metricsign
Start free
High severityauthentication

Power BI Refresh Error:
1698

What does this error mean?

The root user authenticates via OS socket only, blocking password-based logins from applications.

Common causes

  • 1Ubuntu/Debian MySQL packages configure root with the auth_socket plugin by default
  • 2Application or ADF attempts a TCP password login as root instead of using a dedicated service account
  • 3The root account has no password and relies entirely on OS user matching

How to fix it

  1. 1Step 1: Switch root to password authentication: `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'strong_password'; FLUSH PRIVILEGES;`
  2. 2Step 2: Better practice — create a dedicated service account: `CREATE USER 'svc_adf'@'%' IDENTIFIED BY 'password'; GRANT SELECT ON your_db.* TO 'svc_adf'@'%'; FLUSH PRIVILEGES;`
  3. 3Step 3: Update the ADF linked service or dbt profile to use the new service account credentials.

Frequently asked questions

Why does 'mysql -u root' work in the terminal but my app gets error 1698?

The terminal login works because the OS user matches the socket plugin requirement. Your app connects via TCP with a password, which the auth_socket plugin rejects.

Should I use root for ADF or dbt connections?

No — always create a least-privilege service account. Root access from application connections is a security risk.

Can MetricSign detect when this error blocks a pipeline?

Yes — MetricSign captures ADF pipeline failures and shows the error code in the incident detail, letting you pinpoint auth issues quickly.

Official documentation: https://dev.mysql.com/doc/mysql-errors/8.0/en/server-error-reference.html

Other authentication errors