POST 400 Error

Question

POST 400 Error

LiamG 1

I am getting a POST 400 Error when trying to Post to Salesforce.

This was working fine until a few days ago.

Salesforce have confirmed the request is not getting to them

How do I check where it is getting blocked

Also

System.Runtime.InteropServices.COMException

Exception while executing function: RetrieveExternalDataOnDemand Exception binding parameter 'req' The client has disconnected An operation was attempted on a nonexistent network connection. (0x800704CD)Exception while executing function: RetrieveExternalDataOnDemand Exception binding parameter 'req' The client has disconnected An operation was attempted on a nonexistent network connection. (0x800704CD)

Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-06T06:40:53.61+00:00
Hello LiamG, thank you for reaching out. To better understand the issue, could you please help us with the following details:

Is this POST request being sent from an Azure Function, Logic App, or another service?

If it’s an Azure Function, which runtime stack and hosting plan are you using (Consumption / Premium / App Service)?

Are you using a custom handler, HTTP trigger, or any managed identity / service principal for the Salesforce call?

Does the Application Insights log show any TimeoutException, socket failure, or DNS resolution errors before the COMException?

Have there been any recent configuration or network changes (VNet integration, firewall rules, IP restrictions, TLS updates)?

Is the Azure service (Function/Logic App) integrating with a corporate network via a VNet or using a private endpoint? If so, have the outbound firewall/proxy rules on that corporate network been checked for blocks to Salesforce's IP ranges?

Can you confirm the specific connector or library being used for the POST request (e.g., HttpClient in C#, a specific Salesforce NuGet package, or an older WCF client)? What is the configured connection or send timeout for this client/connector?

Can you confirm the specific Salesforce URL (including instance details if applicable) being targeted for the POST? Has this URL recently changed (e.g., due to an org migration or Hyperforce update)?
Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-10T08:17:49.1766667+00:00

Hello LiamG, following up to see if you have a chance to check my previous response and help us with requested information to check and assist you further on this. Thank you!
Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-11T07:41:23.2766667+00:00

Hello LiamG, just checking to see if you have a chance to check my previous response and help us with requested information to check and assist you further on this. Thank you!

1 answer

Your answer

Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-06T06:40:53.61+00:00

Hello LiamG, thank you for reaching out. To better understand the issue, could you please help us with the following details:

Is this POST request being sent from an Azure Function, Logic App, or another service?

If it’s an Azure Function, which runtime stack and hosting plan are you using (Consumption / Premium / App Service)?

Are you using a custom handler, HTTP trigger, or any managed identity / service principal for the Salesforce call?

Does the Application Insights log show any TimeoutException, socket failure, or DNS resolution errors before the COMException?

Have there been any recent configuration or network changes (VNet integration, firewall rules, IP restrictions, TLS updates)?

Is the Azure service (Function/Logic App) integrating with a corporate network via a VNet or using a private endpoint? If so, have the outbound firewall/proxy rules on that corporate network been checked for blocks to Salesforce's IP ranges?

Can you confirm the specific connector or library being used for the POST request (e.g., HttpClient in C#, a specific Salesforce NuGet package, or an older WCF client)? What is the configured connection or send timeout for this client/connector?

Can you confirm the specific Salesforce URL (including instance details if applicable) being targeted for the POST? Has this URL recently changed (e.g., due to an org migration or Hyperforce update)?
Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-10T08:17:49.1766667+00:00

Hello LiamG, following up to see if you have a chance to check my previous response and help us with requested information to check and assist you further on this. Thank you!
Anurag Rohikar 3,190 Reputation points Microsoft External Staff Moderator

2025-11-11T07:41:23.2766667+00:00

Hello LiamG, just checking to see if you have a chance to check my previous response and help us with requested information to check and assist you further on this. Thank you!

Answer 1

Hello LiamG,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having POST 400 Error.

When you see 400/timeout symptoms and telemetry shows no remote acceptance, treat it as a network egress problem first check DNS/NSG/SNAT/TLS before app logic (Configure monitoring; Intermittent outbound errors). The failure path is outbound from the Azure Function (connection drops or can’t establish before Salesforce), not a payload/API issue (Functions networking options; Investigate failures in App Insights).

Follow these steps in order to resolve the issue:

Prove outbound reachability (from Kudu or code): Run curl https://your-salesforce-endpoint or tcpping your-salesforce-endpoint 443 in the Kudu/Advanced Tools console to confirm egress from the Function sandbox (Kudu service overview). curl https://your-salesforce-endpoint # or tcpping your-salesforce-endpoint 443
Enable/inspect Application Insights and query exceptions (e.g., SocketException, TaskCanceledException, DNS errors) to confirm network‑layer issues (Configure monitoring; Investigate failures).
If the Function is VNet‑integrated, ensure outbound NSG rules allow TCP 443 to your destination (or egress path) and that routing is correct (Functions networking options; App Service VNet integration).
If a corporate firewall/proxy is in-path, allow the Salesforce FQDNs/IPs and the Function’s egress IP (or NAT public IP) to pass on 443 (Functions NAT gateway tutorial; Functions networking options).
Use nslookup your-salesforce-endpoint (or nameresolver in Kudu) and fix private DNS/forwarding if lookups fail, especially with Private Endpoints/Custom DNS (Private Endpoint DNS values; DNS integration scenarios). nslookup your-salesforce-endpoint
Rule out SNAT exhaustion (critical): Intermittent 5xx/timeouts often mean SNAT limits; mitigate with connection pooling, Premium plan + VNet Integration + NAT Gateway, or service endpoints (Intermittent outbound errors / SNAT; Control outbound IP with NAT Gateway; SNAT with Load Balancer).
You can enforce modern TLS from code or platform, prefer OS default (TLS 1.2+) or set explicitly only when required example legacy snippet: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls(See .NET TLS best practices and App Service TLS updates, including TLS 1.3 rollout) (TLS guidance; App Service TLS update).
Add resilient HTTP handling: Reuse HttpClient (pooling) and set sane timeouts, e.g., httpClient.Timeout = TimeSpan.FromSeconds(100); to reduce new sockets and avoid SNAT pressure (Intermittent outbound errors → use connection pools; additional mitigation practices (blog) https://fhessen.com/2025/01/23/snat-and-why-it-matters-when-working-with-azure-services/.
Use Azure Network Watcher Packet Capture to verify SYNs leave your VNet and responses return; export .cap and analyze in Wireshark (Packet capture overview; Manage packet captures).

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Share via

POST 400 Error

1 answer

Your answer