REST API reliability challenges in Azure

Question

For those of us that are software developers, we are accustomed to this message.
"The underlying connection was closed: A connection that was expected to be kept alive was closed by the server. This issue occurred after 68 seconds."
When this issue comes up, it is normally because of some event that breaks TCP connectivity.&nbsp; Occasionally this happens because of network misconfiguration, or load-balancer misconfiguration.
&nbsp;
This is one of two errors we are seeing after migrating our REST api workloads to onestream's Azure environment.&nbsp; It happens fairly frequently, albeit in an unpredictable way.&nbsp; I haven't found a pattern yet.&nbsp; It doesn't happen on-premise.
&nbsp;
If anyone has experience deploying a REST api solution to Azure, please let me know if this is an error message you encounter frequently.&nbsp; It may not even be a problem with onestream's software; perhaps the root cause is with the Azure load-balancer.&nbsp; I am also looking into other possible explanations, like SSL inspection.&nbsp; Any tips would be greatly appreciated!
&nbsp;
&nbsp;
&nbsp;

dbeavon · Answer

We heavily use the REST api to retrieve financial data. Recently our onestream platform was migrated to Azure and we started receiving failures that never occurred on-premise.

Here is the second type of failure message that has been affecting us since moving to Azure:

( A payload size constraint?)

The error indicates a parsing problem at a certain character position within the results. Basically what we are seeing is that the json payload that is being delivered via the REST api is unexpectedly truncated. As a result, we lose some portion of the data, and the JSON reader is unable to interpret the entire document.

Please let me know if anyone has encountered this type of a REST api issue after migrating to Azure.

dbeavon · Answer

We heavily use the REST api to retrieve financial data. Recently our onestream platform was migrated to Azure and we started receiving failures that never occurred on-premise.

Here is a third error that started affecting us in Azure, but did not ever occur on-premise.

System.Exception: 'Invalid response from query in SendHttpRequest. Status code is Unauthorized. Content is "Error processing External Provider Sign In information. The remote name could not be resolved: 'login.microsoftonline.com'". '

This occurs AFTER we have used the AAD to authenticate and calculate an oauth bearer token. It happens within the subsequent request to the REST api. What this is essentially saying is that the onestream application server in Azure is not able to contact "login.microsoftonline.com". Or rather, it can't even resolve the I.P. address for login.microsoft.com.

Obviously it is a problem if/when any application that is hosted in Azure is unable to contact an identity server that is also hosted in Azure. I'm assuming the purpose of contacting that identity server is to validate the oauth bearer token in the request header.

If anyone is familiar with this error, or with the resolution, please let me know. Migrating our onestream platform to Azure has been an interesting experience, with quite a few challenges. We are opening support tickets as well, but new problems seem to be coming up faster than we can fix them. If onestream support is able to find fixes to these, I will remember to circle back with a reply for the forum.

JackLacava · Answer

I took the liberty to condense your posts into one thread, as they are all effectively about one topic (making the REST api work reliably in Azure).

dbeavon · Answer

JackLacava&nbsp;Please don't.&nbsp; They have entirely different root causes.&nbsp; A DNS failure is different than a load balancer constraint, which is different than SSL inspection client-side issues.

JackLacava · Answer

They are all precise infrastructure issues that are better discussed with our Support guys; so to start with, reading you've already opened tickets, I was tempted to just archive them. However, from the perspective of forum readers, who are mostly application administrators and application developers, they all originate from using the REST api in Azure and the reliability challenges that arise from that scenario - I think you understand that, considering you've effectively linked them together with that "part 1/2/3" in the title. So I thought there was the chance of a useful strategic discussion if we framed it like that. I'm really sorry if it looks harsh; I'm just trying to keep this space look more like a discussion area than a support-ticket queue.
Edit: thinking about it a bit more, regardless of the principle, I should have probably discussed it with you before taking action. Sincere apologies, I'll do that in the future.

Forum Discussion

REST API reliability challenges in Azure

Related Content

Export to Azure Blob (via SIC)

Error IDX10214 while setting up Azure SSO

Accessing Azure File Storage from OneStream

SIC - Whitelist the Azure Relay to your Firewall

SSO with Azure AD - detailed steps (possibly anonymized config)