Issue with API Management Unable to Connect to Backend API When Using Private Endpoint Configuration

Question

Issue with API Management Unable to Connect to Backend API When Using Private Endpoint Configuration

Tomohiro Kajita 20

Issue with API Management Unable to Connect to Backend API When Using Private Endpoint Configuration

We have configured our API Management instance to receive traffic exclusively through a private endpoint, following the guidance provided in the following Microsoft documentation:

Enable private link for Azure API Management

Our API Management SKU is Standard.

When attempting to access the backend API (hosted on a VM server) via API Management, which itself is accessed through an Application Gateway, we encountered the following error messages:

"Unable to connect to the remote server"
"Error occurred while calling backend service."
"An attempt was made to access a socket in a way forbidden by its access permissions 10.0.1.4:7443"

Note: 10.0.1.4:7443 is the destination configured for the backend API.

We would like to understand what configuration might be missing or misconfigured in order to resolve this issue, while keeping the private endpoint setup for API Management enabled.

Any guidance or recommendations would be greatly appreciated.

Praveen Kumar Gudipudi 1,875 Reputation points Microsoft External Staff Moderator

2025-06-27T13:28:10.95+00:00
hello Tomohiro Kajita,

Thanks for reaching out.

The error message you are encountering suggests that there is an issue with accessing the specified socket, which may be due to firewall settings or network permissions. Here are some steps you can take to troubleshoot this issue:

Check Firewall Settings: Ensure that the firewall is not blocking the port (7443 in your case). You may need to open this port in your firewall settings.

Verify Service Availability: Make sure that the service you are trying to connect to is running and accepting connections on the specified IP address and port.

Network Permissions: Confirm that the network permissions allow access to the socket. This could involve checking user permissions or group policies that might restrict access.

Use Netstat: Utilize the netstat.exe utility to check if the service is listening on port 7443. This can help you determine if the service is correctly configured.

Test Connectivity: You can use tools like Portqry to test TCP connectivity to ensure that there are no network devices blocking access to the specified port.

If these steps do not resolve the issue, you may need to consult the logs for more detailed error messages or seek further assistance.
Krishna Chowdary Paricharla 280 Reputation points Microsoft External Staff Moderator

2025-07-03T06:26:17.8333333+00:00

Hello Tomohiro Kajita,

Just following up to see if you’ve had a chance to review Praveen Kumar Gudipudi previous response. Let me know if you have any additional questions.

1 answer

Your answer

Praveen Kumar Gudipudi 1,875 Reputation points Microsoft External Staff Moderator

2025-06-27T13:28:10.95+00:00

hello Tomohiro Kajita,

Thanks for reaching out.

The error message you are encountering suggests that there is an issue with accessing the specified socket, which may be due to firewall settings or network permissions. Here are some steps you can take to troubleshoot this issue:

Check Firewall Settings: Ensure that the firewall is not blocking the port (7443 in your case). You may need to open this port in your firewall settings.

Verify Service Availability: Make sure that the service you are trying to connect to is running and accepting connections on the specified IP address and port.

Network Permissions: Confirm that the network permissions allow access to the socket. This could involve checking user permissions or group policies that might restrict access.

Use Netstat: Utilize the netstat.exe utility to check if the service is listening on port 7443. This can help you determine if the service is correctly configured.

Test Connectivity: You can use tools like Portqry to test TCP connectivity to ensure that there are no network devices blocking access to the specified port.

If these steps do not resolve the issue, you may need to consult the logs for more detailed error messages or seek further assistance.
Krishna Chowdary Paricharla 280 Reputation points Microsoft External Staff Moderator

2025-07-03T06:26:17.8333333+00:00

Hello Tomohiro Kajita,

Just following up to see if you’ve had a chance to review Praveen Kumar Gudipudi previous response. Let me know if you have any additional questions.

Answer 1

@Tomohiro Kajita san,

(The same comment in Japanese is shared here.)

Which version of APIM are you using, Classic (STv2) or V2?

In the case of Classic, APIM Standard SKU doesn't support private endpoints for connections to the backend (please check the document below). If the VM allows access via a Public IP, it should be possible to connect to the API from APIM. However, at this time, it is likely that access via a Public IP is not permitted.

https://learn.microsoft.com/azure/api-management/api-management-features

In the case of V2, you can access resources within the VNET by configuring VNET integration. To access the API hosted by the VM, you can configure VNET integration for the VNET that the VM is connected to.

https://learn.microsoft.com/azure/api-management/v2-service-tiers-overview#networking-options

Share via

Issue with API Management Unable to Connect to Backend API When Using Private Endpoint Configuration

1 answer

Your answer