Accessing KUDU SCM for Azure App Service inside an ILB ASE
by Chenlong 2019-10-22
language of the article
4058 1 TECH azure kudu ilb-ase
The background
If you've created the ILB ASE after May 2019, you must have noticed that in the new version you don't need to upload the certificate anymore, and a default *.appserviceenvironment.net domain name is distributed to your environment after the creation: https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#dns-configuration
However, in order to access the SCM site (KUDU console) for the app services that are hosted inside the ILB ASE, the information is missing in the official documentation and the current description is quite blurry: https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase#publish-with-an-ilb-ase
In my case, I had to contact Azure Support to find the solution, hence I'd like to share this info in my blog to help people who might be facing the same problem.
The symptom
whenever we try to access the SCM site it redirects to the default ASE domain name and it fails with an error "DNS_PROBE_FINISHED_NXDOMAIN" explaining that the IP could not be found as the record does not exist.
The solution
STEP 1: Go to the app service for which you are trying to access its SCM site in Azure Portal.
STEP 2: Download the application publish profile in the overview page of that app service
STEP 3: Get the profile user name and password from the profile
STEP 4: Use the app's scm site including the following end point "/basicAuth" such as https://appnamexxxx.scm.asenamexxxx.azurewebsites.net/basicAuth
STEP 5: Use the profile username and password collected to login to the prompt shown
There you go! Happy Clouding!
Related Posts
Azure ILB ASE v2 Advanced Scenarios (PCI DSS, Application Gateway, CI/CD, Multisite hosting, SSL and more)The solution that your provided worked for me. Thanks so much. In trying to resolve this issue - I came up with two more solutions that might be applicable for those you are trying to resolve this issue. 1. You can also achieve this with adding an entry in your host file that points to your ILB. For example 15.15.191.10 xxx.appserviceenvironment.net 2. There is another solution that I implemented - you can create DNS records in your DNS server that points to the ILB of the ASE and also assign the parent name to the same and it would work for all the variations of the site. 15.15.191.10 *.xxx.appserviceenvironment.net 15.15.191.10 *.scm.xxx.appserviceenvironment.net 15.15.191.10 xxx.appserviceenvironment.net Both the above solutions are alternatives to the solution you had provided.