or-proxy

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks @v-yuezhe-msft,

 

I've run the powershell in the first link, and it times out;

PS H:\> Test-NetConnection -ComputerName watchdog.servicebus.windows.net -Port 9350
WARNING: Ping to watchdog.servicebus.windows.net failed -- Status: TimedOut


ComputerName           : watchdog.servicebus.windows.net
RemoteAddress          : 70.37.104.240
RemotePort             : 9350
InterfaceAlias         : Team1
SourceAddress          : [Redacted]
PingSucceeded          : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : True

 

However the firewall is off on the server, and server has been configured on the corporate firewall to access "any destination on TCP 443 , 5671, 5672 and 9350-9354"

 

I'm logged on as myself and have full access to do anything needed, and I've tried setting the 'On-Premises data gateway services' service to run as an AD account (pbi_DataGatewaySA) which has access to the internet etc.

 

EDIT: Further to the above, I've spoken to our networking team and they're surprised that I've been asked to ping the address becuase the documentation doesn't call for it (https://powerbi.microsoft.com/en-us/documentation/powerbi-gateway-onprem/#ports).  They've added ping/icmp to the policy, but it still doesn't respond using the powershell.

Hi @ChrisOnesBroken,

The Test-NetConnection may not work if your server don’t have direct Internet connections and all connections must go through your proxy server.

Modify the Microsoft.PowerBI.DataMovement.Pipeline.GatewayCore.dll.config file by changing the value from AutoDetect to Https. Also configure Proxy following the guide in this article and check if the issue still occurs.

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

@v-yuezhe-msft

I have amended the Microsoft.PowerBI.DataMovement.Pipeline.GatewayCore.dll.config file to;

 

      <setting name="ServiceBusSystemConnectivityModeString" serializeAs="String">
        <value>Https</value>
      </setting>

 

As suggested.

 

The enterprisegatewayconfigurator.exe.config is already configured with the value;

 

  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>

 

...as the article here;

 

https://powerbi.microsoft.com/en-us/documentation/powerbi-gateway-proxy/

 

...suggests.

 

The error is still occuring, and failing to configure.

I ran the On-Premises data gateway, and when I entered my email address for the PowerBI account I've been using, I got the following;

 

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.

Version: 3.1 (TLS/1.0)

Random: 58 C9 20 55 4F F0 6E 6F B3 53 FD 1E E5 AA 79 8D 57 E3 EE A1 53 AC 4A 2E 7F 20 C1 C6 22 B1 DC 85

"Time": 05/04/2015 06:34:16

SessionID: empty

Extensions:

renegotiation_info 00

server_name api.powerbi.com

elliptic_curves secp256r1 [0x17], secp384r1 [0x18]

ec_point_formats uncompressed [0x0]

SessionTicket empty

Ciphers:

[C014] TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA

[C013] TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA

[0035] TLS_RSA_AES_256_SHA

[002F] TLS_RSA_AES_128_SHA

[C00A] TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

[C009] TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

[0038] TLS_DHE_DSS_WITH_AES_256_SHA

[0032] TLS_DHE_DSS_WITH_AES_128_SHA

[000A] SSL_RSA_WITH_3DES_EDE_SHA

[0013] SSL_DHE_DSS_WITH_3DES_EDE_SHA

[0005] SSL_RSA_WITH_RC4_128_SHA

[0004] SSL_RSA_WITH_RC4_128_MD5

Compression:

[00] NO_COMPRESSION

 

I've browsed to https://api.powerbi.com/ in IE, and as expected, I received the error 'There is a problem with this website's security certificate'.

 

I proceeded to 'trust' the certificate in IE.  I clicked 'Sign in' again on the On-Premises data gateway, and was presented with subsequent error messages;

 

Ensure network access is functioning correctly.  Firewall and proxy configurations may need to be changed.

 

and

 

Gateway service health check failed.  Common issues can be found at https://go.microsoft.com/fwlink/?linkid=838272

 

Below is the stack trace:

Health check failed becuase it cannot finish in 2000ms.

 

 

Helpful resources

Announcements
Fabric Community Conference

Microsoft Fabric Community Conference

Join us at our first-ever Microsoft Fabric Community Conference, March 26-28, 2024 in Las Vegas with 100+ sessions by community experts and Microsoft engineering.

February 2024 Update Carousel

Power BI Monthly Update - February 2024

Check out the February 2024 Power BI update to learn about new features.

Fabric Career Hub

Microsoft Fabric Career Hub

Explore career paths and learn resources in Fabric.

Fabric Partner Community

Microsoft Fabric Partner Community

Engage with the Fabric engineering team, hear of product updates, business opportunities, and resources in the Fabric Partner Community.

Top Solution Authors
Top Kudoed Authors