"The specified blob does not exist" in Ocp-Apim-Trace-Location when making requests through self hosted gateway

sast 41 Reputation points
2022-11-07T14:17:13.45+00:00

We have a self hosted gateway deployed in our API Management instance which redirects traffic to services located on premise.

We are not able to get the trace logs when adding a "Ocp-Apim-Trace" header to requests made through the self hosted gateway as we have been seeing either one of these two errors in the URL returned in the "Ocp-Apim-Trace-Location" header:

<Error>
<Code>BlobNotFound</Code>
<Message>The specified blob does not exist. RequestId:xxxxxxxxxxxxxxx Time:2022-11-07T13:28:18.5505668Z</Message>
</Error>

or...

<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:xxxxxxxxxxxxxx Time:2022-11-07T13:34:40.0429362Z</Message>
<AuthenticationErrorDetail>Signed expiry time [Tue, 11 Oct 2022 12:42:43 GMT] must be after signed start time [Mon, 07 Nov 2022 13:34:40 GMT]</AuthenticationErrorDetail>
</Error>

Since the log file is created in a blob by Azure (where the URL looks like https://apimXXXXXXXX.blob.core.windows.net/apiinspectorcontainer.....) we're not able to control the configuration and can't really tell why this is not working like it does with request to APIs through the managed gateway.

Question is: Is this behaviour something that should be expected when adding a trace header to requests run through a self hosted gateway, or should this work? I don't want to disclose the request information here so if it turns out that these errors are not expected and specifically related to our service, I will create a support request through Azure instead.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,930 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,598 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. MuthuKumaranMurugaachari-MSFT 22,266 Reputation points
    2022-11-11T21:17:36.81+00:00

    @sast Thank you for reaching out to Microsoft Q&A. Sorry for the delay in response. Based on the statement above, you got either BlobNotFound or AuthenticationFailed error when accessing trace logs. As per docs: Review trace information, trace data can be accessed up to 24 hours and see the details below:

    259629-image.png

    Also, if you look at the blob url (highlighted above) with SAS token (shared access signature), se parameter refers to the signed expiry time (which is 24 hours away from the request time) and after that, SAS token becomes invalid. If you have tried accessing trace log after the expiry time, you would get an error. Check out docs to know more about these parameters.

    259580-image.png

    To identify the exact failure, we would require additional information specific to the resource as you mentioned, and I noticed that you already have created a support request regarding this issue. The support team have the best resources to assist you here and feel free to reach out for any other questions.

    Please ‘Upvote’ if it helped so that it can help others in the community.

    1 person found this answer helpful.