Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Azure Traffic Manager probe degraded due to 401 from Azure Web App


Your Azure Web App (or any Azure App Service) has authentication enabled but you want to use Traffic Manager.  Since the probe returns the HTTP status code 401, the endpoint is considered degraded.


Whatever you use for an endpoint in Azure Traffic Manager, it must return a 200.  Your site is locked down so any request returns 401


Use URL Authorization rules with a special Route to allow the ping to succeed.  Note:  This is in preview, so there may be updates as this matures.

  1. Create a directory in your application and call it whatever you wish (for this sample I am using TMStatus).
  2. Put an html file in it and call it something like status.html.
  3. Next add URL Authorization Rule to disable authentication for that directory and ensure you place this json file it in the wwwroot directory.  See: URL Authorization Rules  In this case All routes will be RedirectedToLogin, however the /TMStatus route will allow anonymous requests.

Your json would look something like this:

  “routes”: [{
      “path_prefix”: “/”,
      “policies”: { “unauthenticated_action”: “RedirectToLoginPage” }
      “path_prefix”: “/TMStatus”,
      “policies”: { “unauthenticated_action”: “AllowAnonymous” }

   4. Configure Authorization to Allow Anonymous requests in your Azure Portal:


This should restart your web app and pickup the changes, then point traffic manager to your app/TMStatus/status.html  (or whatever you choose to call these from above).

Now when the ping from traffic manager hits this endpoint, it will return a 200 instead of a 401.

Share the post

Azure Traffic Manager probe degraded due to 401 from Azure Web App


Subscribe to Msdn Blogs | Get The Latest Information, Insights, Announcements, And News From Microsoft Experts And Developers In The Msdn Blogs.

Get updates delivered right to your inbox!

Thank you for your subscription