Whenever I try to test an API (using the Test tab of the API blade) I get
Could not complete the request. Please try again later.
This has been happening on my API Management services for at least two hours.
I've created an additional API Management Service and another subscription (with its own APIM).
I'm on the Consumption tier (which has a 99.9% SLA) and the Azure Status Page is showing green across the board. My own personal dashboard (Service Health) is showing No service issues found.
This leads me to think it's something I've done.
How do I go about investigating this?
Solved. I was on a VPN which was changing the certificate.
I worked this out by going to the URL in Chrome (rather than requesting from the Azure Portal or Postman). Chrome told me that the connection was not secure which led me to realise it was the effect of the VPN.
This server could not prove that it is myapimservice.azure-api.net;
its security certificate is from *.myworkapimservice.azurewebsites.net.
This may be caused by a misconfiguration or an attacker intercepting your connection.
Related
There is a portal which is currently accessible through intranet. Say, the request comes first to F5 (internal load balancer of the organization) then F5 to portal connection is established. Now, due to need, want to publish the portal in internet. Flow will be same like the request will land to F5 then F5 will forward request to the portal. Can anyone let me know what could be approaches to do this and what will be the best approach in such cases with minimal change.
you could do this with Access Policy Manager (APM) for BIG-IP if you have that licensing. This chapter on Web Access Management should achieve what you've described: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-access-policy-manager-implementations/web-access-management.html#GUID-53DDB815-D109-4BE3-B30A-BD08FA6A2F4B
I am getting error while accessing the Azure App Service, can you help in resolving the issue ?
What setting to be applied to resolve the issue ?
Thanks in advance.
This error comes either
When the public access is not allowed on Azure App Service, if you have open public API.
The IP of your application with which you are calling the app service is not whitelisted.
If you have any gateway in between then that may also be blocking your calls.
Solutions to try:
Try removing the access restrictions from Networking page of your web app.
Try giving the access to all by adding 0.0.0.0/0. Later you can add restrictions based on your requirements.
The sequence of the restrictions matters, so please check that once. If you have any blocked call before any allowed call, then it may impact.
You can also have restrictions based on http-headers like X-Forwarded-For. Please check that once. This can happen from code as well, based on how you handle the errors. Link
If your API is behind the Gateway, then you can check this: Application Gateway integration with service endpoints
Are you the developer of this website?
If you are, please navigate to Networking page of your web app, check the Access Restrictions.
If you are not the developer, just contact your administrator and allow your ip to access this website.
For more information, see Azure App Service access restrictions.
We are developing a app on azure virtual machine and the VM has ngnix installed with TLS version 1.2. The app consists of two action which performs salesforce and office365 oauth flow. The app worked pretty fine on local and azure app service too.
Problem
For some reason, we are moving the app to azure VM. Here is the problem, after oauth the flow returns a code and we need to generate the access_token using that code through a https request to office365 endpoint. The endpoint response is either timeout or Error Read ECONNRESET.
Analysis
The only working URLs,
http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net
https://myapp.vault.azure.net/secrets/{Secret-Name}?api-version=2016-10-01
Both the above is used to fetch the access token and key vault secrets. Luckily, this is working pretty fine and I am able to get all the secrets from azure key vault.
But the below urls are either no response timeout or Error: Read ECONNRESET
https://login.microsoftonline.com/{Tenant-Id}/oauth2/v2.0/token
https://test.salesforce.com/services/oauth2/token
I’ve also tried other public or fake rest APIs like,
https://reqres.in/
https://jsonplaceholder.typicode.com/
None of them seems to be working. Does anyone faced this kind of issue?
Just clarify the answer from the comments for more references.
The Error Read ECONNRESET means the other side of the TCP conversation abruptly closed its end of the connection. This is most probably due to one or more application protocol errors. Refer to this SO for details.
Moreover, you have only working URLs from Azure Instance Metadata service and Azure Key Vault service, other public or fake rest APIs are failures. So you properly face internet connectivity issue on that VM or VNet itself. You could check if the firewall is blocking the outbound traffic to the Internet on the local VM or NSG rules.
In the end, some change in the firewall settings fixes this issue.
Our website has been hosted on Azure for a few years. Tonight it is throwing 503 Service unavailable errors. I cannot even load a url to a .jpg file. I have restarted the app and still nothing loads from the website. I cannot buy Azure support because I have bought and cancelled Azure support in the past. We are a 3 person business and depend on our small website and it is down and I don't know what to do. None of the trace logs make any sense to me.
I think 503 could mean that you reached a quota and Azure now respond with a 503 for requests. So I would check the Quotas section within your App Service Plan.
Also check:
Troubleshoot HTTP errors of "502 bad gateway" and "503 service unavailable" in Azure App Service
There are several things you can do to help remedy the situation.
Restart the application (please indicate what it is that will help
us)
Restart the instance that the application is running on.
Restore from a previous working backup of the site.
You should also add more information to your post so we can help, like what application you are using e.g. Apache, Nginx ect.
I've also had a similar problem. I had two deployment slots and in the first slot (production) which I had the latest code and in the second slot, I've missed deploying the latest code and configured traffic as 60-40 which gave me hard time finding it.
Once I've set 100% to the production slot it started working.
Just thought to share this in case it could be useful if you come across the same stuff in the future.
For me it was "Path mappings" in "Configuration".
As soon as i added a new Azure Storage Mount, the application broke.
Setting my Storage account -> Networking, to "Enabled from all networks" fixed the issue.
For us it was a result of the remote debugger. Disabling remote debugger and restarting the app service fixed the 503 error. I think one dev was remote-debugging while another was deploying the app and that seems to have caused an issue under the hood of the app service that broke port binding (we were seeing a stack track in logs about failing to bind to port).
I have a seemingly intermitted issue with a site I'm hosting on Azure.
The site works for most but we're getting a few reports that when people try to access the site via a link (in an email for example) the site throws an ERR_CONNECTION_RESET error in Chrome.
The site is an S1 App Service
The site running is .Net Core 2.1 (MVC)
It has Let's Encrypt certificate applied to it (and this shows in the browser)
It is set to be Https only and Always On in Azure's SSL and Application Settings blades respectively.
I've had a look around and it feels like maybe this is an SSL issue but I'm not sure.
I've done a re-bind of the cert.
Can anyone offer any advice? I've not encountered this before.
Update
An update from our clients suggest it could be happening as our domain is newly registered.
Specifically, it could be a reputation/categorisation issue coming in to play with the threat protection they utilise on their networks.
I will look into submitting an update to the relevant sites to see if it helps.