Solved: Re: Unknown Error when calling the initializeConne...

ckingdon_bee · ‎04-02-2025

Hi there,

I am experiencing an issue when following the documentation here: https://learn.microsoft.com/en-us/fabric/cicd/git-integration/git-automation?tabs=service-principal%...

I copied the exact powershell script from the example repo and locally it works just using my own personal user account. However, when I try to run the script with a service principal it fails. It's able to disconnect and connect the workspace from Git but when it gets to the initializeConnection call it fails with ErrorCode: UnknownError and Message: "The request could not be processed due to an error".

I should note that I am connecting the workspace to GitHub which according to that page should support service principals. Additionally I have tried running this in a GitHub actions workflow with the same error. Any help would be appreciated.

ckingdon_bee

With some great help from Microsoft we finally figured out the solution. It was a combination of three items that we had to solve. The first item was in the Fabric Admin Portal. We had to enable the following setttings:

Service principals can access read-only admin APIs
Service principals can access admin APIs used for updates

In addition these settings the second item that is required is that you put your service principal into an Entra AD group:

The second thing we had to do was reconfigure our service principal setup in the app registration. In my own troubleshooting I had added several Fabric/PowerBI related API permissions. As mentioned in this document: Embed Power BI content with service principal and an application secret

These permissions are no longer needed once you enable the Fabric API setting and in fact can cause issues. See this callout:

The solution was to remove all of the permissions besides the default one you get when you create an app registration:

After doing these 3 steps we are now able to sync our workspaces with GIT via a service principal inside of GitHub Actions workflow. As a bonus it also supports using federated credentials instead of having to rely on a client secret!

View solution in original post

ckingdon_bee

With some great help from Microsoft we finally figured out the solution. It was a combination of three items that we had to solve. The first item was in the Fabric Admin Portal. We had to enable the following setttings:

Service principals can access read-only admin APIs
Service principals can access admin APIs used for updates

In addition these settings the second item that is required is that you put your service principal into an Entra AD group:

The second thing we had to do was reconfigure our service principal setup in the app registration. In my own troubleshooting I had added several Fabric/PowerBI related API permissions. As mentioned in this document: Embed Power BI content with service principal and an application secret

These permissions are no longer needed once you enable the Fabric API setting and in fact can cause issues. See this callout:

The solution was to remove all of the permissions besides the default one you get when you create an app registration:

After doing these 3 steps we are now able to sync our workspaces with GIT via a service principal inside of GitHub Actions workflow. As a bonus it also supports using federated credentials instead of having to rely on a client secret!

v-sathmakuri · ‎04-16-2025

Hi @ckingdon_bee ,

Have you had a chance to raise a support ticket and resolve this issue? If so, please consider sharing the solution in the forum and marking it as accepted, this will help other members find the answer more easily.

Thank you!

ckingdon_bee · ‎04-17-2025

Hey there,

Yes I have raised a support ticket. Currently it has not been resolved yet and has been escalated as there was no immediate solution I could apply that they could see. I'll update here once I know more.

v-sathmakuri · ‎04-24-2025

Hi @ckingdon_bee ,

Were you able to resolve the issue? If yes, please consider sharing your solution and marking it as accepted, it could be a great help to others facing a similar challenge

Thank you!!

ckingdon_bee · ‎04-24-2025

Hey @v-sathmakuri, still waiting on support. I got an update yesterday that they are still testing some stuff so hopefully I'll have an update next week. I'll be sure to post here as soon as I know something useful though!

v-sathmakuri · ‎04-28-2025

Hi @ckingdon_bee ,

Once the issue is resolved, please consider sharing your solution and marking it as accepted, it could be a great help to others facing a similar challenge

Thank you!!

v-sathmakuri

Hi @ckingdon_bee ,

We are following up once again regarding your query. Could you please confirm whether the issue has been resolved through your support ticket with Microsoft?

If so, we would appreciate it if you could share the resolution or any key insights here to benefit others in the community. If we don’t receive a response, we will proceed with closing this thread.

If you need further assistance in the future, feel free to start a new thread in the Microsoft Fabric Community Forum. We will be happy to support you there.

Thank you!!

ckingdon_bee

I am still working through things with Microsoft support.

v-sathmakuri

Hi @ckingdon_bee ,

Thank you for your patience. The concerned team is looking into the issue, but it may take some time to resolve. As there is already an open ticket with Microsoft, we are closing this thread for now. If you encounter any further issues, please feel free to start a new thread in the community forum, we will be happy to assist you.

Thank you for being part of Fabric community Forum.

Thank you!!

ckingdon_bee

We finally got it working with help from Microsoft! I will post a response to the post (assuming I am still able) with the final solution.

v-sathmakuri

Hi @ckingdon_bee ,

Thank you for your response. Please post the working solution here. This will help other community members with similar issues to resolve them more quickly.

Thank you!!

v-saisrao-msft · ‎04-03-2025

Hi @ckingdon_bee,

Thank you for reaching out to Microsoft Fabric Community.

@Deku, Thank you for the prompt response. Adding to what @Deku, mentioned, you can also try below steps.

The service principal needs the same permissions as a user. Make sure it has at least "Contributor" access in Fabric and the correct permissions in GitHub.
If you’re using an Azure AD app, confirm that it has the right API permissions for Microsoft Fabric (Power BI API) and GitHub.
Run the script with -Verbose or -Debug in PowerShell to get more details on what is failing.
you can also try making a direct API request (using Invoke-RestMethod in PowerShell or Postman) to see if initializeConnection works at all.

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it!

ckingdon_bee · ‎04-03-2025

Hi there,

1. Yes the service principal has admin permissions on the workspace. I know that permission is good since I am able to call the connect/disconnect endpoints which require admin permissions in the workspace.

2. It is an Azure Entra App Registration. Currently it has the the following delegated permissions:

- Workspace.GitCommit.All

- Workspace.GitUpdate.All

- Workspace.ReadWrite.All

Additionally in the GitHub action I have the following:

permissions:

id-token: write

contents: write

Are there additional permissions I need here?

3. Running with verbose/debug doesn't give any more info around the specific error.

4. initializeConnection works just fine as long as I use my personal user via az login instead of using the service principal.

Here is the response that I get:

v-sathmakuri · ‎04-04-2025

Hi @ckingdon_bee ,

Please try the below additional steps

Add additional permissions as well in Azure Entra App Registration Workspace.GitAdmin.All, Workspace.ManageAll, and Workspace.GitRead.All, then make sure to grant admin consent.
Update your GitHub Actions permissions to include below actions

actions: read
contents: write
id-token: write
pull-requests: write

Please check Microsoft Fabric to see if the workspace is already connected, as that might be causing conflicts.

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it!

Thanks,

Rekha!!

ckingdon_bee · ‎04-04-2025

I only see the following 4 permissions under PowerBI Service for the app registration:

I did add all 4 of these and granted admin consent. Additionally I updated my GitHub Actions permissions and made sure that the workspace was disconnected before running again. I am still getting the same error however.

v-sathmakuri · ‎04-07-2025

Hi @ckingdon_bee ,

Thank you for your response!!

Can you please raise a Microsoft support ticket for further investigation. You can create a Microsoft support ticket using the link below.
How to create a Fabric and Power BI Support ticket - Power BI | Microsoft Learn

If this helps, then please Accept it as a solution and dropping a "Kudos" so other members can find it more easily.

Hope this works for you!

Thanks & Regards,
Rekha,

Cummunity Support Team.

Deku · ‎04-02-2025

Try adding the SPN as a contributor or admin in the required workspaces

Did I answer your question?
Please help by clicking the thumbs up button and mark my post as a solution!

ckingdon_bee · ‎04-03-2025

Yes I did make sure that the SPN is an admin in the workspace. I know that permission is good since I am able to call the connect/disconnect endpoints which require admin permissions in the workspace.

Unknown Error when calling the initializeConnection Fabric Git API endpoint with a service principal

Helpful resources

Power BI Monthly Update - May 2025

Fabric Community Update - May 2025

Become a Super User!

Unknown Error when calling the initializeConnection Fabric Git API endpoint with a service principal

Helpful resources

Power BI Monthly Update - May 2025

Fabric Community Update - May 2025