Two days trying to get vnet integration working, still not working

[GiscardGirard]

None of this content can be correct. I've tried for two days now to get vnet integration working on a function app. This documentation is out of date or never been tested.

The section on an existing function app is completely mind boggling. We must create a new storage account, and use a file share? None of this makes any sense.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: aa989bf6-c8f7-71fc-e823-f2726dfc8935
• Version Independent ID: 8dc810a4-bfd2-aba7-c48d-b0b1e8aaa8e1
• Content: How to configure Azure Functions with a virtual network
• Content Source: articles/azure-functions/configure-networking-how-to.md
• Service: azure-functions
• GitHub Login: @ggailey777
• Microsoft Alias: glenga

[RyanHill-MSFT]

@GiscardGirard can you provide the errors that you're encountering? If the function isn't it running, you should be able to move the initial storage account to "secure access" where it's only accessible through the VNET. But rather than jumping through those hoops, it's easier to create a new one and redirect.

[GiscardGirard]

Same error many others have encountered 403 from the BlobRestClient on function startup.

Status: 403 (This request is not authorized to perform this operation.)

ErrorCode: AuthorizationFailure

Microsoft.Azure.WebJobs.Host.Listeners.FunctionListenerException:

Azure.RequestFailedException:

at Azure.Storage.Blobs.BlobRestClient+<AcquireLeaseAsync>d__36.MoveNext (Azure.Storage.Blobs, Version=12.9.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)

I have been able to work around this by using an Elastic Premium plan instead of a Dedicated App Service plan. An extra 100$ per month in my dev integration environment. Not ideal. For the time being I am giving up on getting this working using a Dedicated App Service plan using the instructions provided in this article.

[RyanHill-MSFT]

@GiscardGirard just to confirm, you're still not able to get VNet integration working on a Dedicated plan?

[GiscardGirard]

That's right. I can't get this working on a dedicated premium plan. Once I switched over to elastic premium plan it became obvious to me why the instructions for WEBSITE_CONTENTSHARE (etc...) were in there in the article. When you enable vnet integration using the elastic premium plan it automatically adds those entries. It doesn't do this for dedicated plans.

Even if those instructions worked, creating a new storage account is unnecessary and should not be in this article. Copying isn't always that simple once the storage account is secured. Many of us automate our infrastructure deployments using infrastructure as code and these instructions are not helpful.

[RyanHill-MSFT]

@GiscardGirard I understand. I'll assign this to the content author so they can review this feedback and appropriately update the doc.

[GiscardGirard]

I did a deeper dive into this over the weekend.

WEBSITE_CONTENTSHARE this setting isn't required for dedicated plans. It's needed for Elastic Premium.

vnet integration does not appear to work on the linux image DOTNET-ISOLATED|6.0 An grpc shows up in the logs.

vnet integration works on the an windows azure function deployment. No special steps needed on the storage account. Simply enable vnet integration from the portal.

` 2023-06-12T10:57:19.292 [Error] Unhandled exception. Grpc.Core.RpcException: Status(StatusCode="Internal", Detail="Error starting gRPC call. HttpRequestException: An error occurred while sending the request. Http2ConnectionException: The HTTP/2 server sent invalid data on the connection. HTTP/2 error code 'PROTOCOL_ERROR' (0x1).", DebugException="System.Net.Http.HttpRequestException: An error occurred while sending the request.

2023-06-12T10:57:19.301 [Error] ---> System.Net.Http.Http2ConnectionException: The HTTP/2 server sent invalid data on the connection. HTTP/2 error code 'PROTOCOL_ERROR' (0x1).

2023-06-12T10:57:19.304 [Error] at System.Net.Http.Http2Connection.ThrowProtocolError(Http2ProtocolErrorCode errorCode)

2023-06-12T10:57:19.308 [Information] at System.Net.Http.Http2Connection.ReadFrameAsync(Boolean initialFrame)

2023-06-12T10:57:19.308 [Information] at System.Net.Http.Http2Connection.ProcessIncomingFramesAsync()

2023-06-12T10:57:19.309 [Information] at System.Net.Http.Http2Connection.SendHeadersAsync(HttpRequestMessage request, CancellationToken cancellationToken, Boolean mustFlush)

2023-06-12T10:57:19.309 [Information] at System.Net.Http.Http2Connection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

2023-06-12T10:57:19.310 [Information] --- End of inner exception stack trace ---

2023-06-12T10:57:19.310 [Information] at System.Net.Http.Http2Connection.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

2023-06-12T10:57:19.311 [Information] at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)

2023-06-12T10:57:19.311 [Information] at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

2023-06-12T10:57:19.314 [Information] at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)

2023-06-12T10:57:19.324 [Information] at Grpc.Net.Client.Balancer.Internal.BalancerHttpHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)

2023-06-12T10:57:19.324 [Information] at Grpc.Net.Client.Internal.GrpcCall2.RunCall(HttpRequestMessage request, Nullable1 timeout)")

2023-06-12T10:57:19.325 [Information] at Grpc.Net.Client.Internal.HttpContentClientStreamWriter2.WriteAsyncCore[TState](Func5 writeFunc, TState state)

2023-06-12T10:57:19.326 [Information] at Grpc.Net.Client.Internal.HttpContentClientStreamWriter`2.WriteCoreAsync(TRequest message, CancellationToken cancellationToken)

2023-06-12T10:57:19.326 [Information] at Microsoft.Azure.Functions.Worker.Grpc.GrpcWorkerClientFactory.GrpcWorkerClient.SendStartStreamMessageAsync(IClientStreamWriter`1 requestStream) in D:\a_work\1\s\src\DotNetWorker.Grpc\GrpcWorkerClientFactory.cs:line 84

2023-06-12T10:57:19.327 [Information] at Microsoft.Azure.Functions.Worker.Grpc.GrpcWorkerClientFactory.GrpcWorkerClient.StartAsync(CancellationToken token) in D:\a_work\1\s\src\DotNetWorker.Grpc\GrpcWorkerClientFactory.cs:line 66

2023-06-12T10:57:19.327 [Information] at Microsoft.Azure.Functions.Worker.WorkerHostedService.StartAsync(CancellationToken cancellationToken) in D:\a_work\1\s\src\DotNetWorker.Core\WorkerHostedService.cs:line 25

2023-06-12T10:57:19.328 [Information] at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)

2023-06-12T10:57:19.328 [Information] at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)

2023-06-12T10:57:19.328 [Information] at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)

2023-06-12T10:57:19.329 [Information] at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)

...

2023-06-12T10:57:19.957 [Error] Exceeded language worker restart retry count for runtime:dotnet-isolated. Shutting down and proactively recycling the Functions Host to recover`

[anth12]

I've just encountered the same issue when trying to run a .net 6 app on a Linux ASP with VNet outbound integration.

As soon as I added the outbound integration (with a NAT), the function started failing to start due to internal grpc comms in the Function Worker. Redeploying to Windows worked for me too 👎