Share via

Traffic Manager Failover Issue in Active/Passive Mode for Internal Servers on Azure

Fakri SLIMANE 66 Reputation points
2024-11-11T20:35:36.64+00:00

Hello everyone,

I'm facing difficulties with configuring Azure Traffic Manager for active/passive failover between two internal web servers that are only accessible through private IP addresses. Here’s a summary of my setup:

Current Infrastructure:

  • A hub-and-spoke environment on Azure with internal web servers.
    • A Traffic Manager profile set to Priority (Active/Passive) mode, configured to monitor two Debian 12 web servers with a private DNS configuration to route internal users.
    Traffic Manager Configuration: 
    - Each server is configured with an endpoint in Traffic Manager, and the health probe is enabled.

   - A private DNS is used to allow internal users to access the websites hosted on these servers through Traffic Manager.

   **Issue Encountered:**

      - The Traffic Manager health probe shows a **degraded status** on the endpoints.

         - When I test failover by stopping one of the servers, Traffic Manager does not automatically switch to the active server. Access fails as it keeps trying to route to the inactive server.

            - I’ve checked my private DNS settings, firewall, and security rules, but there’s no obvious indication of a blockage.

            **Additional Tests:**

               - I tried using Windows servers (IIS), but encountered the same degraded health probe issue.

                  - I’ve also reviewed the logs in the Azure storage account, but no specific errors seem to indicate the cause of the problem.

Question:

Are there any specific configurations required for Traffic Manager to properly handle active/passive failover with internal servers (private IP only) on Azure? Are there particular prerequisites regarding private DNS, firewall rules, or probe configurations? Any help to diagnose and resolve this issue would be greatly appreciated.

Thank you in advance for your help!

Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
129 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,575 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee
    2024-11-12T20:45:53.69+00:00

    @Fakri SLIMANE

    Thank you for reaching out here.Based on your question above

    Are there any specific configurations required for Traffic Manager to properly handle active/passive failover with internal servers (private IP only) on Azure? Are there particular prerequisites regarding private DNS, firewall rules, or probe configurations?

    This scenario is not supported by Traffic manager currently, the endpoint added should be publicly resolvable.

    This limitation is currently documented here.

    Traffic Manager endpoint can be any internet facing service hosted inside or outside of Azure. Hence, Traffic Manager can route traffic that originates from the public internet to a set of endpoints that are also internet facing. If you have endpoints that are inside a private network or have users making DNS requests from such internal networks, then you can't use Traffic Manager to route this traffic.

    Even adding Private IP address as endpoint is not supported, this is documented here.

    Based on your requirement you can explore Azure Application Gateway in this case.
    These application gateway features can be helpful.

    Please let me know if you have any additional questions. Thank you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.