This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 27%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Hi Team
I’ve hosted an internal APIM instance within a subnet of a VNET and integrated it with Application Gateway in same VNET but different subnet.
Later Configured custom domains on APIM,
then Configured Application Gateway for all the necessary configuration to expose Dev portal and APIM gateway securely over internet with end to end SSL.
It works Perfectly. I'm able to consume APIs and Azure Functions and any resources within the cloud successfully including SOAP services hosted using azure websites.
I later setup a VM into another subnet of same VNET and hosted a sample WCF application , registered it with a pvt dns zone , dns resolution is successful and browsable from within the same VNet as well other peered VNET making it available within all my VNETs
All the four artefacts
i.e Application Gateway,
APIM internal Instance
Private DNS Zone
Virtual Machines.
are part of same VNET but different Subnets.
When I exported the singleWSDL file and uploaded it to the APIM instance while adding an API , it populated all SOAP functions successfully even the back-end URL was correctly imported to be the Private DNS Url.
Then explicitly I configured the gateway cred as client cert which I previously uploaded to APIM as pfx.
Despite all that configuration APIM is unable to make the request to the IIS service via private dns. Below is the error.
forward-request (73.031 ms)
{
"messages": [
"Error occured while calling backend service.",
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.",
"The remote certificate is invalid according to the validation procedure."
]
}
and then I tried everything without private DNS and security i.e over HTTP and still faced issue.
{
"source": "forward-request",
"timestamp": "2020-09-10T19:04:42.7543916Z",
"elapsed": "00:00:21.0158745",
"data": {
"messages": [
"Unable to connect to the remote server",
"Error occured while calling backend service.",
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.1.0.69:5656"
]
}
}
Can you please suggest me how so to make it work?
Regards
Gaurav
Hi @Anonymous
Looking into the exception message I see that you have shared a part of the Ocp-Apim-Trace for the source "forward-request" looks like the APIM was not able to establish the connection with the backend service. I wish to engage with you offline for a closer look and provide quick and specialized assistance, please send an email with the subject line “Attn: Mayank” to AzCommunity[at]Microsoft[dot]com referencing this thread along with the subscription ID, APIM details and Ocp-Apim-Trace.
Hi @Anonymous
Want to touch base and see if you have looked into my previous comment. Feel free to reach out to me offline for quick assistance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 34%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Apologies for the question here, but do you have an update on this issue? I am running into the same issue trying to push the API traffic from the appgateway to the APIM then to the IIS API. All trying to accomplish Mutual Cert Auth.
Thank you!!
Chris