I have successfully set up a scan for an on-prem dev sql instance. However, i am trying to set up scans on multiple on-prem sql instances. I have successfully installed the integration run time agent on a server I want to scan. When I double check the credentials to be sure the username and password are correct, it passes as successful.
When I go to set up the scan against this same db, I use the appropriate user name and secret out of the key vault. While setting up the scan, Purview sees all the tables in the db I am wanting to scan.
So, my thought it, if the username or password were incorrect, it wouldn't pass the connection test and or see the tables in the db I'm wanting to scan.
Ok, so after I start the scan, it fails. In the logs on that server, I can see where it fails w/ the following error code: 7000215 According to https://login.microsoftonline.com/error?code=7000215, this error message is: Developer error - the app is attempting to sign in without the necessary or correct authentication parameters.
So, I'm at a loss at why I can see the db and tables, but it continues to fail the scan.
The event viewer details show: Message:(AADSTS7000215: Invalid client secret is provided.)
Any help or recommendations would be greatly appreciated.
Here's the actual error message:
Retrieving auth token from AAD failed, exception thrown (Type:(Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException), Message:(AADSTS7000215: Invalid client secret is provided. Trace ID: 525bc331-5788-4d3c-a576-3570c5c92b00 Correlation ID: acfc0ed8-c522-4e3b-8922-804df3bf2fbe Timestamp: 2021-02-22 04:06:46Z), StackTrace:( at Microsoft.DataTransfer.Execution.DataScan.Retry.d__1`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.DataTransfer.Execution.DataScan.DataScanManagementServiceClient.d__22.MoveNext()) , InnerException (Type:(System.Net.Http.HttpRequestException), Message:(Response status code does not indicate success: 401 (Unauthorized).), StackTrace:() , InnerException (Type:(Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException), Message:({"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 525bc331-5788-4d3c-a576-3570c5c92b00\r\nCorrelation ID: acfc0ed8-c522-4e3b-8922-804df3bf2fbe\r\nTimestamp: 2021-02-22 04:06:46Z","error_codes":[7000215],"timestamp":"2021-02-22 04:06:46Z","trace_id":"525bc331-5788-4d3c-a576-3570c5c92b00","correlation_id":"acfc0ed8-c522-4e3b-8922-804df3bf2fbe","error_uri":"https://login.microsoftonline.com/error?code=7000215"}: Unknown error), StackTrace:() ) ) ) Job ID: 986cf741-f4bf-4333-a51e-b9c04a15a75c Log ID: Error
I was able to address this issue.
The issue was the integration services run time client was not the most recent version.
A newer version (IntegrationRuntime_5.2.7713.1)
Once I installed this version, I was able to scan the databases previously not able to be scanned.