Microsoft Fabric Data Pipeline Connection Error - Created Using Copy Assistant

Problem

I am getting this error when I created a connection using Data Pipeline's "copy assistant.

We were unable to connect to the data source using an encrypted connection. To use an unencrypted connection, uncheck "Use encrypted connection" and try again.

I scoured the internet for any related issues and saw the link below, but it did not really help:

https://community.fabric.microsoft.com/t5/Service/Unable-to-connect-to-the-data-source-using-an-encrypted/m-p/3654708

Solution

I noticed that when I use the "copy assistant" inside the Data Pipeline I get the error. But if I create the "connection" using "Manage connections and gateway" and use in Data Pipeline I don't get the error.

1. Create connection using Manage connections and gateway.

a. In Microsoft Fabric, click on the Settings icon and select "Manage connections and gateways".

b. In Manage Connections and Gateways, click the "+ New" to create a new connection.

c. In New connection windows provide the following information:

    - Gateway cluster name: select the correct gateway cluster name that will be used.

    - Connection name: enter the connection name. This is a free text field.

    - Connection type: select the connection type, example: SQL Server

    - Server: enter the on-premises server name that will be the data source.
    - Database: enter the database name that will be used in the server.

    - Authentication: Windows Authentication method will be used if you are using Microsoft Entra ID and your company's Active Directory is synchronized with Azure AD. 

     - Privacy level: Organizational

d. Once all the information were provided, click the "Create" button 

e. The newly created Connections will appear in the list of Connections.

 

2. Use newly created Connection in Data Pipeline

a. Inside the data pipeline, go to Copy Data --> Use copy assistant.

b. In Copy data window, select SQL Server database from the New sources.

c. In Connect to data source window, provide the Server Name and Database Name provided in the Connections in step #1. 

NOTE: The database name is case sensitive. 

d. If there is already a "Connection" for the Server and Database Name that was provided, the matching Connection will be displayed in the Connection credentials drop down list.Click the Next button when done.

e. The objects in the selected Connection will be loaded and displayed.

 

f. The on-premises database objects can now be used load data into Microsoft Fabric using data pipeline. You have successfully configured your data pipeline connections when you reach this screen.

The connections created within the Data Pipeline versus the one created in Manage Connections and Gateway have different connection encryption settings. There is no check box that can be unchecked during the Connections setting configuration. 

SQL Server error 47106

Problem

I was trying to configure Read-Scale Always On Availability Group in our test server using the steps from https://www.mssqltips.com/sqlservertip/6905/sql-server-read-scale-always-on-availability-groups/ but I encountered an error "SQL Server error 47106".

Below is the error that I got:

TITLE: Microsoft SQL Server Management Studio

------------------------------
Failed to join the instance 'TESTSQL17A' to the availability group 'TESTSQL17RS'. (Microsoft.SqlServer.Management.HadrModel)
For help, click: https://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=16.100.47021.0&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo)
------------------------------
Cannot join availability group 'TESTSQL17RS'. Download configuration timeout. Please check primary configuration, network connectivity and firewall setup, then retry the operation.
Failed to join local availability replica to availability group 'TESTSQL17RS'.  The operation encountered SQL Server error 47106 and has been rolled back.  Check the SQL Server error log for more details.  When the cause of the error has been resolved, retry the ALTER AVAILABILITY GROUP JOIN command. (Microsoft SQL Server, Error: 47106)
For help, click: https://docs.microsoft.com/sql/relational-databases/errors-events/mssqlserver-47106-database-engine-error
------------------------------
BUTTONS:
OK
------------------------------

Solution

I scoured the internet for any related issues and saw a post from  https://www.voltol.com/2020/02/sql-error-47106-when-trying-to-add.html

Reading through the article above helped me in the right direction. The port used by read-scale is being blocked by a firewall.

Below is the link of required firewall rules to access SQL Server: 

Configure the Windows Firewall to allow SQL Server access - SQL Server | Microsoft Learn

During the course of the investigation, I performed the following tasks:

1. Checked the port being used for Read-Scale Availability Group. Availability group uses port 5022 or 7022 for database mirroring.

SQL

SELECT name, protocol_desc, port, state_desc
FROM sys.tcp_endpoints
WHERE type_desc = 'DATABASE_MIRRORING'

2. Using PowerShell command Test-NetConnection, I tested the port being used by SQL Server for database mirroring on both servers. I included port 1433 since it is the default TCP port of SQL Server instance.

PowerShell

clear
Test-NetConnection -ComputerName TESTSQL17A -Port 1433
Test-NetConnection -ComputerName TESTSQL17A -Port 5022

Test-NetConnection -ComputerName TESTSQL17B -Port 1433
Test-NetConnection -ComputerName TESTSQL17B -Port 5022

The test from TESTSQL17B to TESTSQL17A failed on port 5022, but the connection using port 1433 was successful.

3. To ensure that the ports are open, I manually added the ports 1433 and 5022 in the firewall rules of both servers.

PowerShell

clear
New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "SQLServer Database Mirroring" -Direction Inbound -LocalPort 5022 -Protocol TCP -Action Allow

New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Outbound -LocalPort 1433 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "SQLServer Database Mirroring" -Direction Outbound -LocalPort 5022 -Protocol TCP -Action Allow

The test to connect using port 5022 still failed even though both outbound and inbound firewall rules were already been configured.

4. Contacted systems administrators to check the ports and firewall rules. The server admin confirmed that ports and firewall rule settings are correct. 

I recall getting an email regarding "Zero Trust Network Access" software being tested by our security team.

5. Contacted our security team and asked someone to check the servers that I am using for my testing.

The security admin confirmed that one of the server is included in their "Zero Trust Network Access" testing. They opened/verified that port 5022 are open on both servers.

The Test-NetConnection testing on port 5022 was successful after the change was implemented.

6. Read-scale Always On configuration was successful after the changes were made.

Some solutions might require working with other teams in your company. Awareness of events happening around you is also important.