metricsign
Start free
Medium severityconnectionSnowflake

Power BI Refresh Error:
254002

What does this error mean?

The Online Certificate Status Protocol (OCSP) check could not be completed because the OCSP responder was unreachable. Snowflake's connector uses OCSP to verify that the server's TLS certificate has not been revoked.

Common causes

  • 1Firewall blocking outbound HTTP traffic to Snowflake's OCSP responder (ocsp.snowflakecomputing.com)
  • 2OCSP responder is temporarily unavailable due to network issues or maintenance
  • 3DNS resolution failure for the OCSP responder hostname
  • 4Corporate proxy requiring authentication for OCSP traffic
  • 5High-latency network causing OCSP requests to time out

How to fix it

  1. 1Allow outbound HTTP (port 80) to ocsp.snowflakecomputing.com in your firewall rules.
  2. 2Test OCSP reachability: curl -I http://ocsp.snowflakecomputing.com.
  3. 3If OCSP is blocked and cannot be unblocked, set OCSP fail-open mode: SNOWFLAKE_OCSP_RESPONSE_CACHE_SERVER_ENABLED=true env var.
  4. 4Check DNS resolution: nslookup ocsp.snowflakecomputing.com.
  5. 5If behind a proxy, set the proxy for OCSP traffic or configure ocsp_fail_open=True in the connector.

Frequently asked questions

What is OCSP fail-open mode?

In fail-open mode, the connector allows the connection to proceed even if the OCSP check is unavailable. This avoids connectivity failures due to OCSP outages but reduces certificate revocation detection. It is acceptable in most corporate environments.

Does OCSP use HTTP or HTTPS?

OCSP traditionally uses HTTP (port 80), not HTTPS. This surprises teams that only allow HTTPS outbound — you need to allow port 80 specifically to the OCSP responder host.

Official documentation: https://github.com/snowflakedb/snowflake-connector-python/blob/main/src/snowflake/connector/errorcode.py

Other connection errors