Question 371057 in Azure Question posted in
The official documentation to get you started can be found here.

Azure Search Integrated Vectorization Error

I’ve been using Azure AI Search for a while now and it has been running smoothly.
I use the 2023-10-01-preview for the AI Search to have access to the integrated vectorization feature. Vectorization is made through Azure OpenAI Embeddings and I authenticate using System assigned identities. The OAI service only allows access from dedicated VNets and services, however, the Search is included in it.

As I said, everything has worked fine until 2.4.24, coming back from easter holidays.

Now, I get the following error when running the search (also from the portal’s search explorer view):

Could not complete vectorization action. The vectorization endpoint returned status code '403' (Forbidden).

The weirdest part is, that sometimes, when I open the Search Explorer and make a search, it works. Then, I run the same search again and the error pops up again.
When I deactivate vector search, it works of course.

Especially this flaky behavior that it does sometimes work, leaves me clueless, as I have not changed anything.

PS: The API-Version of the OpenAI-Service is 2024-02-01

This issue looks similar but I wouldn’t understand how an API change would solve the issue. Also, 2023-11-01 doesn’t use integrated vectorization so I guess the only reason it works for this user (in the answer at the bottom) is, because there is no call to vectorization at all.

Does anybody see the same problem in their setup?

Update: When I deactivate the VNet rules and allow public access, the Vectorization works again. I definititely didn’t touch anything about the networking rules. Did Azure (Search) change something to the 31.3.24? IP-address updates that are not yet reflected in the Trusted Services rules?

Tags:

2

Answers


  1. 0

    We’ve identified this as an issue in the current version of the Search and AOAI service communication. Until this is fixed, we can suggest two workarounds:

    1. Turn off trusted access in firewall rules

    2. For a S2 service, use SPL (documentation: Connect through a shared private link – Azure AI Search) to connect to AOAI.

      For a service that is not S2, add the search IP address to the AOAI firewall rules (documentation: Connect through firewalls – Azure AI Search)

    [UPDATE] The underlying issue has been resolved, and search services should now be able to reliably connect to Azure OpenAI without the workarounds described above.

    Login or Signup to reply.
  2. 0

    The Azure OpenAI Trusted Service fix will be deployed in a week.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search