Share via

Application Gateway Unhealthy status

Riju Kumar 0 Reputation points
2025-03-07T07:39:44.0433333+00:00

Issues with Application Gateway

We ran diagnostic checks on your resource Axxxxxxx to help you troubleshoot the issue. Please see the result below and perform the steps suggested to resolve the issue. If no issues are found by the diagnostic checks, then go ahead and file the support request.

Result of diagnostic checks

  1. DNS resolution failed for a backend server: The backend server with FQDN msa-ant-cmrp-dataingestionapi.ant.works is unhealthy as its DNS resolution failed. Check the domain name and its DNS server configuration.
  2. Application Gateway is in a Virtual Network that has Custom DNS servers defined: The Virtual Network containing your Application Gateway has custom DNS servers: 10.xxx.xx.xx,192.xxx.xx.x. Mitigation: Ensure the custom DNS servers are able to resolve all the FQDNs in the backend address pool. If you have recently changed the DNS Server IPs in the VNet, make sure to Stop-Start the application gateway for the change to reflect.
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,136 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 4,320 Reputation points Microsoft External Staff
    2025-03-07T09:01:59.36+00:00

    Hi Riju Kumar

    Greetings!

    I understand that you have configured the FQDN "msa-ant-cmrp-dataingestionapi.ant.works" on the application gateway backend in which diagnostic checks point to a DNS resolution failure for the backend server's FQDN.

    Mostly, this issue happens when custom DNS servers aren't reachable or doesn't have the necessary records to resolve the domain. If you have recently changed the DNS servers, you need to stop and start by using the PowerShell commands described in these linked resources described in these linked resources, because the application gateway might cache old DNS settings.

    If the domain is private or internal, you can try to do nslookup or resolve the private domain "msa-ant-cmrp-dataingestionapi.ant.works" from a VM in the same virtual network. Also, you can check the network connectivity between the DNS servers and the Application Gateway. If there are NSGs or firewalls blocking DNS traffic (port 53), that could cause resolution failures. You can do this by using connection troubleshoot

    User's image

    Please refer DNS resolution error

    If above is unclear and/or you are unsure about something add a comment below.

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Accepted answer

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.