I am having an issue with Azure proxy with secure remote access to an on-premises application

Question

I am having an issue with Azure proxy with secure remote access to an on-premises application. I have created an enterprise app with all the requirements and when I am trying to access it using proxy URL it is showing error "BadGateway"

Answer 1

@Divyesh Shah

Thank you for posting this in Microsoft Q&A.

If you are getting below error while accessing the application then probable root cause is as below,

In the Admin log on the connector:

Typical root causes

• Network issue
• TLS protocol configuration mismatch (protocol, chipher suite, algorithm, there are further settings)
• No certificate or invalid certificate is bound on the backend server
• The connector server cannot validate the SSL certificate of the server (name mismatch, expired certificate etc.)

Known issues

Before you start with the troubleshooting, clarify if the issue is caused by a known issue.

1. MS Patch brakes TLS negotiation with the error SEC_E_ILLEGAL_MESSAGE. Link

Important

Since June 2021 "backend certificate validation" is enabled for all the newly created Azure AD Application Proxy apps. (isBackendCertificateValidationEnabled = true) This makes the connector to validate the SSL certificate of the backend server. If the validation fails no SSL (TLS) connection is being established to the backend server. This adds additional security to the connector / backend communication. Deactivating the feature is just recommended for testing purposes.

Since 15. January 2023 this can be configured on the Azure Portal. For PowerShell you must use the MSGraph PS cmdlet. Applications created before June 2021 have the certificate validation deactivated.

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.