Share via

Frontdoor Health probe throws 404 with application gateway

Tricky Clown 0 Reputation points
2025-02-03T08:01:06.84+00:00

Hi there,
I've been facing an issue with FrontDoor health probe and the application gateway that I'm unable to find a solution to. I have the following architecture.

  1. Frontdoor has a few routes and origin groups with two origins configured with each origin pointing to IP addresses of AGW 1 and AGW 2. AGW 1 has a priority of 1 while AGW 2 has a priority of 2.
  2. The origin host headers of origins point to some domains and not the IP of the application gateway. This has been done for AGW to understand and route requests to appropriate applications on AKS.
  3. AGW has been connected to AKS via ingress controllers and health probes are also configured.
  4. Both health probes are configured with the same path and HTTP method. User's image

With the context set, I'll come to the problem I'm facing. The health probes from Frontdoor have been only throwing a 404 status code even if the probes configured with AGW show a status of healthy for all applications. The SampleSize is configured to 4 and SuccessfulSampleSize is configured to 4 to avoid false positives.

The status code for health probes from frontdoor was viewed from the FrontdoorHealthProbeLogs.

Any help would be greatly appreciated, thanks!

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
749 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,127 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,260 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 425 Reputation points Microsoft Vendor
    2025-02-03T13:25:27.4633333+00:00

    Hello Tricky Clown

    Greetings!

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you are encountering an issue with the Front Door health probe.

    Your front door backend is configured with an application gateway using a multisite listener. When accessing the front door URL, you receive a 404-status code because the front door is unable to determine the correct route for the request. The AFD health probe sends a request to the application gateway's public IP. If there is no basic listener application, it will return a 404 response. You can review the application gateway access logs in your Azure portal for further details.

    To resolve this, please test by replacing the origin URLs with the application gateway listener hostname.

    I hope this has been helpful!

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.