Share via

Microsoft Entra Private Access - Application Proxy

Ross, Will [TECH/IT/STL] 0 Reputation points
2024-07-18T19:24:17.9533333+00:00

I need to get a Third-Party Web app that is on prim, accessible from the internet. I have tested with a normal web app page, works fine. When I try to get this third-party app through the proxy, it does a redirect and errors.

I made two different Enterprise Apps with Application Proxys.

APP-Test1

The page I have as the internal address is https:// MyApp/MW/ and have the dns setup with my DNS provider. The issue is the internal redirects to a different page and changes my proxy address to the internal URL and gives me the error below which I know it means can't be found / doesn't exist. It's the redirect that is hurting me on that and I don't know how to get around that

Hmmm… can't reach this page

Check if there is a typo in MyAppNameHere.

DNS_PROBE_FINISHED_NXDOMAIN

Check if there is a typo in MyAppNameHere.

APP-Test2

I did more digging and found the login url. The internal is https: //MyApp/srv/account/login/ and have the dns setup with my DNS provider. This loads the sign in page but not like how it looks on prim, like the css or format broke with the proxy? Anyway, When I enter the username and password, I get this error:

No webpage was found for the web address: https:// myapp .domain.com/srv/

HTTP ERROR 404page can’t be found

No webpage was found for the web address: https:// myapp .domain.com/srv/

Web Application that has its own database for users to login to.

I don't know how to take care of the redirects BUT I can't edit the css or java files or it breaks the app. I don't know if this is something I have to setup with my DNS provider or inside the Enterprise App or something to do with Azure and needing an App Prox Gateway? I tried wildcards, I tried doing https:// my app*/lala/ and it doesn't like that wild card.

Sorry if it's hard to understand, my mind is all over the place trying to figure this out lol I will reply with whatever helps.

Microsoft Entra Private Access
Microsoft Entra Private Access
Microsoft Entra Private Access provides secure and deep identity-aware, Zero Trust network access to all private apps and resources.
63 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Raja Pothuraju 6,170 Reputation points Microsoft Vendor
    2024-07-23T17:05:28.9833333+00:00

    Hello @Ross, Will [TECH/IT/STL],

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, it seems you have a third-party web app in your on-premises environment, and you are trying to access the application from Public Internet through application proxy in Microsoft Entra ID. You've configured two different applications in Enterprise Apps, encountering specific issues with each.

    Regarding APP-Test1, you're encountering the error message "DNS_PROBE_FINISHED_NXDOMAIN." I would like to understand whether you are using a custom domain or the default application proxy domain. If you are using a custom domain, ensure that you have configured the CNAME entry correctly with your DNS provider. For guidance on resolving the "DNS_PROBE_FINISHED_NXDOMAIN" error, please refer to the following article: How to Fix DNS_PROBE_FINISHED_NXDOMAIN Error.

    Moving to APP-Test2, you've set up the CNAME entry in your DNS provider, but after entering the username and password, you received an "HTTP ERROR 404 page can’t be found" message. This issue typically arises when using a custom domain to your application. It's crucial to ensure that the hostname registered in the CNAME record matches exactly with the external URL, and that the SSL certificate is correctly uploaded.

    Could you confirm whether the web app is accessible using the internal URL on the "connector" server?

    Additionally, please double-check if the External URL configured in the Azure AD Application Proxy App covers the URL in the request that is generating the HTTP 404 error. For example:

    External URL: https://test.contoso.com/help/

    Sample URLs in the requests:

    https://test.contoso.com/help/test.html -> covered

    https://test.contoso.com/help/test/test.html -> covered

    https://test.contoso.com/help2/test.html -> not covered

    https://test.contoso.com/test/help/test.html -> not covered

    If the URL in the request is not covered, you should adjust the External URL to ensure it matches correctly, such as from https://test.contoso.com/help/ -> https://test.contoso.com/

    Looking forward for your response.

    Thanks,
    Raja Pothuraju.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.