We have an Azure AppService that communicates with web services that are hosted on-premise via a Site-to-Site VPN. We are using a HUB and SPOKE model for the Site-to-Site VPN set up and this web app integrates with one of the subnets that is part of SPOKE VNet. We have gotten the following exception while performing end-to-end testing. Hope this blog helps you save some research time. Good luck!
Exception:
An error occurred while receiving the HTTP response to https://yourwebserviceURL. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Inner exception:
System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. —> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
Solution:
You might find a lot of solutions online suggesting to update the web.config, edit the binding etc. none of them worked for me. By default, Azure app routes only RFC1918 traffic into your VNet. If you want to route all of your outbound traffic into your VNet, use the following steps to add the WEBSITE_VNET_ROUTE_ALL
setting in your app:
References:
https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet