0

To ensure all the to-fro traffic to the bot is monitored , we have a requirement to deploy the Azure bot into ILB ASE. But , we are facing ResourceDeploymentFailure exception, when we try to deploy the Azure bot basic bot ( OOBTB Azure web chatbot ) into the ASP of the ILB ASE. the health of the ASE , ASP is good and the NSG's are all set. Has anyone faced a similar issue and resolved it, please help. Or is there any constraint in deploying Azure bot in ILB ASE, it was working in external ASE. PFB the detailed exception. Thanks, Nivedita

exception : {"code":"DeploymentFailed" ,"message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details." ,"details":[{"code":"Conflict" ,"message":"{
"status": "failed" , \"error\": { "code\": \"ResourceDeploymentFailure\" , \"message\": "The resource operation completed with terminal provisioning state 'failed'.\" , \"details\": [ { \"code\": \"Failed\" , \"message\": \"Failed to download package.
ARM-MSDeploy Deploy Failed: 'System.AggregateException: One or more errors occurred. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because
the remote party has closed the transport stream. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner
exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result) at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result) ---
End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout , CancellationToken cancellationToken) at System.Threading.Tasks.Task.Wait(TimeSpan
timeout) at Microsoft.Web.Deployment.WebApi.AppGalleryPackage.<Download>d__13.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Web.Deployment.WebApi.AppGalleryPackage.<Download>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown
--- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Web.Deployment.WebApi.DeploymentController.<DownloadPackageAndSettings>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Web.Deployment.WebApi.DeploymentController.<DownloadAndDeployPackage>d__25.MoveNext() ---> (Inner Exception #0) System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException:
Authentication failed because the remote party has closed the transport stream. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult
ar) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request , IAsyncResult result) at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult
result)<--- '\" } ] } }"}]}
Nivedita Dixit
  • 181
  • 1
  • 3
  • 12

1 Answers1

0

The biggest difference between external ASE and internal ASE is that the publishing endpoint for apps in an ILB ASE isn't internet accessible. If you have an ILB ASE, the address of the ILB address is the endpoint for HTTP/S, FTP/S, web deployment, and remote debugging. Read Networking considerations for an App Service Environment for more details.

The publishing endpoints for apps in an ILB ASE use the domain that the ILB ASE was created with. You can see it in the app's publishing profile and in the app's portal pane (in Overview > Essentials and also in Properties).

For the error message, It looks like a SSL connection or network related error. You could verify networking considerations for an App Service Environment when you deploying Azure bot in Azure ILB ASE. You may need to Integrate your ILB App Service Environment with the Azure Application Gateway for access from Internet.

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • Thanks for the response. we already have Azure Application Gateway integrated with ILB ASE. The logs dont give much information, Yes from exception log, it seems to be SSL cert or SAS token issue, but as part of the Azure Bot deployment , it does seek any such information from the Azure portal. I am not sure if we are hitting into an issue mentioned in the below link, which was reported 2 years back , hence wanted to confirm .https://feedback.azure.com/forums/169385-web-apps/suggestions/34156090-make-bot-connector-service-accessible-in-ilb-ase-w – Nivedita Dixit Aug 12 '20 at 07:14
  • I have no more good idea for that, you may contact MS support for directly confirmation. – Nancy Aug 12 '20 at 07:27