Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This troubleshooting checklist consolidates the required steps for resolving Azure Logic Apps setup and connectivity issues.
Troubleshooting checklist
Configure the logic app for VNet integration
Make sure that the logic app is configured correctly for virtual network (VNet) integration:
- On the Azure portal, navigate to Logic App > Settings > Networking > Outbound traffic configuration.
- Select Add virtual network integration.
- Choose a virtual network that includes a subnet without any delegations. For more information, see Prerequisites.
- Add this app setting: WEBSITE_VNET_ROUTE_ALL = 1.
Verify storage account access
Verify that the storage account has the necessary network rules and permissions to allow access from the logic app:
- Navigate to Storage Account > Networking > Public network access > Enable from selected networks.
- In Virtual Networks, add the logic app subnet.
Verify that private addresses are returned for endpoints
If private endpoints are enabled, check DNS settings to make sure that private addresses are returned for endpoints.
Important
Make sure that you follow these steps if you use your own DNS server instead of Azure DNS.
- Create private DNS zones (for example: privatelink.blob.core.windows.net).
- Link the DNS zones to the VNet.
- Add these app settings:
- WEBSITE_DNS_SERVER
- WEBSITE_DNS_ALT_SERVER
- Verify these settings by using Kudu together with the
nameresolvercommand.
Enable Allow storage account key access
Enable Allow storage account key access in the storage account configuration:
- Navigate to Storage Account > Configuration.
- Set Allow storage account key access to Enabled.
Ensure private endpoint connectivity
Use the built-in connector for Azure Blob Storage to ensure private endpoint connectivity:
- Navigate to Workflows, and select the workflow that you want.
- On the workflow menu, select Designer.
- Select Built-in > Azure Blob Storage.
- Provide the storage account connection string.
Switch to built-in connectors
Switch to using built-in connectors for scenarios that require private endpoint access:
- Select Built-in connectors for private endpoint scenarios.
Route outbound traffic through the VNet
Make sure that the logic app's outbound traffic is correctly routed through the VNet:
- Select Route All.
- Associate an Azure Network Address Translation (NAT) Gateway for predictable outbound IPs.
- Verify the network security groups (NSG) and user-defined routes (UDR) rules.
Search for any missing app settings
Check the logic app runtime configuration to determine whether any app settings are missing.
Deploy single-tenant logic apps that have private storage accounts
If you still experience deployment failures, make sure that your configurations align with the requirements of your specific deployment scenario. For example, you might have to add the following app settings:
- WEBSITE_CONTENTOVERVNET = 1
- WEBSITE_VNET_ROUTE_ALL = 1
Additionally, check DNS and host settings.
References
- Secure traffic between Standard workflows and virtual networks - Azure Logic Apps
- Deploy Standard logic apps to private storage accounts - Azure Logic Apps
- Install on-premises data gateway for logic app workflows - Azure Logic Apps
- Connect to on-premises data sources - Azure Logic Apps
Third-party contact disclaimer
Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.