Application Proxy Connector will not run: failed to establish connection with the service.

Valerie Gauthier 6 Reputation points
2020-06-17T14:28:47.677+00:00

I am running a Windows 2019 virtual server for my Application Proxy connector. I have been able to register the connector with Azure AD, but it is in an inactive state and I cannot get the connector service to run. Event Viewer is giving Error ID 12015 "The connector failed to establish connection with the service."

I have verified that ports 80 and 443 are open and configured for outbound connectivity in the firewall. Also, no URLs are blocked. As a troubleshooting step, I have also disabled the firewall altogether but still cannot get the service to run.

Any suggestions on what is preventing this service from running?

Valerie

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2020-06-25T16:14:25.56+00:00

    I was able to look into your issue and will post my findings below.

    Event ID: 12015
    Description: The Connector failed to establish connection with the service

    Cause: This failure is caused when the required URL access outbound from the connector is not allowed.

    Troubleshooting steps:

    1. Based off your post, it looks like you confirmed the required ports and URLs weren't blocked. However, would you be able to re-confirm/ensure that all the required ports and service URL's are open, outbound from the connector. Ports, URLs, and pre-requisites.
      -Outbound ports 80 and 443 from the connector service to the App Proxy Service need to be open.
      -Access to the following URLs needs to be allowed. For the complete list please reference the above link:
      Msappproxy.net
      Servicebus.windows.net
      Login.windows.net
      Login.microsoftonline.com
      mscrl.microsoft.com:80
      crl.microsoft.com:80
      ocsp.msocsp.com:80
      www.microsoft.com:80
    2. If you're using an on-premises proxy, ensure it's configured correctly - https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy
    3. If your configuration is correct you can collect a network trace while starting the connector service, to review and see what URL or Port the access is failing at.
      -Stop the Microsoft Azure App Proxy Connector Service
      -From an Admin CMD run: netsh trace start capture=yes
      -Run the following command: ipconfig /flushdns
      -Start the Microsoft Azure App Proxy Connector Service
      -From an Admin CMD run: netsh trace stop

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.