Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az network application-gateway http-settings create: protocol Tcp not supported #30966

Open
lacmar25 opened this issue Mar 6, 2025 · 3 comments
Open

az network application-gateway http-settings create: protocol Tcp not supported #30966

lacmar25 opened this issue Mar 6, 2025 · 3 comments
Assignees
@necusjz
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... Possible-Solution question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Similar-Issue
Milestone
Backlog

Comments

@lacmar25
Copy link

lacmar25 commented Mar 6, 2025
edited
Loading

Describe the bug

1)
Command: az network application-gateway http-settings create
Issue: protocol Tcp not supported
ERROR example:

az network application-gateway http-settings create \
    --resource-group my-rg \
    --gateway-name my-agw \
    --name my-bs \
    --port 5001 \
    --protocol Tcp \
    --timeout 1800 \
    --probe my-tcp-5001-probe
(ApplicationGatewayBackendHttpSettingsProtocolNotSupported) BackendHttpSettings /subscriptions/xx/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/backendHttpSettingsCollection/my-bs does not support protocol Tcp. Supported protocols are: Http and Https.
Code: ApplicationGatewayBackendHttpSettingsProtocolNotSupported
Message: BackendHttpSettings /subscriptionsxx/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/backendHttpSettingsCollection/my-bs does not support protocol Tcp. Supported protocols are: Http and Https.

But the documentation (https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/http-settings?view=azure-cli-latest#az-network-application-gateway-http-settings-create) states it is available:
[--protocol {Http, Https, Tcp, Tls}]

Related command

az network application-gateway http-settings create \
    --resource-group my-rg \
    --gateway-name my-agw \
    --name my-bs \
    --port 5001 \
    --protocol Tcp \
    --timeout 1800 \
    --probe my-tcp-5001-probe

Errors

(ApplicationGatewayBackendHttpSettingsProtocolNotSupported) BackendHttpSettings /subscriptions/xx/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/backendHttpSettingsCollection/my-bs does not support protocol Tcp. Supported protocols are: Http and Https.
Code: ApplicationGatewayBackendHttpSettingsProtocolNotSupported
Message: BackendHttpSettings /subscriptionsxx/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/backendHttpSettingsCollection/my-bs does not support protocol Tcp. Supported protocols are: Http and Https.

2)

az network application-gateway listener create --frontend-port 5001-fp --gateway-name my-agw --namemy-listener --resource-group my-rg --frontend-ip PrivateIp --host-names my.net
(ApplicationGatewayListenerProtocolNotSupportedWithHostNames) Hostnames property not supported with Tcp listener /subscriptions/x/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/listeners/my-listener.
Code: ApplicationGatewayListenerProtocolNotSupportedWithHostNames
Message: Hostnames property not supported with Tcp listener /subscriptions/x/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/listeners/my-listener.

BUT: [--host-names] avaibla in the documentation (https://learn.microsoft.com/en-us/cli/azure/network/application-gateway/listener?view=azure-cli-latest#az-network-application-gateway-listener-create).

Issue script & Debug output

Debug for 1:

cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 666, in execute
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 734, in _run_jobs_serially
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 714, in _run_job
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 1076, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 1063, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/aaz/_poller.py", line 108, in result
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/aaz/_poller.py", line 130, in wait
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/aaz/_poller.py", line 83, in _start
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\command_modules\network\aaz_compact\latest\network\application_gateway\http_settings\__cmds.py", line 1289, in _execute_operations
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure\cli\command_modules\network\aaz_compact\latest\network\application_gateway\http_settings\__cmds.py", line 1445, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/aaz/_operation.py", line 327, in on_error
azure.core.exceptions.HttpResponseError: (ApplicationGatewayBackendHttpSettingsProtocolNotSupported)

Expected behavior

1) Backend setting created with protocol TCP, as you can do in the Application Gateway via Azure portal manually.
2) Listener created with associated host name.

Environment Summary

** az --version
azure-cli 2.70.0

core 2.70.0
telemetry 1.1.0

Extensions:
account 0.2.5
aks-preview 7.0.0b1

Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Config directory 'C:\Users\laura.caballero.azure'
Extensions directory 'C:\Users\laura.caballero.azure\cliextensions'

Python (Windows) 3.12.8 (tags/v3.12.8:2dc476b, Dec 3 2024, 19:30:04) [MSC v.1942 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.**

Additional context

In my AKS cluster I use HTTPS ingresses in an Azure Application Gateway managed by the ingress-controller (AGIC).
It removes every few seconds my TCP listeners, TCP backendsettings and associated rules.
Aside from HTTP/S access, I need some debugging via TCP by URLs, therefore I need to keep that TCP configurations persistent.
I am trying to create a TCP listener with a hostname in order to use AzureIngressProhibitedTarget, but after several weeks it's been impossible, and the AZ CLI / PowerShell commands I found in the Microsoft documentation seem to be wrong and not as updated as the portal features.

If the commands cannot be aligned with those portal features, maybe you could help with some hints to make that TCP configuration persistent anyway? I was not able to find a solution via Internet. Further more, I found people giving up, and replacing Microsoft Application Gateway by other company's solutions instead.

Thanks in advance!
@lacmar25 lacmar25 added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Mar 6, 2025
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... labels Mar 6, 2025
@microsoft-github-policy-service microsoft-github-policy-service bot added the Auto-Assign Auto assign by bot label Mar 6, 2025
@yonzhan
Copy link
Collaborator

yonzhan commented Mar 6, 2025

Thank you for opening this issue, we will look into it.

@microsoft-github-policy-service microsoft-github-policy-service bot added Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Mar 6, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2025

Here are some similar issues that might help you. Please check if they can solve your problem.

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

The documentation for 'az network application-gateway http-settings create' incorrectly states that the --protocol property can have a value Tcp. This is not supported, and attempting to use Tcp will result in an error. The correct command should not use Tcp as a protocol.

Reference:

Powered by issue-sentinel

@yonzhan yonzhan removed the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Mar 6, 2025
@yonzhan yonzhan added this to the Backlog milestone Mar 6, 2025
@lacmar25
Copy link
Author

lacmar25 commented Mar 6, 2025

But if you want to add the hostname like the documentation says:

az network application-gateway settings create --gateway-name
                                               --name
                                               --port
                                               --resource-group
                                               [--backend-pool-host-name {0, 1, f, false, n, no, t, true, y, yes}]
                                               **[--host-name]**
                                               [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                               [--probe]
                                               [--protocol {Http, Https, Tcp, Tls}]
                                               [--root-certs]
                                               [--timeout]

You get the error:
az network application-gateway settings create --gateway-name tai-dts2-ci-agw --name manager-tcp-5001-bs --port 5001 --resource-group tai-dts2-ci-rg --backend-pool-host-name false --host-name manager.tcp.artisol.net --probe manager-tcp-5001-probe --protocol Tcp --timeout 1800
(ApplicationGatewayBackendSettingsProtocolNotSupportedForNonEmptyHostName) HostName for BackendSettings '/subscriptions/x/resourceGroups/my-rg/providers/Microsoft.Network/applicationGatewaysmy-agw/backendSettingsCollection/my-bs' with protocol 'Tcp' should be null or empty.
Code: ApplicationGatewayBackendSettingsProtocolNotSupportedForNonEmptyHostName
Message: HostName for BackendSettings '/subscriptions/x/resourceGroups/my-rg/providers/Microsoft.Network/applicationGateways/my-agw/backendSettingsCollection/my-bs' with protocol 'Tcp' should be null or empty.

If I can't use a hostname, AzureIngressProhibitedTarget won't work, so I won't be able to make the TCP configuration persistent.
Is there any way to avoid AGIC to remove TCP configs in the Application Gatewway?

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@necusjz necusjz

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... Possible-Solution question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Similar-Issue
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@necusjz @yonzhan @lacmar25