1

We are developing a app on azure virtual machine and the VM has ngnix installed with TLS version 1.2. The app consists of two action which performs salesforce and office365 oauth flow. The app worked pretty fine on local and azure app service too.

Problem

For some reason, we are moving the app to azure VM. Here is the problem, after oauth the flow returns a code and we need to generate the access_token using that code through a https request to office365 endpoint. The endpoint response is either timeout or Error Read ECONNRESET.

Analysis

The only working URLs,

  1. http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net
  2. https://myapp.vault.azure.net/secrets/{Secret-Name}?api-version=2016-10-01

Both the above is used to fetch the access token and key vault secrets. Luckily, this is working pretty fine and I am able to get all the secrets from azure key vault.

But the below urls are either no response timeout or Error: Read ECONNRESET

  1. https://login.microsoftonline.com/{Tenant-Id}/oauth2/v2.0/token
  2. https://test.salesforce.com/services/oauth2/token

I’ve also tried other public or fake rest APIs like,

  1. https://reqres.in/
  2. https://jsonplaceholder.typicode.com/

None of them seems to be working. Does anyone faced this kind of issue?

astaykov
  • 30,768
  • 3
  • 70
  • 86
moustacheman
  • 1,424
  • 4
  • 21
  • 47
  • 1
    do you have internet connectivity on that VM? Is you local fireall not blocking outgoing connections? Connection RESET usually means that a firewall is blocking the connection. how have you configure the virtual network? any UDRs (user defined routes)? NSGs (network security groups)? NVA (network virtual appliance)? Your issue seems network configuration on the VM/Network itself. Thus removing the AAD tag. – astaykov Aug 06 '19 at 09:27
  • Does your VM's NSG allow incoming traffic? – Mohammad Rayan Aug 06 '19 at 09:33
  • 1
    Do you have any firewall blocking the outbound traffic to the Internet for port 443 when you check the NSG or local firewall inside the Azure VM? – Nancy Aug 08 '19 at 08:23
  • How do you get the access token through the url "https://login.microsoftonline.com/{Tenant-Id}/oauth2/v2.0/token"? Which system do you use? Windows or Linux? – Charles Xu Aug 14 '19 at 09:35
  • @astaykov It was because of some change in the firewall settings. It is working now, thank you! – moustacheman Aug 14 '19 at 17:57

1 Answers1

0

Just clarify the answer from the comments for more references.

The Error Read ECONNRESET means the other side of the TCP conversation abruptly closed its end of the connection. This is most probably due to one or more application protocol errors. Refer to this SO for details.

Moreover, you have only working URLs from Azure Instance Metadata service and Azure Key Vault service, other public or fake rest APIs are failures. So you properly face internet connectivity issue on that VM or VNet itself. You could check if the firewall is blocking the outbound traffic to the Internet on the local VM or NSG rules.

In the end, some change in the firewall settings fixes this issue.

Nancy
  • 26,865
  • 3
  • 18
  • 34