Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,446 questions
Azure API Failed to call Backend Logic App - HTTPS 500 - Authentication Failed because the remote party has closed the transport stream
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 5%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Taranjeet Malik
571
Reputation points
Hi Community
We're dealing with the following issue and seek some guidance on how to resolve it:
Environment Setup: An APIM Gateway deployed in Internal VNet mode and a backed-end Logic App that’s only Private Endpoint enabled (no Public connectivity) deployed within a VNet. Both the APIM Gateway and Logic Apps are in their own subnet, and there’s a dedicated Private Endpoint Subnet that hosts Private Endpoint for the Logic App. All three subnets have Network Security Groups (NSGs) and we’ve allowed the following traffic between these endpoints:
1. Outbound rule in the NSG linked to APIM subnet to allow the whole subnet to be able to send TCP 443 (HTTPS) traffic to Private Endpoint subnet of the Logic App.
2. Inbound rule in the NSG linked to the Private Endpoint subnet of the Logic App to allow APIM subnet to be able to send TCP 443 (HTTPS) traffic through PE to Logic App.
3. Outbound rule in NSG linked to Logic App subnet to allow the whole subnet to be able to send TCP 443 (HTTPS) traffic to APIM Gateway subnet.
4. Inbound rule in NSG linked to the APIM subnet to allow the whole Logic App subnet to be able to send TCP 443 (HTTPS) traffic to APIM Gateway subnet.
We use custom DNS server configuration on the VNet – our custom DNS has forwarding configured to Azure Private DNS Resolver for Private Endpoint name resolution.
Expected Traffic Flow: The APIM Gateway hosts an API (say FAPI). This API is the entry point into our Azure platform (will be used by potential consumers) and it invokes the Logic App workflow (through Private Endpoint) configured as backed to this API. This Logic App workflow, in turn calls another API (say TAPI) hosted on our API Gateway, which is configured to call a remote (publisher) API.
Problem Summary: We’re able to successfully invoke the Logic App Workflows directly (using CURL command from KUDU console of Logic App or from a VM serial console within the APIM subnet). However, when we trigger the full workflow, i.e., when we call FAPI and it calls the back-end Logic App, we receive the following error in API Gateway Logs:
HTTP 500 error (Authentication Failed because the remote party has closed the transport stream).
Give the environment, what are some the potential issues envisaged and suggested troubleshooting steps please?
Thanks
Taranjeet Singh
Azure API Management
Sign in to answer