docs.azure.cn
Open in
urlscan Pro
2620:1ec:40::45
Public Scan
URL:
https://docs.azure.cn/en-us/application-gateway/disabled-listeners
Submission: On June 10 via api from US — Scanned from DE
Submission: On June 10 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="feedback-verbatim-form width-250-tablet" data-feedback-verbatim-form="" id="main-page-rating-container">
<div class="binary-rating-buttons">
<h3 id="binary-rating-heading" class="font-weight-semibold margin-top-none margin-bottom-xs font-size-h5 has-caret">Is this page helpful?</h3>
<div class="buttons">
<button class="thumb-rating like margin-right-xxs button button-clear button-sm" data-binary-rating-response="rating-yes" title="Yes" type="button" data-bi-name="rating-yes" data-bi-sat="1">
<span aria-hidden="true" class="icon docon docon-like"></span>
<span>Yes</span>
</button>
<button class="thumb-rating dislike button button-clear button-sm" data-binary-rating-response="rating-no" title="No" data-bi-name="rating-no" type="button" data-bi-sat="0">
<span aria-hidden="true" class="icon docon docon-dislike"></span>
<span>No</span>
</button>
</div>
</div>
<div id="binary-verbatim-container" class="font-size-xs margin-top-xs">
<div class="verbatim-textarea">
<label for="binary-rating-textarea" class="visually-hidden"> Any additional feedback? </label>
<textarea id="binary-rating-textarea" data-binary-rating-text="" rows="4" maxlength="999" placeholder="Any additional feedback?" class="textarea has-inner-focus"></textarea>
</div>
<p class="has-line-height-reset">Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
<a href="https://privacy.microsoft.com/en-us/privacystatement">Privacy policy.</a></p>
<div class="buttons buttons-right margin-top-xs margin-right-xxs">
<button class="submit-rating button button-primary button-filled button-sm" data-bi-name="rating-verbatim" data-binary-rating-submit="" type="submit" disabled="">Submit</button>
</div>
</div>
</form>Text Content
Skip to main content
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security
updates, and technical support.
Download Microsoft Edge More info
Table of contents Exit focus mode
Read in English
Table of contents Read in English Edit
Table of contents
IDENTIFYING AND FIXING A DISABLED LISTENER ON YOUR GATEWAY
* Article
* 05/27/2022
* 2 minutes to read
* 3 contributors
IS THIS PAGE HELPFUL?
Yes No
Any additional feedback?
Feedback will be sent to Microsoft: By pressing the submit button, your feedback
will be used to improve Microsoft products and services. Privacy policy.
Submit
Thank you.
IN THIS ARTICLE
The SSL/TLS certificates for Azure Application Gateway’s listeners can be
referenced from a customer’s Key Vault resource. Your application gateway must
always have access to such linked key vault resource and its certificate object
to ensure smooth operations of the TLS termination feature and the overall
health of the gateway resource.
It is important to consider any impact on your Application Gateway resource when
making changes or revoking access to your Key Vault resource. In case your
application gateway is unable to access the associated key vault or locate its
certificate object, it will automatically put that listener in a disabled state.
The action is triggered only in the case of configuration errors. Transient
connectivity problems do not have any impact on the listeners.
A disabled listener doesn’t affect the traffic for other operational listeners
on your Application Gateway. For example, the HTTP listeners or HTTPS listeners
for which PFX certificate file is directly uploaded on Application Gateway
resource will never go in a disabled state.
PERIODIC CHECK AND ITS IMPACT ON LISTENERS
Understanding the behavior of the Application Gateway’s periodic check and its
potential impact on the state of a key vault-based listener could help you to
preempt such occurrences or resolve them much faster.
HOW DOES THE PERIODIC CHECK WORK?
1. Application Gateway instances periodically poll the key vault resource to
obtain a new certificate version.
2. During this activity, if the instances instead detect a broken access to the
key vault resource or a missing certificate object, the listener(s)
associated with that key vault will go in a disabled state. The instances
are updated with this disabled status of the listener(s) within 60 secs to
provide a consistent data plane behavior.
3. After the issue is resolved by the customer, the same four-hour periodic
poll verifies the access to key vault certificate object and automatically
re-enables listeners on all instances of that gateway.
WAYS TO IDENTIFY A DISABLED LISTENER
1. The clients will observe the error "ERR_SSL_UNRECOGNIZED_NAME_ALERT" if any
request is made to a disabled listener of your Application Gateway.
2. You can verify if the error is a result of a disabled listener on your
gateway by checking your Application Gateway’s Resource Health page. You
will see an event as shown below.
RESOLVING KEY VAULT CONFIGURATION ERRORS
You can narrow down to the exact cause and find steps to resolve the problem by
visiting the Azure Advisor recommendation in your account.
1. Sign-in to your Azure portal
2. Select Advisor
3. Select Operational Excellence category from the left menu.
4. You will find a recommendation titled Resolve Azure Key Vault issue for your
Application Gateway, if your gateway is experiencing this issue. Ensure the
correct Subscription is selcted from the drop-down options above.
5. Select it to view the error details and the associated key vault resource
along with the troubleshooting guide to fix your exact issue.
Note
The disabled listener(s) are automatically enabled if Application Gateway
resource detects the underlying problem is resolved. This check occurs every
four-hour interval. You can expedite it by performing any minor change to
Application Gateway (for HTTP Setting, Resource Tags, etc.) that will force a
check against the Key Vault.
NEXT STEPS
Troubleshooting key vault errors in Azure Application Gateway
Theme
* Light
* Dark
* High contrast
*
* SH ICP Filing No. 13015306-25
* PSB Filing No. 31011502002224
* Privacy
* Microsoft Azure Operated by 21Vianet
* © Microsoft 2022
IN THIS ARTICLE
Theme
* Light
* Dark
* High contrast
*
* SH ICP Filing No. 13015306-25
* PSB Filing No. 31011502002224
* Privacy
* Microsoft Azure Operated by 21Vianet
* © Microsoft 2022