How to add VMSS as a backend target type using az cli command?

Raja, Vijay 5

I am trying to update the backend with VMSS, but encountering this error:

ERROR: (ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress) Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Code: ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress

How can I fix this issue?

Konstantinos Passadis 19,066 Reputation points MVP

2024-08-09T23:07:15.8166667+00:00

Hello @Raja, Vijay !

Welcome to Microsoft QnA!

From a first look, the error message indicates that the Virtual Machine Scale Set (VMSS) backend pool configuration is missing essential information. This issue occurs from the absence of an IP address or FQDN in the backend pool configuration.

To resolve this, confirm that the backend pool includes either IP addresses or FQDNs for all entries. When directly associating a VMSS, Azure typically automates this process, but it is better to check the configuration or just try rebuilding the backend pool with the appropriate settings.

In case this does not work, kindly let us know

Also:

Can you post the Backend config and / or the Application Gateway ?

--

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards
Raja, Vijay 5 Reputation points

2024-08-09T23:07:32.17+00:00

I am trying this with az cli command

Raja, Vijay 5

User's image

When I manually add my vmss , it is accepting and configured , but When I do the same with az cli command it is not configured and throwing error as mentioned in the question ,

az cli command used to update backend pool :

az network application-gateway address-pool update \
          --resource-group ${RESOURCEGROUPNAME} \
          --gateway-name met-GW \
          --name newpassmetScaleSet-1723238703-backend \
          --set backendAddresses="[{\"id\": \"/subscriptions/145********/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723238703\"}]"

Raja, Vijay 5 Reputation points

2024-08-09T23:21:17.46+00:00

I do have one vm running in my backend (VMSS) and that have private IP associated with that
Konstantinos Passadis 19,066 Reputation points MVP

2024-08-09T23:23:52.06+00:00

Hello @Raja, Vijay !

Thank you for your Input !

I suggest this syntax :

az network application-gateway address-pool update \

--resource-group ${RESOURCEGROUPNAME} \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--set backendAddresses="[ \

{\"id\": \"/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Compute/virtualMachineScaleSets/<vmss-name>\"} \

]"

Checking with az cli to verify the resource ID of the VMSS:

az vmss show --resource-group <resource-group-name> --name <vmss-name> --query id --output tsv

I believe this info will help you fic the issue !

--

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards
Raja, Vijay 5 Reputation points

2024-08-10T06:36:39.09+00:00

v**** [ ~ ]$ az network application-gateway address-pool update \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--set backendAddresses="[ \

{"id": "/subscriptions/********/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723238703"} \

]"

(ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress) Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Code: ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress

Message: Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Still same error !
Konstantinos Passadis 19,066 Reputation points MVP

2024-08-10T08:54:06.0333333+00:00
Hello @Raja, Vijay !

Lets try :

1.

az network application-gateway address-pool update \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--remove backendAddresses

2.

az network application-gateway address-pool update \

--resource-group met_resources \ --gateway-name met-GW \ --name newpassmetScaleSet-1723238703-backend \ --add backendAddresses id="/subscriptions/********/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723238703"

Kindly let us know !

--

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards
Raja, Vijay 5 Reputation points

2024-08-10T09:11:08.2666667+00:00

**** [ ~ ]$ az network application-gateway address-pool update \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--add backendAddresses id="/subscriptions/14*****/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"

(ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress) Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Code: ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress

Message: Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Same error ! No luck !
Raja, Vijay 5 Reputation points

2024-08-10T09:13:06.0466667+00:00

Don't we have option to add target type VMSS instead FQDN or ip address option like we do in azure portal ?

Konstantinos Passadis 19,066 MVP

Hello @Raja, Vijay !

Try:

az network application-gateway address-pool create \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--backend-address-pool '{"id":"/subscriptions/<subscription-id>/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"}'

Or update :

az network application-gateway address-pool update \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--add backendAddresses id="/subscriptions/<subscription-id>/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Raja, Vijay 5 Reputation points

2024-08-10T13:03:28.55+00:00

**** [ ~ ]$ az network application-gateway address-pool create \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--backend-address-pool '{"id":"/subscriptions/14****/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"}'

unrecognized arguments: --backend-address-pool {"id":"/subscriptions/145ccdc1-6c51-4e45-a04e-21bdea03d170/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"}
Raja, Vijay 5 Reputation points

2024-08-10T13:05:36.8666667+00:00

vraja [ ~ ]$ az network application-gateway address-pool update \

--resource-group met_resources \

--gateway-name met-GW \

--name newpassmetScaleSet-1723238703-backend \

--add backendAddresses id="/subscriptions/14****/resourceGroups/met_resources/providers/Microsoft.Compute/virtualMachineScaleSets/newpassmetScaleSet-1723280652"

(ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress) Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.

Code: ApplicationGatewayBackendAddressMustHaveEitherFqdnOrIpAddress

Message: Backend Address Pool newpassmetScaleSet-1723238703-backend must have either Fqdn or IpAddress specified.
Raja, Vijay 5 Reputation points

2024-08-10T13:08:08.2066667+00:00

neither creating with --backend-address-pool nor updating with --add backendAddresses works
Raja, Vijay 5 Reputation points

2024-08-10T13:11:08.4533333+00:00

neither creating with --backend-address-pool nor updating with --add backendAddresses works

0 commentsNo commentsReport a concern
Konstantinos Passadis 19,066 Reputation points MVP

2024-08-10T14:36:42.0166667+00:00

Hello @Raja, Vijay !

Let me reproduce it please !

It is quite strange . Have you update the az cli ? Or tried via Cloud Shell ?

Please try that until i get back to you!

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards
Konstantinos Passadis 19,066 Reputation points MVP

2024-08-14T11:49:22.3433333+00:00

Hello @Raja, Vijay ! This should be correct

az network application-gateway address-pool create --gateway-name <app-gateway-name> --name <address-pool-name> --resource-group <resource-group-name> --servers <vmss-name>.<vmss-resource-group>.<region>.cloudapp.azure.com --type ipaddress Can you try it please ?

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards
Rohith Vinnakota 315 Reputation points Microsoft Vendor

2024-08-26T02:46:40.66+00:00

Hi Raja, Vijay,

Just checking in to see if the below answer helped. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 answer

Rohith Vinnakota 315 Reputation points Microsoft Vendor

2024-08-21T13:48:39.54+00:00
Hi Raja, Vijay

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Azure Application Gateway does not natively support directly adding a VMSS as a backend target by its resource ID. Instead, you need to associate the IP addresses of the VM instances within the VMSS or, alternatively, use a Public or Internal Load Balancer that fronts the VMSS as the backend target.

Here are the steps to properly configure the Application Gateway backend pool with a VMSS using Azure CLI:

Option 1: Adding a VMSS by IP Address Or FQDN

Retrieve the IP addresses of the VM instances in the VMSS. This can be done using the Azure CLI or through the Azure portal.

command to list IP addresses:

az vmss nic list \    --resource-group Rohith-RG \    --vmss-name vmss-01 \    --query "[].ipConfigurations[].privateIpAddress" \    --output tsv

2.Add these IP addresses to the Application Gateway backend pool:

az network application-gateway address-pool update \    --resource-group Rohith-RG \    --gateway-name app-gateway-01 \    --name backpoo-end \    --add backendAddresses ipAddress=XX.XX.XX.XX ipAddress=YY.YY.YY.YY

Replace XX.XX.XX.XX and YY.YY.YY.YY with the actual IP addresses of your VM instances.

3.Add the FQDN to the Application Gateway backend pool:

az network application-gateway address-pool update \     --resource-group MyResourceGroup \     --gateway-name MyAppGateway \     --name MyBackendPool \     --add backendAddresses fqdn=myapp.contoso.com

Option 2: Using a Load Balancer with VMSS

Create an Azure Load Balancer (if not already done) and associate it with your VMSS.

Add the Load Balancer's IP address as the backend for the Application Gateway:

az network application-gateway address-pool update \    --resource-group Rohith-RG \    --gateway-name app-gateway-01 \    --name backpoo-end \    --add backendAddresses ipAddress=ZZ.ZZ.ZZ.ZZ

Replace ZZ.ZZ.ZZ.ZZ with the Load Balancer’s frontend IP address.

Note:

By providing the IP addresses of the VMSS instances or using a Load Balancer, the Application Gateway can be properly configured to route traffic to the VMSS.

For details, refer to az network application-gateway address-pool | Microsoft Learn

If you have any further queries, do let us know. If the answer is helpful, please click "Accept Answer" and "Upvote it."
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How to add VMSS as a backend target type using az cli command?

1 answer

Your answer