question

ValerieGauthier-5445 avatar image
0 Votes"
ValerieGauthier-5445 asked WillFulmer published

Application Proxy Connector will not run: failed to establish connection with the service.

I am running a Windows 2019 virtual server for my Application Proxy connector. I have been able to register the connector with Azure AD, but it is in an inactive state and I cannot get the connector service to run. Event Viewer is giving Error ID 12015 "The connector failed to establish connection with the service."

I have verified that ports 80 and 443 are open and configured for outbound connectivity in the firewall. Also, no URLs are blocked. As a troubleshooting step, I have also disabled the firewall altogether but still cannot get the service to run.

Any suggestions on what is preventing this service from running?

Valerie

azure-ad-application-proxy
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered WillFulmer published

I was able to look into your issue and will post my findings below.

Event ID: 12015
Description: The Connector failed to establish connection with the service

Cause: This failure is caused when the required URL access outbound from the connector is not allowed.

Troubleshooting steps:

  1. Based off your post, it looks like you confirmed the required ports and URLs weren't blocked. However, would you be able to re-confirm/ensure that all the required ports and service URL's are open, outbound from the connector. Ports, URLs, and pre-requisites.
    -Outbound ports 80 and 443 from the connector service to the App Proxy Service need to be open.
    -Access to the following URLs needs to be allowed. For the complete list please reference the above link:
    Msappproxy.net
    Servicebus.windows.net
    Login.windows.net
    Login.microsoftonline.com
    mscrl.microsoft.com:80
    crl.microsoft.com:80
    ocsp.msocsp.com:80
    www.microsoft.com:80

  2. If you're using an on-premises proxy, ensure it's configured correctly - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy

  3. If your configuration is correct you can collect a network trace while starting the connector service, to review and see what URL or Port the access is failing at.
    -Stop the Microsoft Azure App Proxy Connector Service
    -From an Admin CMD run: netsh trace start capture=yes
    -Run the following command: ipconfig /flushdns
    -Start the Microsoft Azure App Proxy Connector Service
    -From an Admin CMD run: netsh trace stop


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?


If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·

@JamesTran-MSFT - Current situation with one of my customers as well. Are you able to provide any other insight?

0 Votes 0 ·