05-08-2022 03:38 AM
I have an Azure KeyVault with private endpoint created in the same Vnet as Azure Databricks. While trying to add it as a scope using the private DNS Zone ie <KVname>.privatelink.vaultcore.azure.net
getting error "DNS is invalid and cannot be reached."
If I try to ping it from Azure Databricks using as below
%sh ping <KVName>.privatelink.vaultcore.azure.net , it does resolves to its private IP address.
What could be the issue
01-10-2023 02:40 AM
I got it working by creating the KV backed scope via UI. I used the the dns without the private part: <KVName>.vault.azure.net
The private dns will resolve it to the right IP.
You do have to check the "Allow trusted Microsoft services to bypass this firewall" in the Firewalls and virtual tab if you have set Allow access from to disable public access or Allow public access from specific virtual networks and IP addresses.
05-19-2022 02:45 AM
Hi @Nilave Chakraborty , You will find a similar issue in a similar thread here, which already has the best answer- https://community.databricks.com/s/question/0D53f00001HKHjtCAH/databricks-cannot-access-azure-key-va...
Do let us know if that helps.
01-10-2023 02:08 AM
This is not the answer.
I have the same question.
How can I connect an Azure Key Vault with private endpoint to the databricks vnet?
06-14-2022 08:42 AM
Hi @Nilave Chakraborty , We haven’t heard from you on the last response from me, and I was checking back to see if you have a resolution yet. If you have any solution, please share it with the community as it can be helpful to others. Otherwise, we will respond with more details and try to help.
10-06-2022 10:28 PM
hi @Kaniz Fatma @Nilave Chakraborty still facing the same issue.
The solution you have provided is not working and in this case the key vault dns itself not getting resolved.
Can you please let me know how this got resolved
01-10-2023 02:40 AM
I got it working by creating the KV backed scope via UI. I used the the dns without the private part: <KVName>.vault.azure.net
The private dns will resolve it to the right IP.
You do have to check the "Allow trusted Microsoft services to bypass this firewall" in the Firewalls and virtual tab if you have set Allow access from to disable public access or Allow public access from specific virtual networks and IP addresses.
01-10-2023 02:52 AM
Hi @mark van den berg, Thank you for sharing your workaround to this question.
Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections.
Click here to register and join today!
Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.