Share via

APIM stv2.1 experience multiple client connection failures since yesterdays update

Declan O Malley 1 Reputation point
2026-04-01T09:40:26.0933333+00:00

my APIM instance started an update yesterday and since then i have experience over 14,000 connection failures with no other infrastructure changes. It is only a developer SKU but i would have expected this update to not take over 15 hours to push? the service reports healthy. my apim is connected to a vnet for outbound connectivity into a azure app container environment.

are there known issues?

Azure API Management
Azure API Management

An Azure service that provides a hybrid, multi-cloud management platform for APIs.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Declan O Malley 1 Reputation point
    2026-04-06T22:30:17.1133333+00:00

    All resolved now thank you. we found the container apps were stuck in a startup loop due to health probes that a apim restart surfaced

    0 comments
  2. Pravallika KV 12,730 Reputation points Microsoft External Staff Moderator
    2026-04-03T23:46:16.4133333+00:00

    Hi @Declan O Malley ,

    Check below steps:

    1. Developer SKU is a single-instance, no-SLA tier
      • During platform/OS patching or global upgrades, the lone role instance can go offline or be slower to respond. Upgrades can sometimes take many hours. For production workloads, Microsoft recommends Standard/S1+ (2+ instances with built-in LB).
    2. New VIP and control-plane endpoints on stv2.1
      • The stv2 upgrade changes the VIPs your instance uses. If you’re resolving the backend service using DNS, ensure it’s not caching the old VIP.
      • Management/control-plane traffic still arrives on port 3443. If you have forced-tunneling or UDRs, you must allow the Azure APIManagement service tag or specific RP IPs back to the internet so replies can return.
    3. VNet integration and NSG/UDR considerations
      • Verify your APIM subnet’s NSG allows outbound traffic to your App Container Environment on the required ports.
      • Make sure you’ve enabled service endpoints for any Azure PaaS back ends (Storage, SQL, Key Vault, Event Hubs).
      • If you’ve forced all internet-bound traffic through a firewall, add UDRs for the control-plane IPs (see table below) with next hop = Internet so management traffic can complete symmetrically.
    4. Diagnostics and monitoring
      • Turn on request tracing or diagnostic logs in APIM to see whether these are timeouts or HTTP errors coming from the gateway vs. your backend.
      • Check Azure Resource Health to see if there are known upgrade events. Note: Developer SKU may not always emit health alerts.

    Next steps you can try right away:

    • Scale out or upgrade to a higher SKU (Basic/Standard) if you need production-grade availability.
    • Review your NSG and UDR configs for both control-plane (3443) and your backend ports.
    • Flush any stale DNS entries for your backend hostnames.
    • Enable APIM diagnostic logs and look for patterns in the failure codes.

    References:

    Hope this helps!

    If the resolution was helpful, kindly take a moment to click on User's imageand click on Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.