Troubleshooting Azure App Services and On-Premise Connectivity

Azure App Services can integrate with your Virtual Network which enables you to connect to your database server, APIs, etc. — in the form of Azure VMs or on-premise servers.

Testing Connectivity

Go to your App Service –> Console blade and use tcpping.exe (also see here for other network related commands). For example, you may enter something like

tcpping 10.1.3.56:1433

Running the above command will tell you if your App Service is able to successfuly reach the server with the IP address 10.1.3.56 using the port 1433. If this fails…

Check your App Service Plan Network Routings

Now this is the main reason why I decided to post about this troubleshooting activity. When administering Web Apps, I normally just look at the App Service resource. Under App Services, I normally go to “Networking” to configure VNet Integration.

What I learned, after spending hours troubleshooting, was that the App Service PLAN (not the actual App Service resource but the PLAN resource, reemphasis intended), also has a Networking blade with different information.

Click on the manage link. This will eventually lead you to the network routings / IP address ranges which your App Servce is allowed to access.

Adding Network Routings

Now the rest is easy. There are 2 ways to resolve the connectivity issue

1. Option 1: Add the IP address range of the network resources that your App needs access to
2. Option 2: Click Sync Network, this will refresh the network routes based on your Virtual Network configurations.

Note: The above assumes that your S2S VPN / Express Route / Local Network are correctly defined. I had this encounter recently where the routes are correct but the on-premise firewall was not configured correctly.

Additional Reference

For further details, check out the troubleshooting section in the Azure documentations page.