Share via

ADF - CDC Fails with "403 AuthSasRevoked" – Invalid MI Token Error in ADF

Rowan Schelvis 20 Reputation points
2025-06-13T09:55:46.84+00:00

Hi,

I’m running a real-time Change Data Capture (CDC) pipeline in Azure Data Factory to replicate changes between two SQL databases. However, I frequently encounter the following error:


"Code": 400,
"Message": "{\"StatusCode\":\"DFExecutorUserError\",\"Message\":\"Job failed due to reason: at Source 'SourceregistryDocumentEntry': Invalid cache token: Acquire MI Token failed with 403 AuthSasRevoked error\",\"Details\":\"java.lang.Exception: Invalid cache token: Acquire MI Token failed with 403 AuthSasRevoked error"

At other times, CDC works perfectly without issues.

Could you help me understand:

What causes this 403 AuthSasRevoked error?

How can I prevent it from happening in a CDC setup?

Thanks in advance for your help.

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,596 questions
0 comments
Accepted answer
  1. Venkat Reddy Navari 2,380 Reputation points Microsoft External Staff Moderator
    2025-06-13T14:14:09.79+00:00

    Hi @Rowan Schelvis The 403 AuthSasRevoked error in Azure Data Factory typically indicates that the Managed Identity (MI) token has been revoked or expired often during long-running or streaming CDC operations.

    A few troubleshooting steps that may help:

    Confirm the Managed Identity still has the right permissions: Make sure ADF’s Managed Identity still has the correct role on the SQL server (e.g., Contributor) and exists as a user in the database with proper roles like db_datareader or db_owner.

    Token Refresh: In the Linked Service, temporarily switch from MI to SQL authentication, publish, then switch back to MI and re-publish. This can clear any stale or cached tokens.

    Check CDC Health: On the source SQL DB, ensure CDC is correctly configured and there are no open transactions or LSN issues causing delays.

    Restart IR or Re-publish: For self-hosted Integration Runtime, restart the IR. For Azure IR, re-publish the pipeline to refresh connections.

    Retry Logic: In your Copy activity or trigger, consider adding retry policies to help handle transient token failures more gracefully.

    Hope this helps. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.