Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,339 questions
Container Level SAS Key or Service principal is not working when we connect Azure data Lake storage blob container with POWER BI Service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 20%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
manish verma
516
Reputation points
Hi All,
we have a strange thing,
our requirement is connect storage account to Power BI using container level SAS Key, it is working fine when we connect Power BI desktop to blob storage and publish the report.
Problem- when Same SAS Key we are using at service level refresh is fail.
We try second Approach Service Principal
We configure service principal Tenet Id, Application id , secrete it is accept, but we try to refersh
error-Message-the credential provider for azure blob storage is invalid
I have check the storage account- networking--> All Network
Please help on this
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 6%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor2025-01-17T20:31:43.5633333+00:00 Hi manish verma,
Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!
SAS Key and Service Principal methods when trying to refresh your Power BI dataset from Azure Data Lake Storage.
Ensure that the SAS token has the necessary permissions for the operations you're trying to perform. It should have at least read and list permissions. And Check if the SAS token has expired. If it has, generate a new one. Also Make sure that the SAS token is correctly configured in the Power BI service settings.
Service Principal Issues
Correct Configuration: Double-check that the Tenant ID, Application ID, and Secret are correctly configured in Power BI.
Permissions: Ensure that the service principal has the necessary permissions to access the Azure Data Lake Storage. This includes both the storage account and the specific container.
Credential Provider: The error message "the credential provider for azure blob storage is invalid" suggests there might be an issue with how the credentials are being passed. Make sure that the service principal is correctly set up in Azure Active Directory and that it has the required API permissions.
If you are using an on-premises data gateway, ensure it is up to date and correctly configured, verify that the network settings for the storage account allow access from the Power BI service. Check the error logs in Power BI for more detailed information about why the refresh is failing
For more information:
https://learn.microsoft.com/en-us/power-bi/connect-data/refresh-troubleshooting-refresh-scenarios
If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.
-
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-20T15:39:20.77+00:00 Hi manish verma,
Just checking in to see if the response helped. If you have any questions, let me know in the "comments" and I would be happy to help you. -
manish verma 516 Reputation points
2025-01-21T14:54:03.12+00:00 Another super strange thing , the refresh is working with existing setup, but it will take lot of time
attempt- Fail- around 59 Minute -error-Message-the credential provider for azure blob storage is invalid
attempt2- Fail- around 1 hrs 2 minute -error-Message-the credential provider for azure blob storage is invalid
attempt3- Success- 59 Minute
can we have to check proper log so we should what going on behind this
-
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-21T16:04:37.9533333+00:00 Hi manish verma,
Checking the logs can indeed provide more insight into what's happening. I suggest some steps to help you access and analyze the logs,
Accessing Power BI Service Logs
Refresh History: Go to your Power BI workspace and navigate to the dataset you're refreshing. Click on the "Refresh history" to see detailed logs of each refresh attempt. This will show you the duration, status, and any error messages for each attemp.
Export Logs: You can export the refresh history to a .csv file for more detailed analysis. This can help you identify patterns or specific times when the refresh fails.
Analyzing Logs Look for specific error messages in the logs. The "credential provider for azure blob storage is invalid" error suggests there might be an issue with the credentials or token expiration.
Duration Patterns: Note the duration of each refresh attempt. If the refresh consistently fails after a certain period, it might indicate a timeout or token expiration issue.
Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
-
manish verma 516 Reputation points
2025-01-22T11:36:36.98+00:00 Hi ,
In a Service principal do we have token expiration. the service principle is valid for next six month.
we really not understand first two attempt it is fail, but third attempt is success. what justification we will give to the client.
-
manish verma 516 Reputation points
2025-01-22T11:38:04.0733333+00:00 this can be beneficial to other community members only we publish the root cause of this problem to close this thread
-
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-22T16:27:38.5033333+00:00 Hi manish verma,
Yes, even though the service principal itself is valid for six months, the access tokens generated by the service principal have a much shorter lifespan, typically around one hour
This means that during a long-running refresh operation, the token might expire, causing the refresh to fail.
Possible Reasons for Intermittent Failures
Token Expiry & Network Issues: If the refresh process takes longer than the token's validity period, the token might expire, leading to a failure. This could explain why the first two attempts failed and the third one succeeded if it completed within the token's lifespan, Intermittent network issues or connectivity problems can cause refresh failures. These issues might resolve themselves, leading to a successful refresh on a subsequent attempt.
High resource usage or contention on the Power BI service or the Azure Blob Storage could cause intermittent failures.
Justification to the Client
You can explain to the client that the intermittent failures are likely due to the expiration of access tokens during long-running refresh operations. I Suggest some steps you can take to mitigate this issue:
Implement a mechanism to refresh the access token before it expires during the refresh process, Reduce the amount of data being processed in each refresh to ensure it completes within the token's validity period, Ensure stable network connectivity and monitor resource usage to avoid contention issues.
Hope this helps. Do let us know if you have any further queries.
-
manish verma 516 Reputation points
2025-01-22T16:51:43.66+00:00 Hi Keshavulu Dasari,Can you please let us know , how we monitor the performance of Power BI service , is any monitoring tool we have for power BI service.
Also can we monitor how token created by Azure for service principal , when it is expired. Because client need proof of these justification.
do we have any Microsoft doc that will verify these justification so we can show to the client.
-
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-22T17:54:52.04+00:00 @ manish verma,
I understand that to monitor the performance of Power BI Service, you can use several tools and techniques:
Power BI Performance Analyzer:
Use the Performance Analyzer in Power BI Desktop to measure the performance of report elements such as visuals and DAX formulas. This tool helps identify bottlenecks and optimize report performance.Query Diagnostics:
Use Query Diagnostics in Power BI Desktop to understand what Power Query is doing when previewing or applying queries. This can help identify slow performing queries.SQL Server Profiler:
SQL Server Profiler can be used to trace and identify slow queries when your data source is SQL Server, SQL Server Analysis Services, or Azure Analysis Services.On-Premises Data Gateway Monitoring:
For on-premises data gateways, you can use the Gateway Performance PBI template file to visualize performance logs and troubleshoot slow-performing queries.Monitoring Azure Service Principal Token Expiration
To monitor and manage the expiration of tokens for service principals, please check the following methods:
Use Azure Monitor and Log Analytic to track and log token creation and expiration events. This can help you understand when tokens are expiring and ensure they are refreshed in a timely manner.
Microsoft Entra provides recommendations to renew expiring service principal credentials. This feature offers personalized insights and actionable guidance to ensure your service principal credentials are up to date.
Documentation for Client Justification
You can refer to the following Microsoft documentation to provide proof and justification to your client:
Power BI Performance Monitoring:
Monitor report performance in Power BI - This document provides detailed information on how to monitor and optimize report performance in Power BI.
Azure Service Principal Token Expiration:
Renew expiring service principal credentials recommendation - This document explains how to monitor and renew expiring service principal credentials to avoid downtime
If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.
-
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-24T18:37:32.6+00:00 Hi manish verma,
Just checking in to see if the response helped. If you have any questions, let me know in the "comments" and I would be happy to help you. -
Keshavulu Dasari 3,095 Reputation points Microsoft Vendor
2025-01-27T14:53:27.33+00:00 Hi manish verma,
Just checking in to see if the response helped. If you have any questions, let me know in the "comments" and I would be happy to help you.
Sign in to comment
Sign in to answer