https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/99696#M40061 <P>Thank you very much!</P><P>I have spent an enormous amount of hours fighting with this and in the end it was the type of cluster... I hope that this problem will be solved in the future, because affects the developments when you use databricks-connect and share the cluster with your team <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Thu, 21 Nov 2024 18:05:23 GMT mbenavent 2024-11-21T18:05:23Z https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/82567#M36685 <P>Hello,</P><P>I am having trouble using Managed Identity Authentication in Unity Catalog using pyodbc in Azure Databricks. The same code works on a "Legacy Shared Compute". The code snippet is below:</P><P>&nbsp;</P><DIV>import pyodbc</DIV><DIV>&nbsp;</DIV><DIV>jdbc_url = (</DIV><DIV>&nbsp; &nbsp; "DRIVER={ODBC 17 DRIVER PATH};"</DIV><DIV>&nbsp; &nbsp; "SERVER=AzureSQLServer.database.windows.net,1433;"</DIV><DIV>&nbsp; &nbsp; "DATABASE=AzureSQLDBName;"</DIV><DIV>&nbsp; &nbsp; "Authentication=ActiveDirectoryMsi;"</DIV><DIV>&nbsp; &nbsp; "TrustServerCertificate=no;"</DIV><DIV>&nbsp; &nbsp; "Encrypt=yes")</DIV><DIV>&nbsp;</DIV><DIV>conn = pyodbc.connect(jdbc_url)</DIV><DIV>&nbsp;</DIV><DIV>If I run this on a "Shared Compute" enabled for Unity Catalog, I get a connection timeout error:</DIV><DIV><STRONG>('HYT00', '[HYT00] [Microsoft][ODBC Driver 17 for SQL Server]Login timeout expired (0) (SQLDriverConnect)')</STRONG></DIV><DIV>If I switch to using UID/PWD, then it works on the Unity Catalog as well. So, not sure why Managed Identity would not work on a Unity Catalog enabled cluster but work on the Legacy cluster.&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Any thoughts would be appreciated.</DIV><DIV>&nbsp;</DIV><DIV>Thanks,</DIV><DIV>Rushi</DIV> Fri, 09 Aug 2024 14:00:19 GMT https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/82567#M36685 rushi29 2024-08-09T14:00:19Z https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/82597#M36700 <P>I wanted to provide an update on this issue and see if the added information can help resolve the problem. So, after doing some research, it turns out that the Unity Catalog cluster is unable to reach the Azure Instance Metadata Service (IMDS) possibly due to some network restrictions for unity catalog enabled clusters. This prevents the cluster from getting an access token that is needed to use Managed Identity. I used curl to hit the IMDS endpoint and it errors out in case of Unity Catalog.</P><P>%sh</P><P>curl -H Metadata:true <A href="http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&amp;resource=https://database.windows.net/" target="_blank">http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&amp;resource=https://database.windows.net/</A></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rushi29_0-1723239930607.png" style="width: 400px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/10282i815EE79EEF76DC84/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="rushi29_0-1723239930607.png" alt="rushi29_0-1723239930607.png" /></span></P><P>I have raised this with our Databricks administrators but in order to help them out, does anyone know where these networking settings might be for Unity Catalog where this IP/port can be whitelisted?</P><P>Thanks,</P><P>Rushi</P> Fri, 09 Aug 2024 21:50:05 GMT https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/82597#M36700 rushi29 2024-08-09T21:50:05Z https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/99696#M40061 <P>Thank you very much!</P><P>I have spent an enormous amount of hours fighting with this and in the end it was the type of cluster... I hope that this problem will be solved in the future, because affects the developments when you use databricks-connect and share the cluster with your team <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Thu, 21 Nov 2024 18:05:23 GMT https://community.databricks.com/t5/data-engineering/using-managed-identity-authentication-in-unity-catalog-using/m-p/99696#M40061 mbenavent 2024-11-21T18:05:23Z