Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
hsa297
New Contributor

Creating connection to Warehouse

โ€Ž09-30-2025 03:46 AM

I am trying to create a connection to a Warehouse artifact in Fabric, below is the setup I am doing but I am facing an issue with connection. I am getting the following error when creating. Below is the error and the screenshot for my setup. 

 

Unable to create connection for the following reason: Unable to connect to the data source. Either the data source is inaccessible, a connection timeout occurred, or the data source credentials are invalid. Please verify the data source configuration and contact a data source administrator to troubleshoot this issue. Details: Downstream service call to url failed with status code 401. Please have this information handy if you choose to create a support ticket.



 

bug1.png

 

Labels:
Message 1 of 9
422 Views
0
8 REPLIES 8
tayloramy
Contributor

โ€Ž09-30-2025 09:32 AM

Hi @hsa297

 

What permissions does the service principal have on the workspace/warehouse? 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.  

Message 2 of 9
387 Views
0
hsa297
New Contributor
In response to tayloramy

โ€Ž09-30-2025 03:51 PM

The Service Principle has admin rights

Message 3 of 9
371 Views
0
hsa297
New Contributor

โ€Ž09-30-2025 04:19 PM

Service Principle has admin rights, I have enabled the Service Principle settings in the tenant to all enabled and allowed, it has the right read/write permissions in the application permissions on Microsoft Entra. I cannot figure out what is the issue and what is blocking this.

Message 4 of 9
368 Views
0
tayloramy
Contributor
In response to hsa297

โ€Ž09-30-2025 06:39 PM

Hi @hsa297

 

Have you created the service principal user in the fabric SQL database? 

Authentication in SQL database - Microsoft Fabric | Microsoft Learn

 

 

Create database users when connected as a Microsoft Entra service principal

When an application is connected to a database with a service principal, the application must issue CREATE USER with the SID and TYPE clauses to create users for Microsoft Entra principals. The specified principal name isn't validated in Microsoft Entra. It's a responsibility of the application (application developer) to provide a valid name and a valid SID and a user object type.

If the specified principal is a user or a group in Microsoft Entra, the SID must be an object ID of that user or group in Microsoft Entra. If the specified principal is a service principal in Microsoft Entra, the SID must be an application ID (client ID) of the service principal in Microsoft Entra. Object IDs and application IDs (client IDs) obtained from Microsoft Entra must be converted to binary(16).

The value of the TYPE argument must be:

  • E - if the specified Microsoft Entra principal is a user or a service principal.
  • X - if the specified Microsoft Entra principal is a group.

The following T-SQL example script creates a database user for the Microsoft Entra user, named bob@contoso.com, setting the SID of the new user to the object ID of the Microsoft Entra user. The unique identifier of the user's object ID is converted and then concatenated into a CREATE USER statement. Replace <unique identifier sid> with the user's object ID in Microsoft Entra.

DECLARE @principal_name SYSNAME = 'bob@contoso.com';
DECLARE @objectId UNIQUEIDENTIFIER = '<unique identifier sid>'; -- user's object ID in Microsoft Entra

-- Convert the guid to the right type
DECLARE @castObjectId NVARCHAR(MAX) = CONVERT(VARCHAR(MAX), CONVERT (VARBINARY(16), @objectId), 1);

-- Construct command: CREATE USER [@principal_name] WITH SID = @castObjectId, TYPE = E;
DECLARE @cmd NVARCHAR(MAX) = N'CREATE USER [' + @principal_name + '] WITH SID = ' + @castObjectId + ', TYPE = E;'
EXEC (@cmd);

 

If you found this helpful, consider giving some Kudos. If I answered your question or solved your problem, mark this post as the solution.  

Message 5 of 9
348 Views
v-dineshya
Honored Contributor II

โ€Ž10-01-2025 03:45 AM

Hi @hsa297 ,

Thank you for reaching out to the Microsoft Community Forum.

 

Please check below things to fix the "401" Error.


1. Please check the Tenant ID, Service Principal ID, and Service Principal Key for typos or outdated values. Check the key hasnโ€™t expired.

 

2. Please confirm the Service Principal has Fabric Admin or Warehouse Contributor roles assigned. Check if the Service Principal is granted API permissions for Microsoft Fabric.

 

3. You mentioned that enabling Service Principal settings, Check that โ€œUsers can consent to apps accessing company data on their behalfโ€ is enabled. The app registration is multi-tenant if you are accessing resources across tenants.


4. Check the Service Principal is added as a user to the Warehouse artifact with appropriate permissions. You can check this via SQL commands.

 

SQLCREATE USER [appId] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [appId];
ALTER ROLE db_datawriter ADD MEMBER [appId];


5. If you are using VNet or on-prem gateways, check the gateway is properly configured and reachable. Try to disable the gateway option temporarily to test direct connectivity.

 

6. A "401" often means the token wasnโ€™t accepted. Use tools like Postman or Azure CLI to manually acquire a token using the Service Principal and test access.

 

I hope this information helps. Please do let us know if you have any further queries.

 

Regards,

Dinesh

Message 6 of 9
315 Views
0
v-dineshya
Honored Contributor II
In response to v-dineshya

โ€Ž10-05-2025 08:47 PM

Hi @hsa297 ,

We havenโ€™t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 7 of 9
144 Views
0
v-dineshya
Honored Contributor II
In response to v-dineshya

a month ago

Hi @hsa297 ,

We havenโ€™t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 8 of 9
94 Views
0
v-dineshya
Honored Contributor II
In response to v-dineshya

3 weeks ago

Hi @hsa297 ,

We havenโ€™t heard from you on the last response and was just checking back to see if you have a resolution yet. And, if you have any further query do let us know.

 

Regards,

Dinesh

Message 9 of 9
46 Views
0

Helpful resources

Announcements
View All
Users online (10,084)