Reputation: 1
Unable to connect to Tableau Cloud from Azure Synapse Analytics using Tableau Bridge with private endpoints
I am trying to connect to Tableau Cloud from Azure Synapse Analytics using Tableau Bridge and I am facing the following error: Error Message: "Can’t connect to Azure Synapse Analytics Detailed Error Message: There was an unknown connection error to the database. The error message below has additional information, but you might need to ask the database administrator to review the database logs. [Microsoft][ODBC Driver 17 for SQL Server] [SQL Server] Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes. To connect to this server, use the Private Endpoint from inside your virtual network. Unable to connect to the Azure Synapse Analytics server 'workspacename.privatelink.sql.azuresynapse.net'. Check that the server is running and that you have access privileges to the requested database."
•Two VNets, which are peered: one has Synapse Analytics, the other has an Azure dedicated VM that hosts the Tableau Bridge. •Network Security Groups (NSGs) associated with each subnet. •Ports 443 for HTTPS and 1433 for SQL are open on the VMs hosting Tableau Bridge and Synapse Analytics both inbound and outbound. •Private endpoints are created for Synapse Analytics (dedicated SQL pool). •The VM hosting Tableau Bridge has Managed Identity enabled. •Logins are created on the dedicated SQL pool for the Managed Identity of the VM hosting the Bridge. •nslookup resolves the IPs of private endpoints for Azure Synapse Analytics from the Azure VM hosting the Tableau Bridge, indicating no connectivity issues. •Test-NetConnection from PowerShell shows ports 1433 and 443 are open. •I have downloaded and installed ODBC Driver 18 using system managed identity with synapse analytics. •For testing purposes, I also installed SSMS on the VM hosting Tableau Bridge and connected it to the dedicated SQL pool located in different VNets without issues. Note: When I downloaded a CData ODBC driver, I was able to connect to the Tableau Cloud using Tableau Desktop and private endpoints from Synapse, but still couldn't connect through the Tableau Bridge. Not sure if there is any issue with the Tableau Bridge, whether it is not compatible or what is going on? What I Tried and Expected: I have no problem connecting Synapse with Tableau Cloud when using public traffic. However, the problem arises when I disable public traffic on the Synapse side. I expected that by using private endpoints and ensuring all necessary configurations, the connection would be successful.
Upvotes: 0
Views: 117
Answers (1)
Reputation: 5317
Can’t connect to Azure Synapse Analytics Detailed Error Message: There was an unknown connection error to the database. The error message below has additional information, but you might need to ask the database administrator to review the database logs. [Microsoft][ODBC Driver 17 for SQL Server] [SQL Server] Reason: An instance-specific error occurred while establishing a connection to SQL Server. Connection was denied since Deny Public Network Access is set to Yes. To connect to this server, use the Private Endpoint from inside your virtual network. Unable to connect to the Azure Synapse Analytics server 'workspacename.privatelink.sql.azuresynapse.net'. Check that the server is running and that you have access privileges to the requested database."
The connection to Azure Synapse Analytics is being denied because public network access is disabled. That may be reason to get above error. To connect, you must use a private endpoint from within your virtual network. While using private endpoint you can ensure below instructions:
Ensure that the NSG rules allow traffic from the VM hosting Tableau Bridge to the private endpoint of Azure Synapse Analytics. Both inbound and outbound rules should permit traffic on the necessary ports
Since you've installed ODBC Driver 18, ensure that it's configured to use the Managed Identity for authentication.
Private Link service can be accessed from approved private endpoints in the same region. The private endpoint can be reached from the same virtual network, regionally peered VNets, globally peered VNets and on premises using private VPN or ExpressRoute connections.
The Private Link Service must be deployed in the same region as the virtual network.
A single Private Link Service can be accessed from multiple Private Endpoints belonging to different VNets, subscriptions and/or Active Directory tenants. The connection is established through a connection workflow.
For more information you can refer to below documents:
Upvotes: 0
Related Questions
- How to call Logic App from azure synapse analytics?
- Error while connecting to SQL server using pyodbc from Azure Synapse Notebook
- How to implement "High Availability" for Azure Synapse Analytics?
- Azure synapse studio connectivity using Private end point
- Difference between the dedicated sql pool and dedicated sql pool inside the azure synapse analytics?
- Azure Synapse Analytics Powershell or CLI to provision Managed Private Endpoint
- Azure Synapse Analytics Dedicated SQL pool - IIF statement is not working
- Azure Synapse Analytics | Login failed for user '<token-identified principal>'
- Azure Synapse analytics connectivity with Tableau
- Connecting to Azure Synapse SQL On-Demand leads to "syscharsets is not supported" error