Nutshell Series

Troubleshooting SFTP and HTTPS Connectivity from Azure Logic Apps and Function Apps

Manjunath

When working with Azure Logic Apps or Azure Function Apps, you may encounter connectivity issues when integrating with SFTP servers or HTTPS endpoints. This guide provides troubleshooting steps using tnc, tcping, ssh, and openssl commands.

1. Troubleshooting SFTP Connectivity

Step 1: Check Network Connectivity

To ensure that the SFTP server is reachable, use tnc (Test-NetConnection) and tcping:

# Using Test-NetConnection (PowerShell)
tnc <sftp-server> -Port 22

# Using tcping (Command Prompt)
tcping <sftp-server> 22

Common Errors and Fixes:

  • Request timed out / Connection refused: Indicates a firewall or network security group (NSG) restriction. Investigate network configurations.
  • No route to host: The destination might be unreachable due to VPN, VNET, or firewall restrictions.

Step 2: Test SFTP Authentication and Encryption

To verify authentication and encryption mechanisms, use SSH in verbose mode:

ssh -o BatchMode=yes -v -p 22 <sftp-server>

Common Errors and Fixes:

  • Permission denied (publickey, password): Verify credentials and authentication methods.
  • Cipher exchange errors: Indicates firewall or network-related issues; check NSG rules and firewall settings.
  • No response from the server: Indicates possible blocking due to outbound restrictions from Logic Apps or Function Apps.

2. Troubleshooting HTTPS Connectivity

Step 1: Check Network Connectivity

Use tnc and tcping to check if the HTTPS endpoint is accessible:

# Using Test-NetConnection (PowerShell)
tnc <https-server> -Port 443

# Using tcping (Command Prompt)
tcping <https-server> 443

Common Errors and Fixes:

  • Connection refused / Request timed out: Indicates network issues such as NSG rules blocking outbound connections.
  • No response from server: Could be due to incorrect routing or firewall policies.

Step 2: Verify SSL/TLS Handshake and Certificate

Use OpenSSL to test TLS handshake and certificate validation:

openssl s_client -connect <https-server>:443

Common Errors and Fixes:

  • Unable to verify certificate: The SSL certificate might be missing or untrusted; check if the certificate is valid and trusted by Azure.
  • TLS handshake failure: Possible cause is a mismatch in TLS versions; ensure that Logic Apps and Function Apps support the required TLS version (1.2+ recommended).
  • Certificate not getting downloaded: Likely a firewall or network issue; investigate NSG, firewall, and VNET settings.

Leave a comment