Backend target on .azurewebsites.net gets stuck if AppGw created before App Service

Josh Hodgson 1 Reputation point
2022-02-04T14:12:37.527+00:00

We have a requirement to deploy an Application Gateway V2 before the app service it points to is created and it's causing the AppGw to get stuck. Here's the process to replicate:

1 - Create an AppGwV2 pointing to a non-existing web app. The health check shows grey and "unknown" which is expected as the domain doesn't resolve

171345-image.png

2 - Create the app service with the name as specified in the backend target. The app is publicly accessible but the app gateway health check stays grey indefinitely

171377-image.png

This can be 'tricked' back into working by going to App Gateway resource > Listeners blade > Edit the listener and add or remove a custom error page. As soon as you hit save, the health check will begin resolving green
171337-image.png

It feels to me like a non-resolving FQDN lookup of the backend target results in the grey health check which is never looked up again after the initial failure. I would expect a backend target's health check to resolve green once the FQDN begins to resolve. However, I have not tried with a target outside of app service.

Has anyone seen this error before? Thanks!

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
961 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,908 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vidya Narasimhan 2,201 Reputation points Microsoft Employee
    2022-02-05T06:25:00.3+00:00

    @Josh Hodgson
    Please try enabling 'Host Name Override' and set 'Pick Host Name from backend target' in the App Gateway HTTP Setting.
    By default, Application Gateway does not change the incoming HTTP host header from the client and sends the header unaltered to the backend. Multi-tenant services like App service or API management rely on a specific host header or SNI extension to resolve to the correct endpoint. Change these settings to overwrite the incoming HTTP host header.

    Please let me know the status code you see in the backend health post this change.

  2. ajkuma 22,416 Reputation points Microsoft Employee
    2022-02-10T20:05:39.437+00:00

    Update: To benefit the community, sharing updates from the offline(case) discussions:

    "Application Gateway resolves the DNS entries for the backend pool at time of startup and doesn't update them dynamically while running.", as mentioned in this doc. Currently, Application Gateway will not dynamically look for DNS record changes.

    There are plans to change this behavior, but there is on ETA on this yet. Your feedback is very important to us. We have relayed your feedback to our product engineering team.

    Apologies for any inconvenience! Thanks for your patience, JoshHodgson-6217.

    ---------
    To benefit the community find the right answers, please do mark the post which was helpful by clicking on Accept Answer’ & ‘Up-Vote’.