BryanTrach-MSFT
commented
5 years ago @bertrandpons Can you please provide us with the URL of the doc that you are having issues with? We look forward to your reply.
Closed bertrandpons closed 5 years ago
BryanTrach-MSFT
commented
5 years ago @bertrandpons Can you please provide us with the URL of the doc that you are having issues with? We look forward to your reply.
bertrandpons
commented
5 years ago @BryanTrach-MSFT It is more a question related to the following document: https://docs.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations. I navigated on different blogs and I can't find a solution apart opt-in "Allow access to Azure services" in SQL Server firewall rules to allow access to the DB from ADF. Is there another way to narrow the access to only required services ?
CHEEKATLAPRADEEP-MSFT-zz
commented
5 years ago @bertrandpons Note: Azure-SSIS integration run time supports only Azure Resource Manager virtual networks for your Azure-SSIS IR to join if you use Azure SQL Database server with virtual network service endpoints or require access to on-premises data stores.
The Data Factory service connects to your Azure SQL Database to prepare the SSIS Catalog database (SSISDB). It also configures permissions and settings for your virtual network, if specified, and joins the new instance of Azure-SSIS integration runtime to the virtual network.
For more details, refer “Create Azure-SSIS Integration Runtime in Azure Data Factory”.
Hope this helps.
bertrandpons
commented
5 years ago @CHEEKATLAPRADEEP-MSFT Thank you for your reply. I don't want to use virtual network, only Azure SQL Database without virtual network service endpoints.
My question is more to know if there is a pool of ip addresses from my ADF Azure-SSIS IR to allow in Azure SQL Server firewall rules to make ADF and the SQL server communicate, instead of let turned on the rule "Allow access to Azure services"
CHEEKATLAPRADEEP-MSFT-zz
commented
5 years ago @bertrandpons To allow ADF from Azure to connect to your Azure SQL server, “Allow access to Azure Services” must be ON. When an ADF from Azure attempts to connect to your database server, the firewall verifies that Azure connections are allowed. A firewall setting with starting and ending address equal to 0.0.0.0 indicates Azure connections are allowed. If the connection attempt is not allowed, the request does not reach the Azure SQL Database server.
CHEEKATLAPRADEEP-MSFT-zz
commented
5 years ago @bertrandpons We will now proceed to close this thread. If there are further questions regarding this matter, please comment and we will gladly continue the discussion.
rvgolovin
commented
4 years ago Is there a plan to make it possible for the Azure SQL DB to set a firewall rule to allow only the Data Factory to connect to it and not have to open the SQL DB to the entire Azure?
silva-3
commented
4 years ago I'm looking for the same solution. In this we apparently have the possible outbound ips by region: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses. But we still without the IP by instance, as we get in App Service, for example
chandainfy
commented
4 years ago @CHEEKATLAPRADEEP-MSFT we have a similar situation, however, the SQL server name is correct, credentials are correct and allowed all azure resource is enabled.
still, the Data factory pipeline is failing with below error:
"message": "ErrorCode=SqlFailedToConnect,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Cannot connect to SQL Database: '
CharlesAtDCube
commented
4 years ago Same here, while trying to copy data from on prem SQL Server instance with IR correctly installed (I can look up), to Azure SQL Database, I get the same error as @chandainfy. As if the on prem base tried to connect directly to my azure sqldb.
clouddatabuilders
commented
4 years ago Please can someone provide more detail around port 8060 and whether that's needed. As I understand, this port only required when configuring HA mode for the IR engine for an on premise setup?
Codypinto23
commented
4 years ago Having the same issue as @chandainfy. Anyone have any updates on getting this to work?
CharlesAtDCube
commented
4 years ago I circumvented it by enabling staging, which does not use the 1433 port.
Le 24 août 2020 19:54, Cody Pinto notifications@github.com a écrit :
Having the same issue here. Anyone have any updates on getting this to work?
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/azure-docs/issues/25357#issuecomment-679275547, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANRTHLWVWA2QVWPUYUWM2DDSCKSMBANCNFSM4GYVVVSA.
clintgrove
commented
4 years ago Is there a plan to make it possible for the Azure SQL DB to set a firewall rule to allow only the Data Factory to connect to it and not have to open the SQL DB to the entire Azure?
Is it not possible to host a self-hosted IR on a VM. Then use it to connect back to the Azure SQL DB. So the communication runs between your ADF through the IR on the VM, and then back to the Azure SQL server. This should eliminate the need to keep changing the IP? If the VM has a static IP for example... Not sure, its just an idea.
I just realised that you can now create an azure IR and you can create managed private endpoints in the factory itself. So yeah, this seems to be the solution https://azure.microsoft.com/en-gb/blog/azure-data-factory-managed-virtual-network/
MickBadran
commented
4 years ago @CHEEKATLAPRADEEP-MSFT we have a similar situation, however, the SQL server name is correct, credentials are correct and allowed all azure resource is enabled. still, the Data factory pipeline is failing with below error: "message": "ErrorCode=SqlFailedToConnect,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Cannot connect to SQL Database: '', Database: '', User: ''. Check the linked service configuration is correct, and make sure the SQL Database firewall allows the integration runtime to access.,Source=Microsoft.DataTransfer.ClientLibrary,''Type=System.Data.SqlClient.SqlException,Message=A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No such host is known.),Source=.Net SqlClient Data Provider,SqlErrorNumber=11001,Class=20,ErrorCode=-2146232060,State=0,Errors=[{Class=20,Number=11001,State=0,Message=A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: TCP Provider, error: 0 - No such host is known.),},],''Type=System.ComponentModel.Win32Exception,Message=No such host is known,Source=,'"
Hey folks - I got this exact error and have been following this thread. (I have hybrid Oracle on-prem)
For me 'the fix' was:
1) Enable staging on the copy shape (bring the data back to blob storage)
2) The 'server' originally was 'tcp:
Changed this to simply:
'Server=
I may have been lucky, firewall ports seem tough to get past, without opening up the whole internet.
Hope this helps.
wolfgangas
commented
3 years ago In addition to @MickBadran 's post: I only had to enable staging and don't do anything regarding ports. I used a self hosted IR for Oracle and a standard Azure IR for both the blob storage and the SQL Server
Hello,
Do we have no choice but opening firewall to Azure services to allow ADF Integration Runtime communicating with Azure SQL Server ?
Thank you !
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.