Share via

Azure AD 500 - Internal server error

Lukasz Kulas 0 Reputation points
2024-07-11T19:24:52.1066667+00:00

I have issues with Azure AD authentication in my Linux App Service app. The authentication goes through fine, hitting redirect URL, but instead of my app I see the following message:

This page isn’t working

....azurewebsites.net is currently unable to handle this request.

HTTP ERROR 500

I'm using Authentication with certificate thumbprint set from Terraform.

The app pulls the certificate from key vault, it's loaded in "Bring your own certificate" and thumbprint is set in WEBSITE_LOAD_CERTIFICATES.

The public certificate is added to the app registration site.

I'm pretty sure my configuration is fine as it works in my test and stage subscription where I use Microsoft Entra instance from another subscription. It also used to work on production a few weeks ago without any relevant changes to my terraform.

I can't find any relevant logs on Microsoft Entra nor any failures on the web app site.

I'd be very grateful for any suggestions.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,620 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,879 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 7,135 Reputation points Microsoft Vendor
    2024-07-15T12:47:21.2366667+00:00

    Hello @Lukasz Kulas,

    Thank you for posting your query on Microsoft Q&A.

    If your application is returning 500 Errors when it starts, there could be a few reasons:

    1. Node.exe is not present at the correct location. Check nodeProcessCommandLine setting.
    2. Main script file is not present at the correct location. Check web.config and make sure the name of the main script file in the handler's section matches the main script file.
    3. Web.config configuration is not correct – check the settings names/values.
    4. Cold Start – Your application is taking too long to start. If your application takes longer than (maxNamedPipeConnectionRetry * namedPipeConnectionRetryDelay) / 1000 seconds, iisnode returns a 500 error. Increase the values of these settings to match your application start time to prevent iisnode from timing out and returning the 500 error.

    Refer to this document link for troubleshooting- https://learn.microsoft.com/en-us/azure/app-service/app-service-web-nodejs-best-practices-and-troubleshoot-guide

    To check the logs, I'd recommend enabling logging service for Azure App Service:

    Enable diagnostics logging for apps in Azure App Service

    https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs

    Click on App Service logs in settings option and Turn On Application logging (Filesystem).

    image.png

    These logs will be able to give you more insight into what is causing the app to error out.

    If above steps didn't fix the issue, please refer the below troubleshooting document.

    https://azureossd.github.io/2022/10/17/troubleshooting-common-iisnode-issues/index.html

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.