'Failed to encrypt sub-resource payload' error when attempting CI/CD RRS feed

  • Question

  • Hi,

    We are trying to setup CI/deployment with DevOps using the documentation provided here: https://docs.microsoft.com/en-us/azure/data-factory/continuous-integration-deployment. We are using a shared IR that has been set up in the target environment prior to deployment.

    The release succeeds if the deployment mode setting is set to validation only, but fails when incremental or complete is selected. We get the following error when using override template parameters:

    2018-09-21T17:07:43.2936188Z ##[error]BadRequest: {
    "error": {
    "code": "BadRequest",
    "message": "Failed to encrypt sub-resource payload

    Monday, September 24, 2018 7:57 PM

All replies

  • Hi,

    Please make sure your shared IR is online when doing the deployment, otherwise you may meet this problem because self-hosted IR will be used to encrypt your payload. 

    If you confirm the above action is done and you still have this error, please share the request activity ID to us and we can do some further investigation.

    • Proposed as answer by Jason_J (Azure) Tuesday, September 25, 2018 9:56 PM
    Tuesday, September 25, 2018 3:11 AM
  • Hello,

    I've noticed this error when I forget to add the 'SecureString' type when I am creating a resource with a 'connectionString', for example:

    "typeProperties": {
    	"connectionString": {
    		"type": "SecureString",
    		"value": "Server=tcp:<servername>.database.windows.net,1433;Database=<databasename>;User ID=<username>;Password=<password>;Trusted_Connection=False;Encrypt=True;Connection Timeout=30"

    If I do not include the ("type": "SecureString"), I get the same error.

    • Proposed as answer by Jason_J (Azure) Tuesday, September 25, 2018 10:03 PM
    Tuesday, September 25, 2018 10:03 PM
  • The ARM template JSON file does have the parameter type defined with the SecureString

            "DB_connectionString": {
                "type": "secureString",
                "metadata": "Secure string for 'connectionString' of 'DB'"

    But we still get the encrypt issue and the IR is definitely running. We updated the ARM template to reflect the information that is in the environment that we are trying to release to as well.

    error is: Failed to encrypt linked service credentials on linked self-hosted IR 'OnPremIR' through service bus, reason is: InternalServerError, error message is: Internal Server Error..

    Dan English's BI Blog

    Wednesday, September 26, 2018 8:28 PM
  • We received feedback from Microsoft and this was what was causing our issue:

    We checked our backend log, we see there is an error "Invalid linked service payload, user Id and userName are both existed.". Please check your linked service payload whether you have user name both specified in "username" property and "connectionstring" property. We will also try to improve the error message to provide some more meaningful information. – Jimmy Wang 22 hours ago


    Dan English's BI Blog

    • Proposed as answer by Dan English Tuesday, October 2, 2018 2:26 PM
    Tuesday, October 2, 2018 2:25 PM
  • Hello, 

    I have the same issue, deployment failing with error:

    "error": {

    "code": "BadRequest",
    "message": "Failed to encrypt sub-resource payload

    If I delete password from the connection string then deployment succeed, but then I have to add password manually later.

    Is anyone found out the solution to fix it?

    Thursday, March 28, 2019 12:53 PM