Share via

Trouble connecting Foundry agent to MCP server behind APIM

Elise Mjoen 0 Reputation points
2026-03-18T09:43:34.9533333+00:00

I'm having consistent problems connecting my Microsoft Foundry agent to an MCP server that was created from API Management (APIM) by exposing another REST-API in APIM in Azure. Every time the agent tries to fetch data from the MCP server, the request fails with the following error message:

“The server had an error processing your request. Sorry about that! You can retry your request, or contact us through an Azure support request at: https://go.microsoft.com/fwlink/?linkid=2213926 if you keep seeing this error. (Please include the request ID f9774a65-a4a6-4d7a-9039-246ac920abe2.)”

I do not have an Azure Support plan, so I’m unable to open a support ticket, but I hope someone here can help me. What could be possible causes to my problem? How can I solve it?

Setup details: The REST-API was exposed as a MCP server by clicking that button in the Azure portal. I have not added any policies to the MCP Server, but I have checked the subscription required-box. I added the MCP Server in Foundry by clicking Tools -> Connect a tool -> Custom -> Model Context Protocol (MCP). There, I pasted the server url, chose key-based authentication and provided the Ocp-Apim-Subscription-Key and the x-api-key for the original REST-API (unsure if this key is necessary or not).

Foundry Tools
Foundry Tools

Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jorre De Backer 5 Reputation points
    2026-03-18T15:44:35.0566667+00:00

    A couple of things I would check first:

    • Remove the x-api-key, having both that and Ocp-Apim-Subscription-Key can cause issues since APIM only needs the subscription key.
    • Also, add a CORS policy to your APIM MCP server without it Foundry's requests can get blocked silently because they're coming from a different domain.
      • APIM → APIs → your MCP server → Policies and add a basic inbound CORS policy allowing all origins. You can tighten it down to specific origins once it's working.
      https://learn.microsoft.com/en-us/azure/api-management/cors-policy
      The block below can be added to alow Foundry's specific domain
      User's image

    1 person found this answer helpful.
  2. Karnam Venkata Rajeswari 1,475 Reputation points Microsoft External Staff Moderator
    2026-03-27T10:23:21.51+00:00

    Hello Elise Mjoen,

    Welcome to Microsoft Q&A and Thank you for reaching out.

    In addition to inputs given by Jorre De Backer, please see if the following helps

    The connectivity failure between the Azure AI Foundry agent and the MCP server exposed through Azure API Management indicates a gateway‑level request handling issue rather than a model or agent limitation.

    The error message reflects that the request could not be processed successfully by the API Management layer before reaching the backend REST API. This behavior is commonly observed when endpoint configuration, authentication handling, or streaming support is not fully aligned with MCP invocation requirements.

    The following might be the reason for the observed behaviour

    1. Incorrect MCP endpoint usage -exposing a REST API as an MCP server creates multiple endpoints such as /tools, /mcp, and /sse.Using the wrong endpoint path can lead to 404, 405, or generic 500‑class errors during invocation.
    2. Conflicting authentication headers - when subscription enforcement is enabled in API Management, only one subscription key is expected. Passing both Ocp-Apim-Subscription-Key and an additional backend key can cause request validation failures at the gateway.
    3. Missing CORS configuration-MCP tool calls originate from a different domain than the API gateway. Without a configured CORS policy, API Management may block preflight or runtime requests, resulting in silent or generic errors.
    4. Response buffering or payload inspection-Streaming MCP calls can fail if API Management buffers responses or inspects payloads.Such policies can interrupt streaming behavior and cause timeouts or processing errors.
    5. Networking constraints in VNET deployments- for API Management deployed inside a virtual network, DNS resolution and outbound connectivity must be permitted. Routing or DNS misconfigurations can lead to intermittent or consistent connection failures.
    6. Complex MCP tool schema-highly complex or deeply nested schemas increase processing time during /tools discovery. This can result in schema retrieval timeouts or failures before tool invocation.
    7. Lack of systematic validation and testing-without manual testing of /tools and /mcp, gateway‑level issues can remain undetected. Diagnostics and incremental testing help isolate whether failures occur at the gateway, network, or schema level.

    Please check if the following troubleshooting steps help –

    1.Please confirm the correct MCP endpoint

    • Use the /mcp endpoint for standard MCP invocation.
    • Use /sse only when Server‑Sent Events are required.
    • Use /tools only for schema validation and testing.

    2.Consider simplifying the authentication

    • Retain only the API Management subscription key: Ocp-Apim-Subscription-Key
    • Remove additional backend keys such as x-api-key from the MCP tool configuration unless explicitly handled within API Management policies.

    3.Configure CORS in API Management

    • Please add a CORS policy in the inbound section at API or operation scope.
    • Start with a permissive policy to validate connectivity, then restrict origins as needed.

    4.Review and disable response buffering

    • Check inbound and outbound policies for buffering, content validation, or payload logging.
    • Remove or disable these policies for streaming MCP endpoints.

    5. Validate endpoints manually

    • Test GET /tools using curl or Postman to confirm schema retrieval.
    • Test POST /mcp with a minimal payload.
    • Enable API Management diagnostics to capture detailed request and error information. 

    6.If applicable , kindly review VNET connectivity

    • Confirm DNS resolution for the API Management hostname.
    • Ensure outbound traffic from the virtual network to the API Management endpoint is permitted.

    7.Simplify MCP schema if needed

    • Temporarily reduce schema complexity to identify problematic operations or definitions.

     

    References:

    Overview of MCP servers in Azure API Management | Microsoft Learn

    Connect to MCP Server Endpoints for agents - Microsoft Foundry | Microsoft Learn

    Azure API Management policy reference - cors | Microsoft Learn

    Model Context Protocol (MCP): Integrating Azure OpenAI for Enhanced Tool Integration and Prompting | Microsoft Community Hub

    Thank you!

    Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.

     

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.