Azure Frontdoor - Backend Targets not working

Question

Question - We have an Azure Frontdoor configured with two backend (public IP) web servers. It always seems to fail the healthchecks and doesn't keep consistent. The same two servers are sitting behind a traffic manager that is working fine but if I try to put those servers behind the frontdoor it never seems to work properly. The flow should be fairly easy:

FrontDoor -> 2 Public IP's -> Each IP going to a different IaaS web server across two regions over SSL

Any suggestions here?

Answer 1

Hello @Jeffrey Lucal ,

I understand that you are consistently getting 503s when connecting to Azure Front Door with IP based backend.

Could you please confirm if your Azure Front door has HTTPS-enabled endpoints?
Classic : https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
Standard/Premium : https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain

If yes, then this is by design.

Azure Front Door has a switch called EnforceCertificateNameCheck. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.

To resolve this issue, you need to disable "EnforceCertificateNameCheck".

Refer : https://learn.microsoft.com/en-us/azure/frontdoor/troubleshoot-issues#503-responses-from-azure-front-door-only-for-https

Kindly let us know if the above helps or you need further assistance on this issue.

----------------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.