Function App Service Bus Trigger Not Firing

Question

This is for my function app v0-AdminAPI-funcapp
For about 6 months this was working, with no change to the azure environment at all, no redeploy or anything, at about midnight on 2/14/2026 a service bus triggered function stopped firing. Messages in the queue just sit and are never delivered. Other things can post to the service bus queue just fine. I redeployed everything, new resource group and all, but that did not fix it, all config is the same as it was for 6 months when it was working.

Did something change on 2/14/2026?
How do I make it work again?

Answer 1

Hi @JAMES MCCLELLAN

Thank you for reaching out to Microsoft Q&A.

From the details shared, the issue appears to be caused by two main factors:

1. Outdated Azure Functions extensions (ServiceBus / EventGrid), and
2. Automatic regeneration of Function or Host keys, which can break Service Bus trigger authentication.

When a Function App uses API key–based authorization, any regeneration of function keys or host keys invalidates the previously configured key used by the Service Bus trigger or downstream clients. As seen in the Activity Logs, some key regeneration events were triggered by the system, not manually by the user. This typically happens due to extension upgrades, storage secret regeneration, Data Protection key changes, or key storage cleanup policies. As a result, the Service Bus trigger stops firing because it can no longer authenticate using the old key.

Additionally, the Function App is running older versions of the ServiceBus and EventGrid extensions, while newer versions are available. Older extensions are more prone to trigger and key‑management issues, especially when identity-based authentication support is available but not fully leveraged.

Refer below points to resolve this issue or use them as a workaround

1. Update the Azure Functions extensions to the latest version

The Function App is currently using older ServiceBus and EventGrid extension versions.

Upgrade the extensions using NuGet (for .NET apps) or by updating the extension bundle version in host.json (for non-.NET apps).

Latest extension versions include stability fixes and improvements around trigger reliability and secret handling.

After upgrading, restart the Function App to ensure the new bindings are loaded.

This helps reduce unexpected trigger failures and system‑initiated key regeneration.

2. Use Managed Identity instead of Function Keys (Recommended)

To permanently avoid issues caused by key regeneration:

Enable System‑Assigned Managed Identity on the Function App.

Grant the identity appropriate Azure Service Bus roles (for example, Azure Service Bus Data Receiver).

Update the Service Bus trigger configuration to use identity-based authentication instead of keys.

This removes dependency on function keys entirely and prevents trigger failures due to key changes.

3. Prevent unintentional key regeneration and monitor key changes

While function keys cannot be completely locked from regeneration, you can minimize and track changes:

Avoid manual PUT/POST/DELETE operations on the Key Management API.

Do not modify or delete files under azure-webjobs-secrets in storage.

Ensure there is no Blob Lifecycle Management policy that deletes secrets.

If Key Vault is used, do not rotate secrets without updating dependent services.

To track key changes:

Navigate to Function App → Activity Logs

Review Function Key and Host Key Change Events to identify whether the action was triggered by a user or the system.

This helps identify the exact cause and timing of key regeneration.

4. Manually update clients if key-based authentication is still used

If Managed Identity cannot be adopted immediately:

Regenerate the required function key once.

Update all dependent clients and triggers with the new key.

Validate trigger execution after updating the configuration.