Solving ASP.NET Core running on Azure App Service causing 500.30 ANCM In-Process Start Failure

Recently I attempted to re-deploy and replicate some of the infrastructure I have running and deploy the same version of the source to a new Slot in an Azure App Service. I hit the error message below:

Following the link (here), gives us an indication of what the error is about:

The worker process fails. The app doesn't start.

The ASP.NET Core Module attempts to start the .NET Core CLR in-process, but it fails to start. The cause of a process startup failure can usually be determined from entries in the Application Event Log and the ASP.NET Core Module stdout log.

Common failure conditions:

- The app is misconfigured due to targeting a version of the ASP.NET Core shared framework that isn't present. Check which versions of the ASP.NET Core shared framework are installed on the target machine.

- Using Azure Key Vault, lack of permissions to the Key Vault. Check the access policies in the targeted Key Vault to ensure that the correct permissions are granted.

Granted, the second point here led me to understand what I needed to check first. However, fighting blind isn't something I want to spend my time on, so here's a tip on how to troubleshoot this (and other issues), using Kudu.

Using Kudu

First, let's launch Kudu. You can do this in a variety of ways. Here are a few:

Launch Kudu manually from the address bar

If your website is https://magicalunicorns.azurewebsites.net, the Kudu URL is https://magicalunicorns.scm.azurewebsites.net. Notice the appended "scm." here. You'll need to be signed in with an account with access to the App Service resource with the appropriate permissions.

Launch Kudu from the Azure Portal

In the Azure Portal, visit your Azure App Service and find the option for "Advanced Tools":

Voila, you're where you need to be.

Use the Kudu debug console to troubleshoot your application quickly

Since the application error indicates that it crashes already at the startup, it's relatively straight forward to understand where we need to start. I want to "launch the web app" to see what happens.

Go to "Debug console" - "CMD":

Navigate to the directory where your web site is hosted, which is usually in "\home\site\wwwroot".

From here, simply launch the app using "dotnet <your app dll>". This launches the application within Azure App Service, including all the configuration and things that are tied to it, and should render a better error message for you immediately:

From the error message was the following:

Unhandled exception. System.InvalidOperationException: KeyVault configuration value 'AzureB2CClientId' is empty

The error message indicates that I need to check a couple of things:

1. Does this value exist in the Azure Key Vault?
2. Am I connecting to the correct vault?
3. Does the identity of the web app have access policies set up to get secrets from the Azure Key Vault?
4. Is the User Assigned Managed Identity still connected to the Azure App Service?
5. Is there a network configuration to access the vault, and is the Azure App Service connected to this network?

From launching Kudu, it took about 3 minutes in total to troubleshoot the issues. I quickly realized that everything looked OK, except that the User Assigned Managed Identity and the Virtual Network connections had been lost when setting up a new Deployment Slot.

Whatever the reasons for the configurations to not be replicated when we set up a new slot (and opting to copy all configurations), Kudu and the debug console is a priceless tool to use when trying to figure out what went wrong along the way.

This post was a small tip of the day. I hope you enjoyed it and that it comes in handy for someone on a similar journey in the cloud.