cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI Service refresh failures caused by intermittent Databricks credential invalidation

luiz_felipe
New Contributor

2 weeks ago

Hi everyone,

We are experiencing an intermittent issue in Power BI Service where datasets and dataflows connected directly to Databricks start failing refreshes because the credentials appear to be lost or invalidated, even though no manual changes were made.

Scenario:

  • Direct connection from Power BI Service to Databricks (no gateway involved)
  • Databricks SQL Warehouse (Serverless) is being used
  • Authentication using either OAuth or a Databricks personal access token
  • Everything works fine for a period of time, then refreshes suddenly fail asking for credentials again
  • After re-entering and saving the credentials, the refresh works normally again

The connection is made using the DatabricksMultiCloud.Catalogs connector, pointing to a specific catalog.

Error message:

  • Data source error: Retry attempts for failures while executing the refresh exceeded the retry limit
  • Error code: DMTS_OAuthTokenRefreshFailedError
  • Underlying error: OAuth token refresh failed while requesting a Databricks OIDC token
  • HTTP status: 400 (Bad Request)

My question:

  • Has anyone experienced this kind of intermittent credential loss between Power BI Service and Databricks when using SQL Warehouse Serverless?
  • Are there any known limitations, recommended configurations, or best practices to prevent credentials from expiring or being invalidated automatically in this setup?

The goal is to understand the root cause and avoid having to manually reauthenticate every time the issue occurs.

Thanks in advance!

0 Kudos
1 REPLY 1

emma_s
Databricks Employee
Databricks Employee

2 weeks ago

Hi,

This is a known issue with how the Power BI Service handles OAuth refresh tokens with Databricks. Databricks enables Single-Use Refresh Tokens (SURTs) by default for Power BI integrations. If a token refresh fails mid-flight (network hiccup, timing, etc.), the old token is consumed, but the new one is never stored, leaving the connection in a state that requires manual re-authentication.

Recommended fix: Switch to M2M OAuth with a Databricks Service Principal. This uses client credentials instead of user-bound refresh tokens, which eliminates the problem entirely. It's GA and documented here:

Note: M2M OAuth is configured after publishing your semantic model — go to the semantic model's Data source credentials -> Edit Credentials -> Basic, then enter your service principal's application ID and secret.

Other things to check in parallel:

  • Entra ID Conditional Access policies: these can enforce shorter session lifetimes that conflict with refresh schedules
  • Raise a Microsoft support case:  the DMTS_OAuthTokenRefreshFailedError is in Microsoft-owned code, so they may have additional mitigations on their side
  • Contact Databricks support to request disabling SURTs for the Power BI app integration on your account and extending refresh token TTL

I hope that helps, let me know if you have any questions.

0 Kudos
Announcements