If only 443 is unhealthy, it's likely an issue with SSL. You can verify the health of the backends on ports 80 and 443. If the backend is unhealthy because of a certificate failure, a 503 error message is returned.If the web app is configured as IP based, it should be changed to SNI. Check if the Azure web app is configured with IP-based SSL instead of being SNI based.The backend pool is an Azure Web Apps server: EnforceCertificateNameCheck must be disabled.The returned certificate must match the FQDN.To resolve this issue, you have two options: The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool. In the portal, use a toggle button to turn this setting on or off in the Azure Front Door (classic) Design pane.įor Azure Front Door Standard and Premium tier, this setting can be found in the origin settings when you add an origin to an origin group or configuring a route. How to disable EnforceCertificateNameCheck from the Azure portal: When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension. The backend pool is an Azure Web Apps server.ĮnforceCertificateNameCheck must be disabled.Īzure Front Door has a switch called EnforceCertificateNameCheck.The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool.The cause of this problem can be one of three things: Going via Azure Front Door results in 503 error responses. Regular requests sent to your backend without going through Azure Front Door are succeeding.Any 503 responses are returned only for Azure Front Door HTTPS-enabled endpoints.The second option is to create a rules set rule to remove Accept-Encoding from the request for byte range requests.ĥ03 responses from Azure Front Door only for HTTPS Symptom The first option is to disable compression on the origin or Azure Front Door. If the client is sending byte range requests with Accept-Encoding headers, you have two options. Using this option leads to the origin responding with different content lengths. If increasing the timeout doesn't resolve the issue, use a tool like Fiddler or your browser's developer tool to check if the client is sending byte range requests with Accept-Encoding headers. Select Origin response timeout and enter a value between 16 and 240 seconds. To configure the setting, go to overview page of the Front Door profile. You can increase the default timeout to up to 4 minutes (240 seconds). If requests going through Azure Front Door result in a 503 error response code then configure the Origin response timeout for Azure Front Door. Create a support request to troubleshoot the issue further. If not, the problem may not be a timeout issue. Send the request through Azure Front Door and see if you're getting any 503 responses. See how long your origin normally takes to respond. Send the request to your origin directly without going through Azure Front Door. ![]() The client sent a byte range request with an Accept-Encoding header, which means compression is enabled.The time it takes to send a response to the request from Azure Front Door is taking longer than the timeout value. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |