we’ve recently had a reproducible issue concerning internal applications which are published via Azure AD Application Proxy using Azure AD Application Proxy Connector. Two of our customers informed our helpdesk independendly about not beeing able to access published apps anymore.
After logging in into https://myapps.microsoft.com and starting one of the apps, the following error was thrown:
What can cause Azure AD Application Proxy to generate such an error? Well, the error message basically sounded like a connectivity issue so we had a look at the connector status using Azure Classic Portal. Within the portal, you find the information needed under Active Directory -> <Your Azure AD directory> -> Applications -> <your application> -> Dashboard -> View Connector status here.
As we had to realize, the connector status was inactive:
After that, we had a look at the services management console on both servers hosting AAD Application Proxy Connector and realized that the Microsoft AAD Application Proxy Connector service had been disabled.
Windows Updates had been installed on the servers hosting AAD Application Proxy Connector in both environments before the issue occured but we have not yet found out which update actually caused it. After re-enabling the service, all connections to internal applications worked as expected again.
If you are running Azure AD Application Proxy Connector in your environment in order to make internal apps publically accessible, make sure to check the Microsoft AAD Application Proxy Connector service after installing Windows Updates. Further information about Azure AD Application Proxy troubleshooting can be found in Microsoft Azure technical documentation.