Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Vienna from September 15-18, 2025, for the ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM. Get registered

Reply
waltheed
Impactful Individual
Impactful Individual

Tutorial steps for setting up server for mirroring do not work

‎05-21-2025 03:13 PM

I am trying to set up my local server for Mirroring with Fabric.
It's a SQL Server 2025, and I am following these instructions: Tutorial: Configure Microsoft Fabric Mirrored Databases From SQL Server - Microsoft Fabric | Micros...

 

I managed to connect my server with Azure Arc. It's visible on the Azure Arc page. 
Now I need to run a PowerShell script "to configure the system-assigned managed identity (SAMI) and necessary registry keys " (this is step 2 for SQL Server 2025)


I get an error when running the ps script from step 2 for sql server 2025, the one that creates registry keys and other tings.

The error is: "Can not establish communication with IMDS service. You need either to have Azure Arc service installed or run this script on Azure VM."

 

The point of all this is adding an on prem server, not a VM...
Is there an error in the script, or am I doing something wrong?

 

This is the ps script:

 

$apiVersion = "2020-06-01"
 $resource = "https://storage.azure.com/"
 $ep = $env:IDENTITY_ENDPOINT
 $msi = "arc"
 if (!$ep) {
     $msi = "vm"
     $ep = 'http://169.254.169.254/metadata/identity/oauth2/token'
 }
 $endpoint = "{0}?resource={1}&api-version={2}" -f $ep,$resource,$apiVersion
 $secretFile = ""
 try {
     Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'} -UseBasicParsing > $null
     $msi = "vm"
 } catch {
     if ($_.Exception.Response.Headers) {
         $wwwAuthHeader = $_.Exception.Response.Headers["WWW-Authenticate"]
         if ($wwwAuthHeader -match "Basic realm=.+") {
             $secretFile = ($wwwAuthHeader -split "Basic realm=")[1]
         }
     }
 }
 $secret = ""
 if ($secretFile) {
     $msi = "arc"
     $secret = cat -Raw $secretFile
 }
 try {
     $response = Invoke-WebRequest -Method GET -Uri $endpoint -Headers @{Metadata='True'; Authorization="Basic $secret"} -UseBasicParsing
 } catch {
     Write-Output "Can not establish communication with IMDS service. You need either to have Azure Arc service installed or run this script on Azure VM."
 }
 if ($response) {
     $parts = (ConvertFrom-Json -InputObject $response.Content).access_token -split "\."
     $padLength = 4 - ($parts[1].Length % 4)
     if ($padLength -ne 4) { $parts[1] += "=" * $padLength }
     $payload = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($parts[1])) | ConvertFrom-Json
     $regPath = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL"
     $instance = ""
     $regKey = Get-Item -Path $regPath
     $regKey.GetValueNames() | Where-Object { $regKey.GetValue($_) -match 'MSSQL17' } | ForEach-Object {
         $instance = $_
         $service = if ($instance -eq "MSSQLSERVER") { "MSSQLSERVER" } else { "MSSQL$" + $instance }
         $reginst = $regKey.GetValue($_)
         $regFed = "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\$($reginst)\MSSQLServer\FederatedAuthentication"
         if (-not (Test-Path -Path $regFed)) {
             New-Item -Path $regFed -Force > $null
         }
         if ($msi -eq "arc") {
             Write-Host "Registering Azure Arc MSI service for SQL Server instance: " $instance `n
             Set-ItemProperty -Path $regFed -Name "ArcServerManagedIdentityClientId" -Value ""
             Set-ItemProperty -Path $regFed -Name "ArcServerSystemAssignedManagedIdentityClientId" -Value $($payload.appid)
             Set-ItemProperty -Path $regFed -Name "ArcServerSystemAssignedManagedIdentityTenantId" -Value $($payload.tid)
             $svcPath = "HKLM:\SYSTEM\CurrentControlSet\Services\$($service)"
             if (Test-Path -Path $svcPath) {
                 $keyPath = Split-Path $secretFile
                 $svcKey = Get-Item -Path $svcPath
                 $sqlAccount = $svcKey.GetValue("ObjectName")
                 if ($sqlAccount -ne "LocalSystem") {
                     Write-Host "Permissioning folder" $keyPath "for SQL Server account" $sqlAccount `n
                     icacls $keyPath /grant "$($sqlAccount):(OI)(CI)R"
                     $group = "Hybrid agent extension applications"
                     $isMember = Get-LocalGroupMember -Group $group | Where-Object { $_.Name -eq $sqlAccount }
                     if (-not $isMember) {
                         Write-Host "Also adding SQL running account to local group: $group" `n
                         Add-LocalGroupMember -Group $group -Member $sqlAccount
                     } else {
                         Write-Host ""
                     }
                 }
             }
         } else {
             Write-Host "Registering Azure VM MSI service for SQL Server instance: " $instance `n
             Set-ItemProperty -Path $regFed -Name "PrimaryAADTenant" -Value ""
             Set-ItemProperty -Path $regFed -Name "OnBehalfOfAuthority" -Value "https://login.windows.net/"
             Set-ItemProperty -Path $regFed -Name "FederationMetadataEndpoint" -Value "login.windows.net"
             Set-ItemProperty -Path $regFed -Name "AzureVmManagedIdentityClientId" -Value ""
             Set-ItemProperty -Path $regFed -Name "AzureVmSystemAssignedManagedIdentityClientId" -Value $($payload.appid)
             Set-ItemProperty -Path $regFed -Name "AzureVmSystemAssignedManagedIdentityTenantId" -Value $($payload.tid)
         }
     }
     Write-Host "Registeration complete for:" `n "Client ID: " $($payload.appid) `n "Tenant ID: " $($payload.tid) `n
 }

 

Many Thanks,

Edgar Walther

Cheers, Edgar Walther
ITsmart BI and Analytics consultant
Labels:
Message 1 of 10
608 Views
0
1 ACCEPTED SOLUTION
v-prasare
Community Support
Community Support

‎06-10-2025 03:39 AM

Hi @waltheed

Thanks for actively participating in MS Fabric community support.

 

Since your still blocked here. i suggest you to raise support ticket in this scenario
To raise a support ticket for Fabric and Power BI, kindly follow the steps outlined in the following guide:

How to create a Fabric and Power BI Support ticket - Power BI | Microsoft Learn

 

 

 

 

Thanks,

Prashanth Are

MS Fabric community support

View solution in original post

Message 9 of 10
206 Views
0
9 REPLIES 9
v-prasare
Community Support
Community Support

‎06-12-2025 12:42 AM

Hi @waltheed,

 

We are following up once again regarding your query. Could you please confirm if the issue has been resolved through the support ticket with Microsoft?

If the issue has been resolved, we kindly request you to share the resolution or key insights here to help others in the community. If we don’t hear back, we’ll go ahead and close this thread.

Should you need further assistance in the future, we encourage you to reach out via the Microsoft Fabric Community Forum and create a new thread. We’ll be happy to help.

 

Thank you for your understanding and participation.

Message 10 of 10
170 Views
0
v-prasare
Community Support
Community Support

‎06-10-2025 03:39 AM

Hi @waltheed

Thanks for actively participating in MS Fabric community support.

 

Since your still blocked here. i suggest you to raise support ticket in this scenario
To raise a support ticket for Fabric and Power BI, kindly follow the steps outlined in the following guide:

How to create a Fabric and Power BI Support ticket - Power BI | Microsoft Learn

 

 

 

 

Thanks,

Prashanth Are

MS Fabric community support

Message 9 of 10
207 Views
0
v-prasare
Community Support
Community Support

‎06-03-2025 05:29 AM

@EricParvinAs we haven’t heard back from you, we wanted to kindly follow up to check if the solution provided for your issue worked? or let us know if you need any further assistance here?

 

 

 

Thanks,

Prashanth Are

MS Fabric community support

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly and give Kudos if helped you resolve your query

Message 7 of 10
316 Views
0
waltheed
Impactful Individual
Impactful Individual
In response to v-prasare

‎06-04-2025 01:35 AM

I do need further assistance, see my reply just above:

Thanks, I checked these, but none of the mentioned limitations apply to this case. 

 

Cheers, Edgar Walther
ITsmart BI and Analytics consultant
Message 8 of 10
299 Views
0
v-prasare
Community Support
Community Support

‎05-27-2025 03:42 AM

Hi @waltheed ,


Although your server is connected to Azure Arc and visible in the portal, it is missing the Hybrid Identity extension.
This extension is essential for non-Azure (on-premises) servers to simulate the IMDS (Instance Metadata Service) endpoint, which is required to support System Assigned Managed Identity (SAMI) for SQL Server.

 

Try Installing Hybrid Identity Extension, follow below steps to install via Azure Portal:

  1. Open the Azure Portal and go to Azure Arc > Servers.

  2. Select your Arc-enabled server.

  3. In the left-hand menu, click Extensions.

  4. Click + Add.

  5. Select Azure Hybrid Identity (also known as Microsoft.AzureArc.HybridCompute.Identity).

  6. Follow the prompts to complete the installation.

by adding above extension:

  • Sets up the required IMDS endpoint on the local machine (http://localhost:40342/...)

  • Enables SAMI (System Assigned Managed Identity) support for SQL Server

  • Allows the PowerShell script to complete successfully and configure registry settings

 

 

 

 

Thanks,

Prashanth Are

MS Fabric community support

Message 2 of 10
511 Views
waltheed
Impactful Individual
Impactful Individual
In response to v-prasare

‎05-28-2025 01:51 AM

Thanks for your reply. 

It does not really match the menu options. 

3 In the left-hand menu go to Settings > Extensions

 

Then I get to a screen where I do not see the "Azure Hybrid Identity" extension:

 

waltheed_0-1748419341055.png

Which one should I pick?

I selected Azure Extensions for SQL Server but then the PS script still dopes not work. 

 

 

Cheers, Edgar Walther
ITsmart BI and Analytics consultant
Message 3 of 10
488 Views
0
v-prasare
Community Support
Community Support
In response to waltheed

‎05-30-2025 05:03 AM

Hi @waltheed,

 

This might be due to limitiations mentioned in below documentation?

Limitations of Fabric Mirrored Databases From SQL Server - Microsoft Fabric | Microsoft Learn

 

 

 

Thanks,

Prashanth Are

MS Fabric community support

Message 4 of 10
444 Views
0
waltheed
Impactful Individual
Impactful Individual
In response to v-prasare

‎06-03-2025 05:58 AM

Thanks, I checked these, but none of the mentioned limitations apply to this case. 

Cheers, Edgar Walther
ITsmart BI and Analytics consultant
Message 5 of 10
310 Views
0
v-prasare
Community Support
Community Support
In response to waltheed

‎06-05-2025 03:42 AM

Hi @waltheed,

 

If you can't find the "Azure Hybrid Identity" extension in the Azure portal, try the below following steps and you might need to install it manually.

 

Other Things to Check:

  • Make sure the Hybrid Instance Metadata Service (HIMDS) is running on your machine. You can check its status by running: Get-Service -Name himds
  • If the agent isn't connected, you'll need to connect it using the appropriate azcmagent connect command with your resource group, tenant ID, location, and subscription ID.
  • Confirm your server can access Azure endpoints (i.e., check for firewall or proxy issues).
  • Ensure the SQL Server service account has access to the folder:
    C:\ProgramData\AzureConnectedMachineAgent\Tokens\

 

 

Thanks,

Prashanth Are

MS Fabric community support

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly and give Kudos if helped you resolve your query

 

Message 6 of 10
283 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

May FBC25 Carousel

Fabric Monthly Update - May 2025

Check out the May 2025 Fabric update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All