none
AzureSqlLinkedService Internal Server Error

    Question



  • I have a suddenly arrisen issue with AzureSqlLinkedService. Our pipelines are failing from not being able to connect to the database. From the UI i can use Test Connection and it gives me this error "Internal Server Error. Activity ID:7a2aaaae-1c32-470b-a27a-750f484d8ca7". If i change the password (or any other field) to the existing value, Test Connection suddenly works. When changing a field and saving i can see the connectionstring flips (aka - the Connection Timeout etc, is suddenly in front). I'm guessing there has been a schema change or something in the backend that serializes the connectionstring in a bad format if using the Management API.

    We use the DatafactoryManagement Client to deploy our Datafactory Infrastructure. The code to repro is as follows
      var conn =
                    $"Data Source=tcp:<DATABASENAME>.database.windows.net,1433;Initial Catalog=Asta.Samtale.Db.Int;User ID=<USERID>;Password=<PASSWORD>;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;";

                var credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(
                    "<CLIENTID>", "<CLIENTSECRET>",
                    "<TENANTID>", AzureEnvironment.AzureGlobalCloud);
                var client =
                    new DataFactoryManagementClient(credentials) {SubscriptionId = "<SUBSCRIPTIONID>"};
                var sqlDbLinkedService = new LinkedServiceResource(
                    new AzureSqlDatabaseLinkedService(conn));
                client.LinkedServices.CreateOrUpdateAsync("<RESOURCEGROUP>", "<DATAFACTORYNAME>",
                    "<LINKEDSERVICENAME>", sqlDbLinkedService).Wait();
                Console.WriteLine("Done");
                Console.ReadKey();


    Thursday, July 5, 2018 11:58 AM

Answers

  • Hi, AndersJoh,
       

          Based on the investigation, we find that you give one different data factory name to update existed linked service, so it has signature validation failure during test-connection.

    System.ServiceModel.FaultException`1[Microsoft.Hdis.AgentService.BusinessLogic.Exceptions.ResourceFault]: StatusCode: BadRequest, ErrorCode : FailedDecryptSubResourcePayload, Message : Failed to decrypt sub-resource payload {
      "name": "int_AzureSqlDbLinkedService",
      "properties": {
        "type": "AzureSqlDatabase",
        "typeProperties": {
          "connectionString": "********************",
          "encryptedCredential": "********************"
        }
      }
    } and error is: Failed to validate the signature because the content is tampered, the expect context is '{"User ID":"********","Data Source":"********","Initial Catalog":"********","dataFactoryName":"Asta-Datafactory-Platform"}' and the runtime context is '{"User ID":"********","Data Source":"********","Initial Catalog":"********","dataFactoryName":"Asta-DataFactory-Platform"}'.. (Fault Detail is equal to Microsoft.Hdis.AgentService.BusinessLogic.Exceptions.ResourceFault).
       at Microsoft.Hdis.AgentService.BusinessLogic.Logics.CredentialLogic.<DecryptSubResourcePayloadCredentialsOnCloudAsync>d__7.MoveNext()
      

          When you try to update the linked service with re-input property value on UI, the data factory name always keep the original format and content, so it works when you do test-connection.

          Recently we have a fix to remove strictly validation on data factory name in signature compare, because this property is case insensitive in ADF public document. It will take effective at 7.11. Before that time, please give your original data factory name "Asta-Datafactory-Platform" in your code.



    • Edited by Zhangyi Yu Friday, July 6, 2018 8:33 AM
    • Marked as answer by AndersJoh Friday, July 6, 2018 10:16 AM
    Friday, July 6, 2018 1:39 AM

All replies

  • Hi, AndersJoh,
       

          Based on the investigation, we find that you give one different data factory name to update existed linked service, so it has signature validation failure during test-connection.

    System.ServiceModel.FaultException`1[Microsoft.Hdis.AgentService.BusinessLogic.Exceptions.ResourceFault]: StatusCode: BadRequest, ErrorCode : FailedDecryptSubResourcePayload, Message : Failed to decrypt sub-resource payload {
      "name": "int_AzureSqlDbLinkedService",
      "properties": {
        "type": "AzureSqlDatabase",
        "typeProperties": {
          "connectionString": "********************",
          "encryptedCredential": "********************"
        }
      }
    } and error is: Failed to validate the signature because the content is tampered, the expect context is '{"User ID":"********","Data Source":"********","Initial Catalog":"********","dataFactoryName":"Asta-Datafactory-Platform"}' and the runtime context is '{"User ID":"********","Data Source":"********","Initial Catalog":"********","dataFactoryName":"Asta-DataFactory-Platform"}'.. (Fault Detail is equal to Microsoft.Hdis.AgentService.BusinessLogic.Exceptions.ResourceFault).
       at Microsoft.Hdis.AgentService.BusinessLogic.Logics.CredentialLogic.<DecryptSubResourcePayloadCredentialsOnCloudAsync>d__7.MoveNext()
      

          When you try to update the linked service with re-input property value on UI, the data factory name always keep the original format and content, so it works when you do test-connection.

          Recently we have a fix to remove strictly validation on data factory name in signature compare, because this property is case insensitive in ADF public document. It will take effective at 7.11. Before that time, please give your original data factory name "Asta-Datafactory-Platform" in your code.



    • Edited by Zhangyi Yu Friday, July 6, 2018 8:33 AM
    • Marked as answer by AndersJoh Friday, July 6, 2018 10:16 AM
    Friday, July 6, 2018 1:39 AM
  • Thanks i'll look into it. For now can you please remove username and databasename from your post?


    • Edited by AndersJoh Friday, July 6, 2018 7:35 AM
    Friday, July 6, 2018 7:32 AM