Issue with connecting adlsgen2 to ODX

Question

I have a new Azure VM that I am installing with the latest version of the ODX server in preparation of upgrading from TX 20.10 to the new version.

I have a new adlsgen2 storage account available as storage for the ODX. A service principal (enterprise application) in the Entra ID is created with a (confirmed working) secret.

I have added the ODX Instance in the portal with the following configuration:

The app reg has Owner rights on the adlsgen2:

Still I get a 403 error when trying to create the storage container (the container does not already exist):

icon

Best answer by rory.smith 14 February 2024, 10:27

View original

rory.smith · Accepted Answer

Hi @wouter.goslinga,just to be sure: An App Registration comes with an Enterprise Application entry. You should be using the Application (client) ID and not the Object ID, coupled with your secret.is your ADLS storage using private endpoints? If so, have you set up both blob and dfs endpoints and are they properly reachable from your VM? I would expect a connection error instead of a permissions error if not, but you don't always get the “real” error.Your role assignments should be OK - I also have Blob Storage Contributor on my demo setup but that is more restrictive than Owner so you should be fine. If you have additional API permissions set up on your App Registration that require Admin consent, those can be messing with things if you have not granted them yet.If you have changed role assignments you may need to wait a bit before everything is applied, should be under 15 minutes in my experience though.

wouter.goslinga · Answer

@rory.smiththe dfs pep did the trick, thanks!

Issue with connecting adlsgen2 to ODX

2 replies

Reply

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded