How to configure Power BI Enterprise Gateway Proxy configuration?

Power BI service allows connectivity thru PowerBI Gateway in case you do not want to expose the on-premise data sources. Power BI Gateway can be installed on a server /VM deployed in the on-premise environment. Now If you deploy the Enterprise gateway in the On-Premise network your network team may not be happy and they will not open the firewall to expose the Enterprise Gateway to connect to Internet. But do not worry and here is a good news that in order for Enterprise gateway to function properly it requires certain ports to be open and it does not required to expose to the internet. Here are the list of ports to be opened:

Here’s a list of FQDNs used by the gateway:

Domain namesOutbound portsDescription
*.download.microsoft.com80Used to download the installer. This is also used by the on-premises data gateway app to check for version and gateway region.
*.powerbi.com443Used for identifying the relevant Power BI cluster.
*.analysis.windows.net443Used for identifying the relevant Power BI cluster.
*.login.windows.net, login.live.com, aadcdn.msauth.net443Used for authenticating the on-premises data gateway app (AAD/OAuth2).
*.servicebus.windows.net5671-5672Used for Advanced Message Queuing Protocol (AMQP).
*.servicebus.windows.net443, 9350-9354Listens on Service Bus Relay over TCP (requires 443 for Access Control token acquisition).
*.frontend.clouddatahub.net443Deprecated – Not required. Will be removed from the public documentation as well.
*.core.windows.net443Used by data flows in Power BI to write data to Azure data lake.
login.microsoftonline.com443Used for authenticating the on-premises data gateway app (AAD/OAuth2).
*.msftncsi.com443Used to test internet connectivity if the gateway is unreachable by the Power BI service.
*.microsoftonline-p.com443Used for authenticating the on-premises data gateway app (AAD/OAuth2).
dc.services.visualstudio.com443Used by AppInsights to collect telemetry.

Please use this link to find the latest port details.

Once you open the ports specified above, you need to configure Power BI Gateway to use Proxy IP address for outbound traffic. This IP address is configured by your Network Administrator so all the communication happens thru this IP address and Port. Enterprise gateway uses Azure Service bus to communicate to PowerBI service thru a Encrypted connection so your data is secure.Here is the step by step instructions on how to configure the Proxy outbound address.

STEP 1. Download and Copy PowerBI Gateway Binaries into the server/VM hosted in the On-Premise data center. Install PowerBI Gateway. Installing PowerBI gateway is a very simple process as Microsoft provides a nice installer graphical interface. You need to select Enterprise mode instead of personal mode for corporate Enterprise environment.

STEP 2. Note down the Proxy outbound IP address from Your network Admin and test if Proxy server is configured properly.

Test-NetConnection -ComputerName watchdog.servicebus.windows.net -Port 9350

The results should look like the output below. If TcpTestSucceeded is not true, you may be blocked by a firewall.

ComputerName           : watchdog.servicebus.windows.net
RemoteAddress          : 70.37.104.240
RemotePort             : 5672
InterfaceAlias         : vEthernet (Broadcom NetXtreme Gigabit Ethernet - Virtual Switch)
SourceAddress          : 10.120.60.105
PingSucceeded          : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : True

You can also use CURL command line tool as well. Here IP Address and port provided by Network Admin. The gateway will use this IP Address and Port for outbound communication.

CURL http://watchdog.servicebus.windows.net --proxy IPADDRESS:PORT

In my experience in a typical corporate environment you have to do so much back and forth to get the proxy setting done. Sometimes you may have to use Wireshark tool output to prove your point to your network Administrator.

STEP 3. Open the config file located at this link C:\Program Files\On-premises data gateway/EnterpriseGatewayConfigurator.exe.config

Append the xml configuration carefully. Please replace the IP Address and Port provided by your Network Administrator.

<system.net>
    <defaultProxy useDefaultCredentials="true" >
<proxy  
            autoDetect="false"  
            proxyaddress="http://IP ADDRESS:PORT"  
           bypassonlocal="true"  
            usesystemdefault="true"
        />  
    </defaultProxy>
  </system.net>

STEP 4: Repeat the step 2 for the file located at C:\Program Files\On-premises data gateway/Microsoft.PowerBI.EnterpriseGateway.exe.config .Please replace the IP Address and Port provided by your Network Administrator. Usually port 3128 used by some proxy servers (3proxy).

<system.net>
    <defaultProxy useDefaultCredentials="true" >
<proxy  
            autoDetect="false"  
            proxyaddress="http://IP ADDRESS:PORT"  
           bypassonlocal="true"  
            usesystemdefault="true"
        />  
    </defaultProxy>
  </system.net>

STEP 5. In case If you want your gateway to connect to cloud data sources through a proxy, you eed to update the following file: C:\Program Files\On-premises data gateway\Microsoft.Mashup.Container.NetFX45.exe.config.

<configuration>
<system.net>
    <defaultProxy useDefaultCredentials="true" enabled="true">
    <proxy proxyaddress="http://IPAddress:Port" bypassonlocal="true" />
    </defaultProxy>
</system.net>
</configuration>

STEP 6. Stop and start the Enterprise Gateway service so your changes can take into effect.

net stop PBIEgwService
net start PBIEgwService

STEP 7: Open PowerBI Enterprise Gateway and Sign in to your PowerBI account. Go to Enable diagnostic logging and conduct the network port test by clicking start network port test.

It will show text file with the overall result and granular result. You can send these results to your network administrator and request him to resolve the network issues.

The Proxy URI will be in the form of IPADDRESS:Port and this will be provided by your Network Administrator. If the results of these tests are successful this means you should be able to connect to gateway.

STEP 9: Ensure that the VM where you have deployed the Gateway it is able to connect to your data sources either thru ODBC or directly thru the IPaddress of the data sources. In order to test it the connectivity you can download the PowerBI desktop into the Sever /VM where you have deployed the Gateway and try creating the sample report by connecting it to data source. Now publish the report.

STEP 10. Now download the report published in the STEP 9 into your desktop and you can start workin on this report without changing the data source. You will notice that all the data source is already available and once you shape the data and publish the report. It is using the Power BI gateway to pull the data.

I hope this helps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.