We are using Intapp Time via Azure Application Proxy currently. There's a mobile app that uses the external URL from App proxy to communicate with an internal http webserver address. This has been working fine.
We're switching the webserver to TLS 1.2 https though, I've confirmed the certificates are working fine both in a browser and the internal desktop application works fine with this.
When I change the application proxy to the https address (literally the same address, just adding the "s") the mobile application now fails with a generic 502 Bad Gateway.
To confirm this is application proxy, I setup a vpn on the mobile in to our environment and got it to connect directly to the https web server address and this worked fine, but I can't use this as a workaround as we must use Azure Application Proxy for our users.
The only clue I have found on the internal Azure proxy connector server is it has a warning message whenever I try to run the mobile app over https, this warning doesn't show when using http (external URL changed for security reasons):
Connection to the backend server failed. Error: (0x80072f00).
Details:
Transaction ID: {29f3e2bd-7af0-4528-bf7b-6d0cb8110cce}
Session ID: {29f3e2bd-7af0-4528-bf7b-6d0cb8110cce}
Published Application Name:
Published Application ID:
Published Application External URL: https://MyExternalURL.msappproxy.net/
Published Backend URL: https://InternalServer.testdomain.local/
User: <Unknown>
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; IN2023 Build/QKQ1.191222.002)
Device ID: <Not Applicable>
Token State: NotFound
Cookie State: NotFound
Client Request URL: https://MyExternalURL.msappproxy.net/mobile/Register
Backend Request URL: https://InternalServer.testdomain.local/mobile/Register
Preauthentication Flow: PassThrough
Backend Server Authentication Mode: PassThrough
State Machine State: BEHeadersReading
Response Code to Client: <Not Applicable>
Response Message to Client: <Not Applicable>
Client Certificate Issuer: <Not Found>
Response Code from Backend: <Not Applicable>
Frontend Response Location Header: <Not Applicable>
Backend Response Location Header: <Not Applicable>
Backend Request Http Verb: POST
Client Request Http Verb: POST
https://InternalServer.testdomain.local/mobile/Register is some kind of api call to the web server, looking in Intapp Time webserver internally it is successfully registering the device, and I can't see any errors on the webserver. I've engaged their engineers for support but the only clue seems to be the connector servers where we still get that above warning message, and on the mobile app with it's generic 502 error.
I can successfully browse the https://MyExternalURL.msappproxy.net/mobile/ URL from the smartphone's browser so clearly some of the app proxy is working, but this looks like maybe an internal communication problem.
I've tried disabling windows firewall, I've tried session logging on app proxy, I've tried the systems diagnostics change to the app proxy config file. I can't find any other useful messages being logged.
All suggestions welcome on this one
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 54%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDT%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
