The availability graph in my azure portal is not working. I tried enabling HealthCheck and creating a classic URL ping test. However both do help. The URL ping test does not work as it says " '403 - Ip Forbidden' does not match the expected status '200 - OK'.". How can I fix this?
Related
I am following up this doc series to set up an internal API management instance integrated with APP Gateway in azure. I followed everything to the detail:
Created a new resource group
Setup a Vnet with 3 subnets
And setup a private dns zone and link the vnet
And then created self-signed certificates to be used with the dns created in private dns zone
Created API management instance and added custom domains
Created a App Gateway with public IP and setup routing rules and backends and setup health probes with path /status-0123456789abcdef for APIM
But now I am getting this backend health error as below:
Can someone tell me what I am doing wrong?
Are there any security groups to be configured? I am using an internl mode for the APIM, and when I even try to test the default API (which is echo test) it gives the below error:
Why this is not working? If you need any more information, I will let you know (update the question). Can someone please help me?
I have a similar situation which was driving me insane. I must have changed everything I possibly could. The answer, was to create a custom health probe and at the very bottom of the HTTP settings it was an option to use the custom probe.
Since the Gateway URL is not registered on the public DNS, the test console available on the Azure portal will not work for Internal VNET deployed service. Instead, use the test console provided on the Developer portal.
You can find more details here.
Azure Traffic Manager monitoring status for Endpoints(Azure Application Gateway/WAF)is degraded. Web app behind the Application gateway is healthy and able to access through Traffic Manager.
Any help will be appreciated.
thanks.
You can press F12 to check the Network status of your webpage to determine what status is returned. You also can use tools to show the HTTP status code return from the probe URL. An endpoint is unhealthy when any of the following events occur:
A non-200 response is received (including a different 2xx code, or a 301/302 redirect) or non-any of the responses configured in the Expected status code ranges.
Request for client authentication
Timeout
Unable to connect
Also, If all endpoints in a profile are degraded, then Traffic Manager treats all endpoints as healthy and routes traffic to all endpoints. This behavior ensures that problems with the probing mechanism do not result in a complete outage of your service.
You could verify if any of the above events happen on your side and modify the health probe configuration. Such as the health probe path should have enough logic to identify the endpoint is up or down. Edit expected status code ranges and probe timeout. See more information about configuring endpoint monitoring.
I got the solution, this issue comes only if your listener is Multisites. If the listener is Basic for app gateway then it works as expected.
The solution, need to set custom header settings against the hostname. Like below:
hostname:web1.com,newheader:web2.com
You also need to set the custom status code range.
Refer: https://sakaldeep.com.np/1156/troubleshooting-azure-traffic-manager-monitoring-status-is-degraded-for-azure
I am trying to set up ADFS Proxy servers behind an Azure Application Gateway but keep getting unknown error. Please try again when testing backend health.
I have 2 VMS in the backend pool with Windows 2012 Datacenter. I have set up the probes as follows :
Host: 127.0.0.1
Protocol : HTTPS
Path : /
Interval : 30
Timeout : 30
Unhealthy Threshold : 3
NSGs on the Backend VMs have been opened to allow all traffic for testing but still get the error
Since you say your NSGs allow traffic, check to ensure that your Firewalls on the VM itself are not blocking anything. In the Firewall settings check the boxes next to "enable file and printer sharing."
This seems obvious, but double-check that your VMs are all turned on and can ping each other. Also ensure that they are all joined to the domain.
Try removing the NSG temporarily to see if it works without it.
Allow the ports 65503-65534 in your NSGs and then check the status. These are necessary to be allowed to ensure that the App Gateway monitoring API can reach the endpoint for checking the health status.
Refer to this troubleshooting guide. https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-troubleshooting-502
Check the Azure status to make sure there is not an outage. We recently had some outages in the Central South region. https://azure.microsoft.com/en-us/status/
How to debug the azure gateway probe? I have a setup which azure identifies as "unhealthy". The setup consist of one gateway with a http-setting with a custom probe. Behind it are two virtual machines.
When testing the path to the probes by direct ip, they both work. But the gateway identifies them as unhealthy.
Can I see a log somewhere why they are unhealty?
My response code is a simple "OK" string with 200 OK status code.
You could check this link.
View back-end health through PowerShell:
Get-AzureRmApplicationGatewayBackendHealth -Name ApplicationGateway1 -ResourceGroupName Contoso
There is a hello world service run in Azure Container Service, its address is http://52.168.172.165, can access this address and get response successfully in browser.
Create an Azure Application Gateway using default setting and public IP
HTTP Setting: HTTP 80 <appGatewayBackendHttpSettings>
Listeners: HTTP 80 <appGatewayHttpListener>
Rules:
rule1: < appGatewayHttpListener> - <appGatewayBackendHttpSettings> -<appGatewayBackendPool>
Backend pools:
appGatewayBackendPool
Associated Rule: <rule1>
Targets: 52.168.172.165
The issue is in the backend health, the status is unhealthy of 52.168.172.165:80. Since no backend service works, when I access address of Application Gateway, it shows 502 error.
But actually I can access the service http:// 52.168.172.165:80 in browser, my question is why the status is unhealthy in Application Gateway and how to correct it?
BTW, I had done some research for the issue, like following article
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-troubleshooting-502
For my backend service:
A browser request to the backend service is serviceable.
No timeout.
30 seconds is enough for the probe interval.
So what the issue is that show unhealthy?
Configuring the backend pool to use the IP address and FQDN for health check worked great for me. Not sure why it wasn't entered as an answer.