Share via

Front Door FDN degraded for days—health probes failing despite healthy origins

devwa 0 Reputation points
2026-03-04T14:01:55.5433333+00:00

Since several days ago (alerts visible in Azure Portal health reports), our Azure Front Door profile shows "FDN degraded: We have identified an issue with your Front Door/CDN setup."

The health events declare it is an issue being worked on: "We are sorry, your Front Door/CDN profile may be experiencing problems. We're working to determine and address the source of the problem. No additional action is required from you at this time."

There are indeed issues accessing resources in our web apps.

Front Door ID: 8c4bxxxxxx06b156f6d284

Azure Front Door
Azure Front Door

An Azure service that provides a cloud content delivery network with threat protection.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vallepu Venkateswarlu 7,000 Reputation points Microsoft External Staff Moderator
    2026-03-04T15:35:30.9+00:00

    Hi @ devwa,

    Welcome to Microsoft Q&A Platform.

    Sorry you’ve been hitting that “FDN degraded” alert for days

    Please verify the below steps from your end.

    1. Verify your health-probe configuration • In your Front Door (Standard/Premium) resource, under Backend Pools → Origin Groups → Health Probes, confirm: – Protocol (HTTP vs. HTTPS) and port match your origin’s listening endpoint – Probe path returns a simple 200 OK (no auth redirects or 404s) – Probe method (GET vs. HEAD)—HEAD is preferred to reduce load – Interval, timeout, SampleSize, and SuccessfulSamplesRequired settings aren’t too aggressive • If you only have one origin, you can consider disabling health probes to avoid false failures.
    2. Check health probe logs & backend health • Enable diagnostic logs for Front Door and filter on HealthProbeLog. Look at: – Result (timeout, DNS error, HTTP status code) – POP (which edge location is failing) – TotalLatency and ConnectionLatency (to catch network/DNS issues) • In the portal’s Backend health blade, see which origins or regions are marked unhealthy and note the timestamps.
    3. Validate origin reachability • From a public internet client or VM, curl the probe endpoint exactly (same host header, path, port) to ensure it’s reachable and returns 200. • Review your app logs or monitoring for any errors at the time of probes. • Confirm any firewall, NSG or WAF rules allow traffic from Azure Front Door IP ranges.
    4. Use built-in diagnostics & metrics • Capture a RefString (X-Azure-Ref header) from a failed request and run the built-in RefString diagnostic in Front Door diagnostics. • Check Azure Status and Service Health for any ongoing Front Door incidents. • Review load-balancing settings—if SampleSize is high but your origin is slow to boot or respond, you can reduce it.

    Please210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.