This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 24%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EUK%3C/text%3E%3C/svg%3E)
Hi,
I have an environment inside a VNET, with Azure Function, Azure Storage Account, Azure Keyvault, Cosmos DB all restricted with private endpoints. Azure Function has VNET integration for connectivity with resources which are within the VNET. All these resources are having their private endpoints created in different subnets under the same VNET.
Code repository is in Azure DevOps and I was trying to deploy to this Azure function, which was not possible due to the restrictions that the private endpoint brought with it. Hence I created a new deployment slot, without any private endpoints, but with outbound VNET integration and restricted access to DevOps service tag. With this change I am able to deploy to the slot and test the functions. Now, I wanted to swap the deployment slot to production slot which is having the private endpoint, but receiving the error similar to what mentioned in this unanswered Stackoverflow question.
Please note, I am able to run the functions (from a VM within the same VNET) through the deployment slot, only the slot swap is not working. The error doesn't provide much details and when checked the eventlog under the source slot, there are no entries for this error.
Azure Function with Private endpoint and outbound VNET integration
New deployment slot
Deployment slot network configuration
Error during swap
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 41%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
This is related to https://github.com/Azure/azure-functions-host/issues/8448. This was caused by an internal platform component, and I’ll update/close this issue when the component fix has been fully released. Unfortunately, the ETA for a full roll out is within the next 3 to 4 months.
he fix is deployed but we had to introduce a new app setting that you should set on your production slot (or the swap slot if you're swapping between two subslots) called WEBSITE_OVERRIDE_STICKY_DIAGNOSTICS_SETTINGS and set it to 0 (zero). I.e.,
WEBSITE_OVERRIDE_STICKY_DIAGNOSTICS_SETTINGS=0
This will allow you to swap the slots when the storage account is network restricted. Here is our documentation on app settings. This should not have any impact on your Azure Monitor related diagnostics settings configuration and is related to the legacy Application Log Settings configuration, which was preventing Premium Functions slot swaps from occurring.
Next steps on our side are:
We will add to our backlog a work item for this setting to defaulted for Premium Functions, so you won't have to add it but currently no ETA for this, so the above is the current final solution.
We will add the app setting to our App Settings list documentation