azure api management - create workspace, but cannot access workspace

Seonho Kim 25 Reputation points
2023-06-24T19:18:43.9566667+00:00

error message1: "An unknown error occurred."

error message2: Failed to connect to management endpoint -> but Network status all green

Failed to connect to management endpoint at xxx[.management.azure-api.net:3443] for a service deployed in a virtual network. Make sure to follow guidance at https://aka.ms/apim-vnet-common-issues.

I created a workspace named "develop", but an unknown error occurred. only error occurs. How should I use it workspace?

I haven't set up a virtual private network, but do I have to set up a vpn to use the workspace??

<<korean>>

<korean>

"develop" 이란 workspace를 만들었는데, 알 수 없는 오류가 발생했습니다. 라는 에러만 발생합니다. 어떻게 사용해야 하나요? virtual private network 설정을 안했는데, workspace 사용을 위해서는 무조건 vpn 설정을 해야하나요?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,291 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ben Gimblett 4,545 Reputation points Microsoft Employee
    2023-06-26T15:49:56.8466667+00:00

    Hi - thanks for the question. Based on what you've said it sounds like the control plane traffic - which is inbound from the Azure Data Centre to your APIM instance is blocked.
    Usually there's two possible reasons
    (a) There's an NSG which is preventing the traffic on the given port (3443)
    (b) There's force tunnelling - a user defined route is pushing traffic from APIM subnet to a firewall - an exclusion is recommended so the return path for the control plane traffic is not sent via the firewall.
    Both issues and mitigations are covered in the link, in your question and here

    If none of that applies (the NSG is correct, and you either dont force tunnel, or you do and it's set up as recommended) then...:-

    If you're APIM is vnet connected and running in internal mode (private IP) then the APIM gateway resource itself and its endpoints will only be accessible via the network (either a client on the network, or on a connecting network) and not publicly. But.... the control plane still works because a public IP is retained for this purpose.

    Aside from using the apim test console in the portal , there should not be a need to interact with APIM via the Az portal from a browser/VM client with direct networking line of sight (in the test console case, the one that ships with the dev portal can be used instead)


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.