Forum Discussion
Not able to setup azure private endpoint url as webservice/backend for Azure API Management
Hi all, I have integrated Private endpoint connected to private link service. Private link service is created by azure standard load balancer created by kubernetes load balancer service ...
Test this out:
- Trace in APIM: Enable tracing; look for BackendConnectionFailure details, TLS errors, or DNS resolution results. SSL/TLS trust and SNI problems manifest as 500s with trust/handshake failures.
- DNS resolution test: From a VM in APIM’s subnet, nslookup/dig the backend FQDN. It must resolve to the PE’s private IP. If it resolves public, fix Private DNS links.
- TCP reachability: From that VM, test tcping or Test-NetConnection to the backend FQDN:port. If blocked, adjust NSGs/UDRs or SLB rules.
- FS logs / Load balancer health: Check the Standard LB health probe and AKS service endpoints; the LB must show healthy backends on the port APIM calls.
- Certificate/SNI validation: If HTTPS, verify the cert chain installed at the ingress. Ensure APIM uses the same hostname in the Host header and SNI; otherwise certificate mismatch causes trust errors.
Troubleshoot 500 BackendConnectionFailure SSL/TLS Error | Microsoft Community Hub