Forum Widgets
Latest Discussions
Issue with Custom Domain on APIM and Cloudflare Proxying
Dear all, Last week, we attempted to configure a custom domain name for our Azure API Management (APIM) instance. We use Cloudflare as our DNS provider. The required CNAME record was created with the proxied attribute enabled. However, when configuring the custom hostname in Azure, we encountered the following error: Invalid parameter: CustomHostnameOwnershipCheckFailed. A CNAME record pointing from apim.ourowndomain.net to apim.azure-api.net was not found. As a workaround, we disabled the proxied attribute in Cloudflare, retried the configuration, and it worked successfully. We then re-enabled the proxied attribute, and the custom domain continued to function correctly. However, yesterday, we discovered that the custom domain was no longer working and returned a "404 Web site not found" error page. After extensive troubleshooting—including disabling the proxied attribute on the CNAME record—we were unable to resolve the issue. To restore functionality, we removed and reconfigured the custom domain by following the same steps: Disable the proxied attribute on the CNAME record. Configure the custom domain in APIM. Re-enable the proxied attribute. This resolved the issue again. We suspect that Azure initially validates the CNAME record during the custom domain configuration process when the proxied attribute is disabled. However, after a few days, Azure appears to revalidate the CNAME record and expects it to resolve to *.azure-api.net. Since Cloudflare returns its own IPs when proxying is enabled, Azure may reject the custom domain configuration, leading to the issue. Can anyone confirm whether our assumption is correct? Additionally, is there a recommended workaround for this issue? We are considering deploying a reverse proxy (Application Gateway) to handle Cloudflare requests and forward them to the APIM instance. Thank you in advance for your help. Best regards,
Azure elastic cloud with private endpoint
Hello, Currently, I'm utilizing Elastic Cloud on Azure and aiming to secure it through Private Link. I've established a private endpoint with a private DNS zone in Azure and incorporated a DNS forwarder. However, when I ping "elastic-name.kb.privatelink.westeurope.azure.elastic-cloud.com," I receive the private IP. Yet, when pinging "elastic-name.kb.westeurope.azure.elastic-cloud.com," I get the public IP, which differs from the typical behavior of Azure resources. I've tested other resources like blobs, files, and app services, and consistently received private IPs for both. Do you have any insights into why Elastic behaves in this manner? Thank you for your assistance in advance.
Microsoft Entra SSO integration with FortiGate SSL VPN issue
Scenario: Microsoft Entra SSO integration with FortiGate SSL VPN I am unable to connect via FortiClient vpn version 7.2.x.x. But when i use FortiClient vpn client version 7.0.x.x.x to connect SSL VPN via Azure ID with SAML Authentication. its connect in 2nd attempt or 3rd attempt every time not in first attempt. In first attempt ask 2FA but not connected. when i try again in 2nd or 3rd attempt so without 2FA prompt just directly connected. is it bug or configuration issue on FortiClient firewall side or Azure FortiGate SSL VPN application side?? please suggest
Third Party NVA in Azure VMware Solution
Hi all, I am following below link to get more information on how to deploy 3rd party NVA however, would like to know if you have any other detailed documentations and considerations that I can follow during my initial discussion with the customers. https://vuptime.io/post/2023-07-24-third-party-nva-in-avs-nsxt/#:~:text=In%20order%20to%20deploy%20a,and%20to%20the%20NVA%20uplink. Appreciate your support!
Kernel Memory - Retrieval Augmented Generation (RAG) using Azure Open AI
Hello Community, I am seeking for guidance here, Looking for Kernel Memory - Retrieval Augmented Generation (RAG) using Azure Open AI which can read file in kernel memory. I can ask question and based on memory it can answer my questions. I want to use .NetCore here for implementation. I have referred below article but i did not found configuration related to Azure Open AI. https://github.com/microsoft/kernel-memory/tree/main%22github.com%22Debug your APIs using request tracing
We are leveraging Azure API Management's tracing capabilities to monitor and log incoming traffic. The primary goal is to track traffic in APIM and attribute it to specific client applications by identifying the appid from JWT tokens included in requests. Additionally, we aim to ensure that trace logs are correctly sent to Log Analytics for debugging and further analysis. To achieve this, we implemented a test policy in a GET method of a cloned API within APIM. The policy is as follows: “<policies> <inbound> <base /> <trace source="InboundTrace" severity="verbose"> <message>Inbound processing started</message> <metadata name="User-Agent" value="@(context.Request.Headers.GetValueOrDefault("User-Agent", "unknown"))" /> </trace> </inbound> <backend> <base /> </backend> <outbound> <base /> <trace source="OutboundTrace" severity="verbose"> <message>Outbound response being sent</message> <metadata name="ResponseCode" value="@(context.Response.StatusCode.ToString())" /> </trace> </outbound> <on-error> <base /> <trace source="ErrorTrace" severity="error"> <message>Error encountered</message> <metadata name="ErrorDetails" value="@(context.LastError.Message)" /> </trace> </on-error> </policies>” This approach aims to ensure the appid appears in the tracerecords attribute of ApiManagementGatewayLogs, enabling us to identify which client applications are consuming specific APIs. Challenges Faced Trace Logs: Trace logs are not appearing in Log Analytics, despite being configured in diagnostics. Using the queries suggested in the documentation, we could not find the TraceRecords field or metadata added by the trace policy. We are unsure if the policy is being correctly applied or if additional configurations are needed. Traffic Attribution: While traffic is traceable, attributing requests to client applications without the appid is challenging. We want to confirm if the approach to extract and log the appid aligns with best practices and whether there are more efficient alternatives. Questions Are there additional configurations needed to ensure trace logs are correctly sent to Log Analytics? Could you provide more detailed examples of KQL queries to check the records generated by the trace policy? Does the proposed approach for extracting and logging appid align with best practices in APIM? Are there any limitations or performance considerations when modifying global policies for this purpose? References Followed Debug APIs in Azure API Management Trace Policy Documentation
