Share via

We are facing issues with Azure Front Door (AFD) configuration in the following scenarios

Avinash 25 Reputation points
2025-03-12T10:41:33.9533333+00:00

Hi Team,

We are facing issues with Azure Front Door (AFD) configuration in the following scenarios:

Scenario 1:

  • The customer has a VM hosting their application exposed via IIS.
  • The subdomain rhino.micology.com is bound to IIS.
  • They configured AFD with the VM's public IP as the origin and enabled SSL validation.
  • Due to SSL being enforced on both the VM and AFD, they are unable to connect to the origin.
  • If SSL validation is disabled, it works, but the customer does not want to disable it for security reasons.

Scenario 2:

  • The customer created a separate subdomain for the VM and configured AFD's origin host name to point to this subdomain.
  • The application is accessible via AFD, but application-side changes are required, which is causing challenges.

Could you please advise on the possible and non-possible solutions from the AFD side to ensure a secure and functional setup?Hi Team,

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
779 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 850 Reputation points Microsoft External Staff
    2025-03-12T11:03:57.3033333+00:00

    Hello Avinash

    Greetings!

    I understand that you are facing issues with Azure Front Door (AFD) configuration.

    You have an AFD, and the backend IIS is hosted in the VM.

    Please check the front door origin group. In the Hostname field, add the VM public IP, and in the host header field, configure the backend host header name.

    To enable HTTPS in the front door, configure a custom domain and add the certificate properly. Also, configure the same hostname and bundle the same certificate in the backend.

    If you want to use a different hostname in the backend, add the backend host header in the AFD origin group properly and remove the certificate namecheck in the front door.

    Check the below screen shot for more understanding:

    User's image

    Check the public document for more understanding:

    https://learn.microsoft.com/en-us/azure/frontdoor/troubleshoot-issues#503-responses-from-azure-front-door-only-for-https

    And also check the below public document how to add custom domain in Front door:

    Add a new custom domain

    You can also collect the tracking reference ID in the access logs when encountering the issue. Use this reference ID to check logs in your Azure portal. Please refer to the following document for collecting the logs:

    https://learn.microsoft.com/en-us/azure/frontdoor/refstring?source=recommendations&tabs=edge

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.  

    User's image

    If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

    0 comments
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.