docs.azure.cn
Open in
urlscan Pro
2620:1ec:40::45
Public Scan
URL:
https://docs.azure.cn/en-us/application-gateway/disabled-listeners
Submission: On June 10 via api from US — Scanned from DE
Submission: On June 10 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM<form class="feedback-verbatim-form width-250-tablet" data-feedback-verbatim-form="" id="main-page-rating-container">
<div class="binary-rating-buttons">
<h3 id="binary-rating-heading" class="font-weight-semibold margin-top-none margin-bottom-xs font-size-h5 has-caret">Is this page helpful?</h3>
<div class="buttons">
<button class="thumb-rating like margin-right-xxs button button-clear button-sm" data-binary-rating-response="rating-yes" title="Yes" type="button" data-bi-name="rating-yes" data-bi-sat="1">
<span aria-hidden="true" class="icon docon docon-like"></span>
<span>Yes</span>
</button>
<button class="thumb-rating dislike button button-clear button-sm" data-binary-rating-response="rating-no" title="No" data-bi-name="rating-no" type="button" data-bi-sat="0">
<span aria-hidden="true" class="icon docon docon-dislike"></span>
<span>No</span>
</button>
</div>
</div>
<div id="binary-verbatim-container" class="font-size-xs margin-top-xs">
<div class="verbatim-textarea">
<label for="binary-rating-textarea" class="visually-hidden"> Any additional feedback? </label>
<textarea id="binary-rating-textarea" data-binary-rating-text="" rows="4" maxlength="999" placeholder="Any additional feedback?" class="textarea has-inner-focus"></textarea>
</div>
<p class="has-line-height-reset">Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services.
<a href="https://privacy.microsoft.com/en-us/privacystatement">Privacy policy.</a></p>
<div class="buttons buttons-right margin-top-xs margin-right-xxs">
<button class="submit-rating button button-primary button-filled button-sm" data-bi-name="rating-verbatim" data-binary-rating-submit="" type="submit" disabled="">Submit</button>
</div>
</div>
</form>
Text Content
Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Download Microsoft Edge More info Table of contents Exit focus mode Read in English Table of contents Read in English Edit Table of contents IDENTIFYING AND FIXING A DISABLED LISTENER ON YOUR GATEWAY * Article * 05/27/2022 * 2 minutes to read * 3 contributors IS THIS PAGE HELPFUL? Yes No Any additional feedback? Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. Submit Thank you. IN THIS ARTICLE The SSL/TLS certificates for Azure Application Gateway’s listeners can be referenced from a customer’s Key Vault resource. Your application gateway must always have access to such linked key vault resource and its certificate object to ensure smooth operations of the TLS termination feature and the overall health of the gateway resource. It is important to consider any impact on your Application Gateway resource when making changes or revoking access to your Key Vault resource. In case your application gateway is unable to access the associated key vault or locate its certificate object, it will automatically put that listener in a disabled state. The action is triggered only in the case of configuration errors. Transient connectivity problems do not have any impact on the listeners. A disabled listener doesn’t affect the traffic for other operational listeners on your Application Gateway. For example, the HTTP listeners or HTTPS listeners for which PFX certificate file is directly uploaded on Application Gateway resource will never go in a disabled state. PERIODIC CHECK AND ITS IMPACT ON LISTENERS Understanding the behavior of the Application Gateway’s periodic check and its potential impact on the state of a key vault-based listener could help you to preempt such occurrences or resolve them much faster. HOW DOES THE PERIODIC CHECK WORK? 1. Application Gateway instances periodically poll the key vault resource to obtain a new certificate version. 2. During this activity, if the instances instead detect a broken access to the key vault resource or a missing certificate object, the listener(s) associated with that key vault will go in a disabled state. The instances are updated with this disabled status of the listener(s) within 60 secs to provide a consistent data plane behavior. 3. After the issue is resolved by the customer, the same four-hour periodic poll verifies the access to key vault certificate object and automatically re-enables listeners on all instances of that gateway. WAYS TO IDENTIFY A DISABLED LISTENER 1. The clients will observe the error "ERR_SSL_UNRECOGNIZED_NAME_ALERT" if any request is made to a disabled listener of your Application Gateway. 2. You can verify if the error is a result of a disabled listener on your gateway by checking your Application Gateway’s Resource Health page. You will see an event as shown below. RESOLVING KEY VAULT CONFIGURATION ERRORS You can narrow down to the exact cause and find steps to resolve the problem by visiting the Azure Advisor recommendation in your account. 1. Sign-in to your Azure portal 2. Select Advisor 3. Select Operational Excellence category from the left menu. 4. You will find a recommendation titled Resolve Azure Key Vault issue for your Application Gateway, if your gateway is experiencing this issue. Ensure the correct Subscription is selcted from the drop-down options above. 5. Select it to view the error details and the associated key vault resource along with the troubleshooting guide to fix your exact issue. Note The disabled listener(s) are automatically enabled if Application Gateway resource detects the underlying problem is resolved. This check occurs every four-hour interval. You can expedite it by performing any minor change to Application Gateway (for HTTP Setting, Resource Tags, etc.) that will force a check against the Key Vault. NEXT STEPS Troubleshooting key vault errors in Azure Application Gateway Theme * Light * Dark * High contrast * * SH ICP Filing No. 13015306-25 * PSB Filing No. 31011502002224 * Privacy * Microsoft Azure Operated by 21Vianet * © Microsoft 2022 IN THIS ARTICLE Theme * Light * Dark * High contrast * * SH ICP Filing No. 13015306-25 * PSB Filing No. 31011502002224 * Privacy * Microsoft Azure Operated by 21Vianet * © Microsoft 2022