App Gateway Provisioned State Failed

Question

App Gateway Provisioned State Failed

Claire Morgan 21

We have a pre-existing app gateway (standard, V1) which has been working fine until some time around or just before 11th March when both servers in the backend pool were being reported as unhealthy and unreachable

We removed the servers from the pool and tried to re-add them but we're getting an error of "Network interface provisioning state is failed." when trying to add the VM's

The VM's and NIC's are fine, they are being used on another app gateway (and have been for some time) without issue, the services running on both of the servers is reachable via URL directly to each server.

As well as the error when trying to add the NIC's, the app gateway is sitting in a "failed" provisioned state, I'm unable to make any changes to it at all, everything results in an "internal error". I also created a new NIC and assigned it as a secondary on one of the servers, this does not show the same error as the other NIC's but there is still the internal error when trying to save the changes.

Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-01T15:45:57.4466667+00:00
Hello Claire Morgan

Below are some potential steps and considerations to address the problem:

"Failed" provisioning state often indicates that the last operation on the resource wasn't successful. To restore the application gateway to a functional state, you can try running a "PUT" operation on the resource using Azure PowerShell. This involves fetching the current configuration with a Get command and then committing it back with a Set command. This process might help reset the provisioning state.

Get-AzApplicationGateway -Name "your_resource_name" -ResourceGroupName "your_resource_group_name" | Set-AzApplicationGateway

Refer: Troubleshoot Azure Microsoft.Network failed Provisioning State | Microsoft Learn

The error "Network interface provisioning state is failed" could be related to a misconfiguration or a dependency issue. For this, you can detach the NIC from the VM and reattach it. Reset the NIC using Azure PowerShell or the Azure portal then check if there are any unsupported routes or firewall rules affecting the Application Gateway's subnet.

Since the servers in the backend pool were reported as unhealthy, please ensure that health probes configured for the Application Gateway are correctly set up and can reach the backend servers.

If you're encountering an "Internal error" when making changes. Please check the activity logs and diagnostic logs for the Application Gateway which can provide more insights into the root cause of the issue.

If above is unclear and/or you are unsure about something add a comment below.

Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-02T09:59:47.98+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-02T14:00:11.65+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-03T08:31:51.4333333+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-04T08:56:11.87+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-07T07:03:08.4266667+00:00
Hi @ Claire Morgan

As I can see, Ganesh Patapati suggested an approach to resolve the Application Gateway provisioning state issue. You can follow the steps in Troubleshoot Azure Microsoft.Network failed provisioning state for more details

A Failed provisioning state often indicates an unsuccessful operation on the resource. You can attempt to reset this state using the Azure PowerShell cmdlet.

Get-AzApplicationGateway -Name "your_resource_name" -ResourceGroupName "your_resource_group_name" | Set-AzApplicationGateway

This command fetches the current configuration of the Application Gateway and then commits it back, which can help restore it to a functional state.

I hope this helps to resolve your issue. Please feel free to ask any questions if the solution provided isn't helpful.
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-08T06:22:45.69+00:00

Hi @ Claire Morgan

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.
Claire Morgan 21 Reputation points

2025-04-08T13:20:03.4433333+00:00

Hi Ganesh, thank you for your reply. Unfortunately the SET made no difference and actually errors with "Set-AzApplicationGateway: Long running operation failed with status 'Failed'. Additional Info:'An error occurred.'" - we have not yet tried to detach the NIC's from the VM's, as mentioned, the NIC's are currently attached to another app gateway which works fine. And if I configure a new app gateway i'm able to add the NIC's to it fine. I was actually going to just create a new App Gateway and transfer everything to that, and while I can create it and add the VM's/NIC's to the back end pool, there are constant errors when trying to upload the certificate file saying "Failed to save configuration changes to application gateway 'APPGATEWAYNAME'. Error: Data for certificate APPGATEWAYNAME/CER is invalid."
Claire Morgan 21 Reputation points

2025-04-08T13:21:46.8633333+00:00

Hi Ganesh, thank you for your reply. Unfortunately the SET made no difference and actually errors with "Set-AzApplicationGateway: Long running operation failed with status 'Failed'. Additional Info:'An error occurred.'" - we have not yet tried to detach the NIC's from the VM's, as mentioned, the NIC's are currently attached to another app gateway which works fine. And if I configure a new app gateway i'm able to add the NIC's to it fine. I was actually going to just create a new App Gateway and transfer everything to that, and while I can create it and add the VM's/NIC's to the back end pool, there are constant errors when trying to upload the certificate file saying "Failed to save configuration changes to application gateway 'APPGATEWAYNAME'. Error: Data for certificate APPGATEWAYNAME/CER is invalid."
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-10T07:04:05.09+00:00

Hi @Hi @Claire Morgan,

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.

1 answer

Your answer

Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-01T15:45:57.4466667+00:00

Hello Claire Morgan

Below are some potential steps and considerations to address the problem:

"Failed" provisioning state often indicates that the last operation on the resource wasn't successful. To restore the application gateway to a functional state, you can try running a "PUT" operation on the resource using Azure PowerShell. This involves fetching the current configuration with a Get command and then committing it back with a Set command. This process might help reset the provisioning state.

Get-AzApplicationGateway -Name "your_resource_name" -ResourceGroupName "your_resource_group_name" | Set-AzApplicationGateway

Refer: Troubleshoot Azure Microsoft.Network failed Provisioning State | Microsoft Learn

The error "Network interface provisioning state is failed" could be related to a misconfiguration or a dependency issue. For this, you can detach the NIC from the VM and reattach it. Reset the NIC using Azure PowerShell or the Azure portal then check if there are any unsupported routes or firewall rules affecting the Application Gateway's subnet.

Since the servers in the backend pool were reported as unhealthy, please ensure that health probes configured for the Application Gateway are correctly set up and can reach the backend servers.

If you're encountering an "Internal error" when making changes. Please check the activity logs and diagnostic logs for the Application Gateway which can provide more insights into the root cause of the issue.

If above is unclear and/or you are unsure about something add a comment below.

Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-02T09:59:47.98+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-02T14:00:11.65+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-03T08:31:51.4333333+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Ganesh Patapati 5,440 Reputation points Microsoft External Staff

2025-04-04T08:56:11.87+00:00

Hello Claire Morgan

Just checking in to see if the above information was helpful. If you have any further updates on this issue, please feel free to post back.
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-07T07:03:08.4266667+00:00

Hi @ Claire Morgan

As I can see, Ganesh Patapati suggested an approach to resolve the Application Gateway provisioning state issue. You can follow the steps in Troubleshoot Azure Microsoft.Network failed provisioning state for more details

A Failed provisioning state often indicates an unsuccessful operation on the resource. You can attempt to reset this state using the Azure PowerShell cmdlet.

Get-AzApplicationGateway -Name "your_resource_name" -ResourceGroupName "your_resource_group_name" | Set-AzApplicationGateway

This command fetches the current configuration of the Application Gateway and then commits it back, which can help restore it to a functional state.

I hope this helps to resolve your issue. Please feel free to ask any questions if the solution provided isn't helpful.
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-08T06:22:45.69+00:00

Hi @ Claire Morgan

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.
Claire Morgan 21 Reputation points

2025-04-08T13:20:03.4433333+00:00

Hi Ganesh, thank you for your reply. Unfortunately the SET made no difference and actually errors with "Set-AzApplicationGateway: Long running operation failed with status 'Failed'. Additional Info:'An error occurred.'" - we have not yet tried to detach the NIC's from the VM's, as mentioned, the NIC's are currently attached to another app gateway which works fine. And if I configure a new app gateway i'm able to add the NIC's to it fine. I was actually going to just create a new App Gateway and transfer everything to that, and while I can create it and add the VM's/NIC's to the back end pool, there are constant errors when trying to upload the certificate file saying "Failed to save configuration changes to application gateway 'APPGATEWAYNAME'. Error: Data for certificate APPGATEWAYNAME/CER is invalid."
Claire Morgan 21 Reputation points

2025-04-08T13:21:46.8633333+00:00

Hi Ganesh, thank you for your reply. Unfortunately the SET made no difference and actually errors with "Set-AzApplicationGateway: Long running operation failed with status 'Failed'. Additional Info:'An error occurred.'" - we have not yet tried to detach the NIC's from the VM's, as mentioned, the NIC's are currently attached to another app gateway which works fine. And if I configure a new app gateway i'm able to add the NIC's to it fine. I was actually going to just create a new App Gateway and transfer everything to that, and while I can create it and add the VM's/NIC's to the back end pool, there are constant errors when trying to upload the certificate file saying "Failed to save configuration changes to application gateway 'APPGATEWAYNAME'. Error: Data for certificate APPGATEWAYNAME/CER is invalid."
Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-10T07:04:05.09+00:00

Hi @Hi @Claire Morgan,

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.

Answer 1

Hi @Claire Morgan,

As I understand, you have created a new Application Gateway and successfully attached the NICs. However, the configuration is failing during certificate upload.

The error Data for certificate ... is invalid is getting while uploading the certificate to the application gateway is due to the following reason:

The certificate file is malformed or not in PFX format.
The password provided is wrong or missing.
The name contains invalid characters (some special chars are not allowed).

User's image

https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal#add-authenticationroot-certificates-of-backend-servers

You can try uploading the certificate using the following CLI command:

az network application-gateway ssl-cert create -g MyResourceGroup --gateway-
name MyAppGateway -n MySSLCert --cert-file FilePath --cert-password Abc123

If you are using a self-signed certificate, you can generate a new certificate and upload it again by following this documentation: Configure an Application Gateway with TLS termination using the Azure portal

Reference:
Configure end to end TLS by using Application Gateway with PowerShell
Create an application gateway configuration object

I hope this helps to resolve your issue. Please feel free to ask any questions if the solution provided isn't helpful.

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Venkat V 1,485 Reputation points Microsoft External Staff

2025-04-14T04:30:32.34+00:00

Hi @Claire Morgan,

I just wanted to follow up and see if you had a chance to review my response to your question. Please let us know if it was helpful, and feel free to reach out if you have any further queries.

Share via

App Gateway Provisioned State Failed

1 answer

Your answer