Application Proxy Connector will not run: failed to establish connection with the service.

Valerie Gauthier 1 Reputation point
2020-06-17T14:28:47.677+00:00

I am running a Windows 2019 virtual server for my Application Proxy connector. I have been able to register the connector with Azure AD, but it is in an inactive state and I cannot get the connector service to run. Event Viewer is giving Error ID 12015 "The connector failed to establish connection with the service."

I have verified that ports 80 and 443 are open and configured for outbound connectivity in the firewall. Also, no URLs are blocked. As a troubleshooting step, I have also disabled the firewall altogether but still cannot get the service to run.

Any suggestions on what is preventing this service from running?

Valerie

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,426 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,361 Reputation points Microsoft Employee
    2020-06-25T16:14:25.56+00:00

    I was able to look into your issue and will post my findings below.

    Event ID: 12015
    Description: The Connector failed to establish connection with the service

    Cause: This failure is caused when the required URL access outbound from the connector is not allowed.

    Troubleshooting steps:

    1. Based off your post, it looks like you confirmed the required ports and URLs weren't blocked. However, would you be able to re-confirm/ensure that all the required ports and service URL's are open, outbound from the connector. Ports, URLs, and pre-requisites.
      -Outbound ports 80 and 443 from the connector service to the App Proxy Service need to be open.
      -Access to the following URLs needs to be allowed. For the complete list please reference the above link:
      Msappproxy.net
      Servicebus.windows.net
      Login.windows.net
      Login.microsoftonline.com
      mscrl.microsoft.com:80
      crl.microsoft.com:80
      ocsp.msocsp.com:80
      www.microsoft.com:80
    2. If you're using an on-premises proxy, ensure it's configured correctly - https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy
    3. If your configuration is correct you can collect a network trace while starting the connector service, to review and see what URL or Port the access is failing at.
      -Stop the Microsoft Azure App Proxy Connector Service
      -From an Admin CMD run: netsh trace start capture=yes
      -Run the following command: ipconfig /flushdns
      -Start the Microsoft Azure App Proxy Connector Service
      -From an Admin CMD run: netsh trace stop