Share via

Bot Service cannot reach out messaging endpoint

Manuel Digeronimo 0 Reputation points
2024-11-22T09:12:41.65+00:00

We are planning to use the Azure Bot Service in conjunction with Microsoft Teams.

The bot is already set up in the Azure portal, the Teams channel is enabled, and we have specified a message endpoint that points to a web service located within our internal network.

Our Configuration:

Message Endpoint: An internal endpoint (https://backend.ourdomain.de/api/messages) secured with a certificate issued by our internal Certification Authority (CA).

DNS Resolution: The internal domain name resolves correctly when accessed from within Azure, we tested this from a VM in this network.

Network Access: The internal endpoint is reachable from Azure via a connection such as an Azure Virtual Network Gateway or Azure Private Link.

Certificate: The web service uses a valid certificate issued by our internal CA.

Current Behavior:

When we specify a public endpoint, we see successful calls from the Azure Bot Service.

However, when we switch to the internal endpoint, no calls appear to reach our web service.

Question/Request:

How can we configure the Azure Bot Service to ensure it uses the correct network path (via the Azure tunnel to our internal network) to access the internal web service?

Can you provide specific steps or configurations to ensure:

The Bot Service communicates successfully with our internal endpoint.

Certificates issued by our internal CA are accepted.

Traffic is routed correctly through the existing network connection (e.g., Azure Virtual Network Gateway or other network services).

Thank you very much for you time :)

Azure AI Bot Service
Azure AI Bot Service
An Azure service that provides an integrated environment for bot development.
863 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azar 23,725 Reputation points MVP
    2024-11-22T09:26:21.27+00:00

    Hi there Manuel Digeronimo

    Thanks for using QandA platform

    First, make sure that your Azure Bot Service is connected to your internal network using Azure VNet integration, Azure Private Link, or a VPN Gateway.

    Next, DNS resolution needs to be properly configured, so the internal endpoint is accessible within Azure. If you’re using a custom domain, you might need to configure DNS forwarding within Azure.

    Mkae sure your internal certificate**, issued by your internal CA, is trusted by Azure**. You can upload your root certificate to Azure using App Service Certificates or Azure Key Vault for SSL/TLS communication. also Make sure your Bot Service's outbound IPs are whitelisted in your firewall rules, as outlined in azure IP ranges.

    Finally, make sure that the message endpoint in your Bot Service configuration matches the internal API's URL and that the correct authentication settings are in place.

    Find the links to documentations below if any additional info is needed.

    https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2CRBAC

    https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

    If this helps kindly accept the answer thanks much.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.