question

ZainD365 avatar image
0 Votes"
ZainD365 asked MughundhanRaveendran-MSFT commented

HTTPTrigger function App Can't access external url via httpRequest when deployed

I have got an Azure Function APP with HTTP trigger calling a webservice and passing on Soap message containing XML. (hosted via APP service plan) . Locally, using VS2019 the function app successfully reaches the web service and receives response within 25 seconds or less. When published to Azure, the function times out after < 23 Seconds.

I get a HTTP server 500 error back:

2021-10-20T09:54:46.263 [Error] Executed 'XXXX' (Failed, Id=0cc4db22-f9ba-4c5d-9f6e-ecd1da394333, Duration=22131ms)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.


We have whitelisted the outbound ip addresses of the function app, but the service's firewall is not receiving the request at all. Can a function app NOT call a https url when triggered?

azure-functions
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZainD365 avatar image
0 Votes"
ZainD365 answered MughundhanRaveendran-MSFT commented

Update: I have resolved this by creating a Azure Virtual Network NAT gateway. Then whitelisiting the static ip addresses on the webservice firewall. whatever connectivity issue we had before got resolved by this now. https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-nat-gateway

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ZainD365 ,

Thanks for sharing your answer to this community.

0 Votes 0 ·
MughundhanRaveendran-MSFT avatar image
0 Votes"
MughundhanRaveendran-MSFT answered

@ZainD365 ,

Thanks for reach out here.

This appears to be network connectivity issue between the Azure function and the external web service. To answer your question, function can make http calls to external web services. With respect to the outbound ip, please check if you have any access restrictions enabled at the function app. Please note that, the outbound/inbound ip addresses of function app running on Consumption/Elastic Premium plan would keep changing periodically.

I would suggest you to perform a tcpping test to check if the network connectivity is properly configured or not.

  • Open the Kudu site (advanced tools in Functions portal) of the function app.

  • Click on Debug Console-> cmd

  • run the command tcpping endpoint-url:port ( like below)

142439-image.png

Check if you are able to establish a connection to the external service. If the connection isnt established, then its confirmed that the configuration isnt proper. From Function app side, please check if is Vnet integrated. If Vnet integration is enabled, then please go through this article to configure the outbound traffic and also look into the outbound NSG rules and route table.

It is possible that your local machine and the web service are in same network so it is working locally. So you need to make sure the function app is also integrated with this network

Feel free to reach out to me if you have any queries or concerns.

I hope this helps!

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.



image.png (49.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZainD365 avatar image
0 Votes"
ZainD365 answered

Thanks @MughundhanRaveendran-MSFT for your thorough response. I have tried tcpping url of Webservice and it returned "connection attempt failed, no such host is known."

The local development machine and the webservice are not running on the same network. The webservice is public facing with an IP firewall and basic credentials. We whitelisted all the outbound addresses for the function app, in addition to the development machine. the latter was able to hit it, while the function app could not . Vnet is not integrated, nor we have any access restrictions set at this point.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.