Azure Frontdoor - Backend Targets not working

Jeffrey Lucal 1 Reputation point
2022-11-14T20:07:08.503+00:00

Question - We have an Azure Frontdoor configured with two backend (public IP) web servers. It always seems to fail the healthchecks and doesn't keep consistent. The same two servers are sitting behind a traffic manager that is working fine but if I try to put those servers behind the frontdoor it never seems to work properly. The flow should be fairly easy:

FrontDoor -> 2 Public IP's -> Each IP going to a different IaaS web server across two regions over SSL

Any suggestions here?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
627 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,291 questions
Azure Web Application Firewall
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,391 Reputation points Microsoft Employee
    2022-11-17T12:58:39.99+00:00

    Hello @Jeffrey Lucal ,

    I understand that you are consistently getting 503s when connecting to Azure Front Door with IP based backend.

    Could you please confirm if your Azure Front door has HTTPS-enabled endpoints?
    Classic : https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
    Standard/Premium : https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain

    If yes, then this is by design.

    Azure Front Door has a switch called EnforceCertificateNameCheck. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.

    To resolve this issue, you need to disable "EnforceCertificateNameCheck".

    Refer : https://learn.microsoft.com/en-us/azure/frontdoor/troubleshoot-issues#503-responses-from-azure-front-door-only-for-https

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments