Resolving Application Gateway frontend listener that is not listening
This scenario is what I actually encountered and took me a few hours to understand, troubleshoot and resolve it. There was an Azure Application Gateway that did not had any configuration changes for the past few months. Although there were some Network Security Groups (NSGs) rule changes to the Virtual Network (VNet) subnet where the Application Gateway is connected, it might have caused the issue and the frontend listener stopped listening.
Scenario
What are those conditions?
- The Application Gateway has always been working fine without issue until now
- No configuration change was applied to the Application Gateway recently
- Application Gateway Health Status is still showing Healthy state
↑Top
Problem
What is the current issue?
- Discover Application Gateway Frontend Listener is not listening or responding
↑Top
What is needed to resolve this with minimal impact or change?
This is how I try resolving the Application Gateway Frontend Listener issue.
Find out Application Gateway Frontend IP Configuration
Firstly when someone escalate to you a problem with their website, I will have to find out where it is hosted and what is the IP address that is related to the URL.
↑Top
AzCLI
In this section, I will demonstrate an example on how to find out the Application Gateway’s frontend IP address using AzCLI.
1
2
3
az network application-gateway frontend-ip list \
-g '$RESOURCE_GROUP_NAME' \
--gateway-name '$APPLICATION_GATEWAY_NAME'
Once the command is executed, it will return the following similar output below where you can identify the IP address allocated to the Application Gateway’s frontend IP configuration.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-application-gateway/providers/Microsoft.Network/applicationGateways/appgateway-webapp/frontendIPConfigurations/appgateway-frontend-private-ip",
"name": "appgateway-frontend-private-ip",
"privateIpAddress": "10.0.0.10",
"privateIpAllocationMethod": "Static",
"provisioningState": "Succeeded",
"publicIpAddress": null,
"resourceGroup": "rg-application-gateway",
"subnet": {
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-vnet-intranet/providers/Microsoft.Network/virtualNetworks/vnet-intranet/subnets/sub-intranet-loadbalancer",
"resourceGroup": "rg-vnet-intranet"
},
"type": "Microsoft.Network/applicationGateways/frontendIPConfigurations"
}
↑Top
PowerShell
In this section, I will demonstrate an example on how to find out the Application Gateway’s frontend IP address using PowerShell Az module.
1
2
3
4
Get-AzApplicationGatewayFrontendIPConfig `
-ApplicationGateway (Get-AzApplicationGateway `
-Name "$APPLICATION_GATEWAY_NAME" `
-ResourceGroupName "$RESOURCE_GROUP_NAME") ;
Once the command is executed, it will return the following similar output below where you can identify the IP address allocated to the Application Gateway’s frontend IP configuration.
1
2
3
4
5
6
7
8
9
10
11
12
13
PrivateIPAddress : 10.0.0.10
PrivateIPAllocationMethod : Static
Subnet : Microsoft.Azure.Commands.Network.Models.PSResourceId
PublicIPAddress :
ProvisioningState : Succeeded
Type : Microsoft.Network/applicationGateways/frontendIPConfigurations
SubnetText : {
"Id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-vnet-intranet/providers/Microsoft.Network/virtualNetworks/vnet-intranet/subnets/sub-intranet-loadbalancer"
}
PublicIpAddressText : null
Name : appgateway-frontend-private-ip
Etag : W/"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/rg-application-gateway/providers/Microsoft.Network/applicationGateways/appgateway-webapp/frontendIPConfigurations/appgateway-frontend-private-ip
↑Top
Test the IP Address is listening or responding
You can try to use a web browser to launch the website using the IP Address
<http://10.0.0.10/
> or try using curl
command from a Linux machine from
Bash
.
1
curl 10.0.0.10
In the example if the Application Gateway’s frontend IP address listener is not
working, you will encounter the following similar output from the curl
command below.
1
curl: (7) Failed to connect to 10.0.0.10 port 80: Connection timed out
↑Top
Resolving the issue without making any configuration change
Since Application Gateway is offered as an Azure PaaS type of service, there isn’t a reboot/restart button on the portal. Although technically we know that it must be system instance (or VM) behind the scene, it is an offering that provides scalability and my Application Gateway has 2 instances.
Since there are 2 instances, the frontend IP address is a virtual IP (VIP),
therefore the 2 instances will have their own IP addresses too. I probe the
subnet remaining IP addresses for the 2 instance’s IP addresses and found out
that it is using (Eg. 10.0.0.2
and 10.0.0.3
). When I initiated the
curl
command on 10.0.0.2
and 10.0.0.3
, there is a response back with the
website content.
But I still could not get the frontend IP address to work and I know that a restart of the Application Gateway is required.
↑Top
AzCLI
In this section, I will demonstrate an example on how to restart an Application Gateway using AzCLI. Firstly, you will need to manually stop the Application Gateway with the command below.
1
2
3
az network application-gateway stop \
-g 'gt-gccs-azuredashboard-iz-app' \
-n 'appgateway-gcc-azure-dashboard'
Once the Application Gateway has stopped, you will need to manually start the Application Gateway with the command below.
1
2
3
az network application-gateway start \
-g 'gt-gccs-azuredashboard-iz-app' \
-n 'appgateway-gcc-azure-dashboard'
↑Top
PowerShell
In this section, I will demonstrate an example on how to restart an Application Gateway using Az PowerShell module. Firstly, you will need to manually stop the Application Gateway with the command below.
1
2
3
4
Stop-AzApplicationGateway `
-ApplicationGateway (Get-AzApplicationGateway `
-Name "$APPLICATION_GATEWAY_NAME" `
-ResourceGroupName "$RESOURCE_GROUP_NAME") ;
Once the Application Gateway has stopped, you will need to manually start the Application Gateway with the command below.
1
2
3
4
Start-AzApplicationGateway `
-ApplicationGateway (Get-AzApplicationGateway `
-Name "$APPLICATION_GATEWAY_NAME" `
-ResourceGroupName "$RESOURCE_GROUP_NAME") ;
↑Top
Resolving the issue with minor configuration change
Although this method is not the best recommended solution because configuration changes must be made.
But if you don’t really have the luxury to use the AzCLI or Az PowerShell module except through the Azure Portal, this is the only method to restart the Application Gateway with minimal changes without making any major functionality configuration change that may impact the loadbalancing functionality.
To do this on the Azure Portal:
- Launch Azure Portal
- Locate your Application Gateway resource
- Navigate to Settings -> Configuration
- Modify the Instance Count (Eg. Change from 2 instances to 1 instance)
- Select Save
This will cause a restart of Application Gateway. Once the Application Gateway completed updating configuration, you will need to repeat the steps 4 and 5 above to modify the Instance Count back to the original value (Eg. Change from 1 instance to 2 instances).
Until Microsoft decided to add a Restart button on the Azure Portal for Application Gateway, this might be the only way to restart it using the portal.
↑Top
References
- Microsoft Docs - az network application-gateway frontend-ip list
- Microsoft Docs - Get-AzApplicationGatewayFrontendIPConfig
- Microsoft Docs - az network application-gateway start
- Microsoft Docs - az network application-gateway stop
- Microsoft Docs - Start-AzApplicationGateway
- Microsoft Docs - Stop-AzApplicationGateway
↑Top
Related Books
↑Top