If the UI keeps failing with that vague error, the CLI approach suggested above is the best next step, since it usually gives a clearer error message. Also make sure that:

The service principal you’re using to create the scope has Key Vault Administrator permissions on the vault.

The resource ID and DNS name are copied exactly as shown in the Azure portal (any typo or extra space will cause failures).

The Databricks workspace is in the same Azure region as the Key Vault (cross-region secret scopes are not supported).

If those checks look good but it still fails, I’d recommend running the CLI command with --debug to capture the full error details, which will help narrow down whether it’s a permissions issue or a configuration mismatch.