Share via

Got error code 403 when try to access my Synapse workspace created within a virtual network

Kenny Wong (HK) 60 Reputation points
2024-08-23T02:49:17.8333333+00:00

User's image

I got a 403 error when access my Synapse Workspace created in a managed virtual network within a jumphost inside my virtual network.

 

This is the network settings of my Synapse Analytics workspace

User's image

My bicep files have help me set up some private endpoints

User's image

I have already added my Synapse Workspace as Contributor in my data lake storage account

I also got error when accessing my blob from within the jumphost

User's image

User's image

User's image

My goal is to allow all the Azure Services inside the same virtual network able to access the Synapse workspace and my Synapse workspace able to access the data lake storage account.

 

Does anyone know which part I have set up wrongly?

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,466 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,408 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,874 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 23,486 Reputation points
    2024-08-23T12:59:23.6133333+00:00

    Based on this old thread :

    When encountering a 403 Forbidden error while trying to access the Synapse web UI, it typically indicates an issue with permissions or network configurations. To some extent it might have many reasons beyond normal.

    To get the root of the incident, check the diagnostic logs in Azure Synapse and any related logs in your Azure environment for more detailed error messages and use Azure Monitor to gather more insights about the connection attempts and potential issues for specific solution.

    However, I will provide you with possibility diagnosis that can solve the issue in a normal scenario:

    1. Ensure that the private endpoints for your Synapse workspace are correctly set up.
    2. Check that the DNS configuration is correctly resolving the private endpoint.
    3. Verify that the Network Security Groups (NSGs) associated with your private endpoints allow inbound traffic from your IP address or subnet.
    4. Ensure that the firewall settings on your Synapse workspace are correctly configured to allow access from your private endpoints.
    5. Ensure that the user account you are using has the necessary permissions to access the Synapse workspace.
    6. Check role assignments in Azure Synapse and ensure the user has at least the Synapse Administrator or Synapse Contributor role.
    7. Ensure that your DNS is correctly configured to resolve the private link FQDN to the private IP address of the private endpoint.
    8. If you are accessing the Synapse workspace from a VNet, ensure that the VNet integration is correctly configured.
    9. Check the VNet peering settings if your Synapse workspace and the accessing resources are in different VNets.
    10. Verify that the private link service has been approved and is in a Connected state.

    If you could check through these lists, the problem should be solved and if not get back with more log report for best solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.