Snowflake connection issue

Hello there,

When connecting Foundry to Snowflake, after ensuring the appropriate credentials, selecting a Warehouse and Database, assigning the proper roles to the user in Snowflake, and importing all approved egress policies captured via (REF1), I’m still unable to connect Foundry to Snowflake.

I’ve checked many times both Snowflake and Foundry docs and after executing all the steps, it still doesn’t work, as can be seen in the logs (REF 2). Can someone help with this issue? This is preventing me from using Snowflake data within Foundry. :persevere:

REF 1:

SELECT t.VALUE:type::VARCHAR as type,
       t.VALUE:host::VARCHAR as host,
       t.VALUE:port as port
FROM TABLE(FLATTEN(input => PARSE_JSON(SYSTEM$ALLOWLIST()))) AS t;

REF 2:

The explorer command failed to run:

java.lang.Throwable: RemoteException: INVALID_ARGUMENT (MagritteExplorer:SqlError) with instance ID 29d73410-e9ae-4bf1-b9a2-666a10b49aa1: {reason=JDBC driver encountered communication error. Message: Remote host terminated the handshake., sqlState=58030, vendorCode=200015, originalErrorInstanceId=1c514f7e-d657-47c7-bb1c-63f7a8b1256a, stacktrace=com.palantir.magritte.explorer.jdbc.MagritteExplorerErrors.sqlError(MagritteExplorerErrors.java:25)}

Hey @Luis_Felipe_Trindade is it possible that your snowflake requires whitelisting of ingress IP addresses as per https://docs.snowflake.com/en/user-guide/network-policies?

Hello malbin,

Thank you so much for the answer, I’ve tested and the access still not possible. I was checking the last login attempts and we started having trouble after an outage we’ve had where Foundry tried +1000 attempts to connect to Snowflake, blocking the account. We started having troubles after migrating to Snowflake client 3.17.0. I’m being able to connect to our Snowflake Dev which is at 3.16.1.

Have you heard of any issues related to Snowflake 3.17.0 release?

Also, do you know if it’s possible to change Foundry’s connection IP?

Best,
Luis Trindade

While reading some snowflake community posts, I’m seeing people with similar issues that seemed to be related to the connection being stablish with wrong credentials:
reason=JDBC driver encountered communication error. Message: Remote host terminated the handshake., sqlState=58030, vendorCode=200015

There is any risk for wrong credentials to be cached and not refreshed? I’ve created a connection from scratch, trying to solve this potential issue but I’m still having the same issue.

Hey @Luis_Felipe_Trindade,

To answer your questions in turn:

  1. We haven’t heard of issues with snowflake 3.17 in particular.
  2. What is the outage you’re referring to? Can you expand on the cirumstances of Foundry making 1000+ connections
  3. Foundry connection IPs cannot be cahnged, but are shown to you in the Data Connection setup menu and in Egress Controls in Control panel. There are usually 3 possible IPs for high availability reasons.
  4. I do not believe we run this risk. Credentials should be read on every connection from what you input into the data connection.

Some extra questions from me:

  1. Am I udnerstanding correctly that this connection used to work and then stopped?
  2. Are you trying wiht a new account, or the same existing account?
  3. Did you unlock it after it was blocked before?
  4. For the new setup are you seeing Foundry attempts to connect in the logs?

Hello malbin!

I’ve requested one of our engineers reach you privately with some more precise information, such as with logs and more.

Right now I was able to figure out what is not working properly. I’m currently able to create virtual tables, without any problem, but still, I can’t explore the source and create syncs.

The issue seems to happen at the “Running exploration request” step at the connector setup. When collecting metadata, via getTables(), it’s not being successful which causes the following error:

“Exception while running exploration request”
{“throwable0_message”:“JDBC driver encountered communication error. Message: Remote host terminated the handshake.”}

It’s interesting that when I try to set a connection to my dev account, the connector is using JDBC version 3.16.1, on the other hand, when I try connecting to my prod account, it’s using the 3.17.0, even if I create both connections at the same time.

Do you have any insights regarding it?

Hello community!

Just to give feedback on the resolution.

After Snowflake rotated the IPs, Foundry was still reaching the old IPs, it seemed that they got, somehow, cached for more than a week.

To solve temporarily this issue we have created egress policies for the DNS IPs directly.

Troubleshooting:

  1. Look for the Snowflake system allow list of egress dns.

SELECT t.VALUE:type::VARCHAR as type,
t.VALUE:host::VARCHAR as host,
t.VALUE:port as port
FROM TABLE(FLATTEN(input => PARSE_JSON(SYSTEM$ALLOWLIST()))) AS t;

  1. Select the Snowflake Deployment and Stage DNSs and look for their IPs. In windows, in your CMD, run the following snippet:

nslookup <DNS(Host)>

  1. Copy the IPs and create new egress policies for those IPs and import them to the connection.

  2. Fingers crossed :crossed_fingers: and try exploring the source again! Good Luck! :person_raising_hand:

Hopefully this can help you all in the future! :grin: