Reputation: 815
OpenAI Studio by adding data source with blob storage gives "No valid managed private endpoint found" error message
On Azure the OpenAI Studio by adding data source with blob storage connection gives the following error message on validation: "No valid managed private endpoint found"
Q: Who is missing what? How to resolve this issue? How to get more details on what is missing?
All other message was quite helpful during validation but not this one!
Configuration: We have a peered network; on one segment we have the OpenAI and on the other segment we have the Cognitive search. Privat DNS is configured and linked to boot network for storage, OpenAI and Cognitive search as well, name resolution works on boot network segments.
Investigation:
The following articles may relate to this topic:
- Securely use Azure OpenAI On Your Data - Enable trusted service
- AuthenticationError 401 - Principal Does Not Have Access to API/Operation when using Azure Open AI with Python SDK
Potential fixes:
- I changed the network setting of the corresponding cognitive search to enable "Allow Azure services on the trusted services list to access this search service." and afterwards the issue was gone. Still, I got a new issue: "We couldn't connect your data Principal does not have access to API/Operation."
More details:
Initially I had more warnings at validation step:
- The Azure AI Search resource has disabled RBAC authentication
- Azure OpenAI resource system assigned managed identity miss the following roles to the Azure AI Search resource: Search Service Contributor, Search Index Data Reader
- No valid managed private endpoint found
- The Azure AI Search system assigned managed identity doesn't have required role assignment to Azure OpenAI resource: Cognitive Services OpenAI Contributor. Adding role assignments takes about 10 minutes to take effect.
- The Azure AI Search system assigned managed identity doesn't have required role assignment to the Storage account: Storage Blob Data Reader. Adding role assignments takes about 10 minutes to take effect.
I've added those roles to the required resource.
Upvotes: 0
Views: 554
Answers (0)
Related Questions
- Using Managed Identity to Access Azure OpenAI Service
- Difference between Service Principal and Managed Identities in Azure
- AuthenticationError 401 - Principal Does Not Have Access to API/Operation when using Azure Open AI with Python SDK
- Terraform Role Assignment Issues for Azure Function with Microsoft Sentinel Reader and Storage Blob Data Contributor
- User XXX does not have access to compute instance YYY. Azure Machine Learning
- Issue : Enqueuing the message to azure storage queue is not working with Managed Identity