Share via

Azure FrontDoor unavailable backend and origin error

KBadejo 75 Reputation points
2024-01-04T16:06:12.6166667+00:00

We keep getting this notification message on an Azure Front Door instance we have.origin_notification

Our setup in Front Door is one simple backend origin. (App service) and a custom domain pointing to it.

origin_group1

In the Health probe logs we keep getting result: OriginError with a 301 status code as well.

I understand it's best practice to have health probes disabled with only one backend origin,

But i'm confused as to why we keep getting backend unavailable, even when the backend is infact reachable.

origin_log

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
610 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 23,911 Reputation points Microsoft Employee
    2024-01-04T20:05:21.9633333+00:00

    @KBadejo

    Thank you for reaching out.

    I understand you have a single App Service as a backend of your Azure Front Door and in the Health probe logs you keep getting result: OriginError with a 301 status code as well.

    I think this is expected because for Azure Front Door Healthprobe as documented here a 200 OK status code indicates the origin is healthy. Any other status code is considered a failure. As the health probe is getting a 301 response hence the backend is marked as unavailable.

    A quick fix here will be to change the path of the health probe which will return a 200 response when the App Service is healthy.

    User's image

    As per the best practices document here It's usually a good idea to monitor a webpage or location that you specifically design for health monitoring. Your application logic can consider the status of all of the critical components required to serve production traffic including application servers, databases, and caches.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. Boris Von Dahle 3,121 Reputation points
    2024-01-04T21:59:48.16+00:00

    Hello,

    The issue you're experiencing with Azure Front Door showing a Backend Unavailable error, even when the backend is reachable, could be caused by several factors :

    A 301 status code indicates a permanent redirect. It's possible that the health probe is being redirected, which could cause the OriginError. Please check your App Service's configuration and any rewrite rules to ensure that the health probe endpoint isn't being redirected.

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/301

    Also Azure uses 168.63.129.16 IP address to perform health probes and other essential infrastructure interactions.
    Ensure that your Network Security Groups (NSGs) and any firewalls are configured to allow traffic from this IP address. Blocking or not properly handling requests from 168.63.129.16 can lead to Azure misinterpreting the health and availability of your resources.

    https://learn.microsoft.com/en-us/azure/virtual-network/what-is-ip-address-168-63-129-16

    Fnally Azure Monitor and Azure Application Insights can provide detailed logs that might help in identifying the cause of the issue.

    Regards

    If you found this answer useful, please consider marking it as 'Accepted.' This helps other users easily find and benefit from this information

    0 comments