I have made a few pipelines in Azure Data Factory, which transfer and modify data from Blob Storage (Excel Files) to Azure SQL. They were off for like 2 month and the company has implemented MFA on whole Azure Active Directory.
After that when I try to run the pipelines I have only "Failed status". For every pipeline the error is the same. They are look like this:
Operation on target Data flow1 failed: {"StatusCode":"DFExecutorUserError","Message":"Job failed due to reason: java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c","Details":"java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c\n\tat com.microsoft.datafactory.dat"}
Is there any way I can evade this error without deactivating MFA?
Thank you David Browne - Microsoft for your valuable suggestion. Posting your suggestion as answer to help other community members.
Use either of
Managed identityorProvision a Service principlefor authentication. Switch the Authentication toSQL Auth for SQL ServerandSAS/Account Key auth for Azure Storage.