Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
G_CR_23
Helper I
Helper I

ODATA Feed credentials error

‎02-18-2026 05:22 AM

Hi everyone,

I'm facing a classic but stubborn authentication issue with an on-premises OData feed from Dynamics 365 Business Central. I hope someone can confirm my findings.

The Setup:

  • Data Source: Business Central On-Premises OData Feed (http://<servername>:<port>/...).

  • Connectivity: Requires a VPN connection.

  • Power BI Desktop: Works perfectly. I can connect, refresh data, and credentials (Basic authentication) are accepted.

  • Power BI Service: Fails consistently.

The Problem:
When I publish the semantic model and try to configure the credentials in the Power BI Service (mapped to a gateway), I always receive an "Invalid Credentials" error.

What I've Tried (Exhaustively):

  1. Gateways: I've tried both a Personal Gateway and a Standard Gateway installed on a machine that has direct access to the OData feed via VPN. The result is the same.

  2. Credentials: I've tried every possible username format (userdomain\useruser@domain.com) with both Basic and Windows authentication methods.

  3. Troubleshooting: I've cleared permissions in Desktop, cleared the cache, tried from a clean PBIX file, and even used the Web connector instead of OData—the error is always the same.

The Key Finding (Fiddler Analysis):
After all the failed attempts, I ran a Fiddler trace and this has confirmed the root cause.

  • Power BI Desktop (Successful Request): Sends an Authorization: NTLM TlRMTVNTUA... header. The server accepts it.

  • Power BI Service via Gateway (Failed Request): Sends an Authorization: Bearer eyJ0eXAiOiJKV1Qi... header (an Azure AD JWT token). The server rejects this, leading to the "Invalid Credentials" error.

My Conclusion / The Question:
My diagnosis is that the on-prem Business Central server is only configured to accept Windows Authentication (NTLM/Kerberos), and it cannot process the Azure AD token sent by the Power BI service.

This leads me to believe that the only solution is to have our IT department configure a Standard Gateway with Kerberos Constrained Delegation (KCD) to allow the gateway service to impersonate the user and perform a Kerberos/NTLM authentication against the BC server.

Can anyone with experience in this specific scenario confirm if my conclusion is correct? Is requesting IT to set up KCD the definitive and only way forward, or are there any other workarounds I might have missed?

Thanks in advance for your help!

Message 1 of 6
452 Views
0
2 ACCEPTED SOLUTIONS
rohit1991
Super User
Super User

‎02-18-2026 05:30 AM

Hii @G_CR_23 

 

Requesting IT to configure Kerberos Constrained Delegation on the Standard Gateway is the proper and definitive fix. There is no reliable workaround unless:

  • Business Central is reconfigured to support another auth method (e.g., AAD), or

  • You switch to a different integration approach (e.g., API layer).

Your Fiddler findings align exactly with expected behavior.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

View solution in original post

Message 2 of 6
444 Views
0
v-saisrao-msft
Community Support
Community Support

‎02-18-2026 10:02 PM

Hi @G_CR_23,

Thank you @rohit1991, for your insights.

This issue arises because Power BI Desktop connects to on-premises Microsoft Dynamics 365 Business Central using Windows authentication, but Power BI Service uses an Azure AD bearer token, which the on-prem server can't accept. To resolve this, you need to install a Standard On-premises data gateway and set up Kerberos Constrained Delegation in Active Directory. The gateway should run under a dedicated domain service account with the necessary SPNs and delegation permissions, allowing it to impersonate users and authenticate to Business Central via Kerberos. That Personal Gateway mode won't work in this case. This is an infrastructure authentication setup requirement, not a Power BI credential problem.

Configure Kerberos-Based SSO from Power BI Service to On-Premises Data Sources - Power BI | Microso…

Active Directory (AD) SSO - Power BI | Microsoft Learn

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

Test single sign-on (SSO) configuration - Power BI | Microsoft Learn

 

Thank you.

 

 

 

View solution in original post

Message 4 of 6
363 Views
0
5 REPLIES 5
G_CR_23
Helper I
Helper I

‎02-22-2026 11:38 PM

hi @v-saisrao-msft , hi @rohit1991 , thank you for your help, i accepted your answers as solution because the problem was windows authentication.

In any case, fortunatelly, IT provides me another url endpoint where i can access with basic access, in power bi desktop and also in pwoer bi service. This allows me to configure a normal gateway in personal mode and just only insert basic credentials in the connection configuration.

So, if anyone has my same problem, ask your it if they can provide you an url endpoint where you can access with basic credentials. In this way, you resolve your problem. On the contrary yes, kerberos delegation is the only way to configure it.

Thank you!

Message 6 of 6
264 Views
v-saisrao-msft
Community Support
Community Support

‎02-22-2026 07:42 PM

Hi @G_CR_23,

Have you had a chance to review the solution we shared earlier? If the issue persists, feel free to reply so we can help further.

 

Thank you.

Message 5 of 6
277 Views
0
v-saisrao-msft
Community Support
Community Support

‎02-18-2026 10:02 PM

Hi @G_CR_23,

Thank you @rohit1991, for your insights.

This issue arises because Power BI Desktop connects to on-premises Microsoft Dynamics 365 Business Central using Windows authentication, but Power BI Service uses an Azure AD bearer token, which the on-prem server can't accept. To resolve this, you need to install a Standard On-premises data gateway and set up Kerberos Constrained Delegation in Active Directory. The gateway should run under a dedicated domain service account with the necessary SPNs and delegation permissions, allowing it to impersonate users and authenticate to Business Central via Kerberos. That Personal Gateway mode won't work in this case. This is an infrastructure authentication setup requirement, not a Power BI credential problem.

Configure Kerberos-Based SSO from Power BI Service to On-Premises Data Sources - Power BI | Microso…

Active Directory (AD) SSO - Power BI | Microsoft Learn

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

Test single sign-on (SSO) configuration - Power BI | Microsoft Learn

 

Thank you.

 

 

 

Message 4 of 6
364 Views
0
rohit1991
Super User
Super User

‎02-18-2026 05:30 AM

Hii @G_CR_23 

 

Requesting IT to configure Kerberos Constrained Delegation on the Standard Gateway is the proper and definitive fix. There is no reliable workaround unless:

  • Business Central is reconfigured to support another auth method (e.g., AAD), or

  • You switch to a different integration approach (e.g., API layer).

Your Fiddler findings align exactly with expected behavior.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 2 of 6
445 Views
0
G_CR_23
Helper I
Helper I
In response to rohit1991

‎02-18-2026 05:39 AM

HI @rohit1991 
thank you for your answer.

I don't know how to explain in a correct way to it how to do this, because:

1 Actually my personal gateway runs with an organizational account (the same that i use to publish the report). First question, i need to switch to a standard gateway?

2 Second question, in the standard gateway login i should use the same organizational acocunt that i use now?

3 Actually, for ofeed data i use basic credentials with COMPANY\username + password. This credentials has nothing to do with the gateway/power bi account, so what i should say to it t o do?
This is out of my knowledge so my main goal is to provide to the client IT team with a clear, step-by-step request.

Thank you

Message 3 of 6
433 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All