Share via

How to configure and troubleshoot Azure load balancer

GP 20 Reputation points
2025-07-17T13:54:11.64+00:00

I create a infrastructure in Azure using following set of "az cli" commands

# Variables
location="eastus"
resourceGroup="nginx-lb-rg"
vnet="nginx-vnet"
subnet="nginx-subnet"
nsg="nginx-nsg"
publicIp="nginx-pubip"
lb="nginx-lb"
lbFrontend="nginx-frontend"
lbBackendPool="nginx-backend-pool"
lbProbe="nginx-health-probe"
lbRule="nginx-http-rule"
vmPrefix="nginx-vm"
adminUser="serveradmin"
adminPassword="5uper5ecureP@ssw0rd"

# Create resource group
az group create --name $resourceGroup --location $location

# Create virtual network and subnet
az network vnet create \
  --resource-group $resourceGroup \
  --name $vnet \
  --address-prefixes "10.0.0.0/16" \
  --subnet-name $subnet \
  --subnet-prefix "10.0.1.0/24"

# Create NSG and allow SSH + HTTP
az network nsg create --resource-group $resourceGroup --name $nsg

az network nsg rule create --resource-group $resourceGroup --nsg-name $nsg \
  --name allow-ssh --priority 100 \
  --direction Inbound --access Allow --protocol Tcp \
  --source-address-prefix '*' --destination-port-range 22

az network nsg rule create --resource-group $resourceGroup --nsg-name $nsg \
  --name allow-http --priority 110 \
  --direction Inbound --access Allow --protocol Tcp \
  --source-address-prefix '*' --destination-port-range 80

# Create public IP
az network public-ip create \
  --resource-group $resourceGroup \
  --name $publicIp \
  --sku Standard \
  --allocation-method Static

# Create Load Balancer
az network lb create \
  --resource-group $resourceGroup \
  --name $lb \
  --sku Standard \
  --frontend-ip-name $lbFrontend \
  --backend-pool-name $lbBackendPool \
  --public-ip-address $publicIp \
  --location $location

# Create health probe
az network lb probe create \
  --resource-group $resourceGroup \
  --lb-name $lb \
  --name $lbProbe \
  --protocol Http \
  --port 80 \
  --path /index.html

# Create load balancing rule
az network lb rule create \
  --resource-group $resourceGroup \
  --lb-name $lb \
  --name $lbRule \
  --protocol Tcp \
  --frontend-port 80 \
  --backend-port 80 \
  --frontend-ip-name $lbFrontend \
  --backend-pool-name $lbBackendPool \
  --probe-name $lbProbe \
  --disable-outbound-snAT true

# Create NICs, associate subnet, NSG, and backend pool
for i in 1 2; do
  nic="${vmPrefix}-nic$i"
  az network nic create \
    --resource-group $resourceGroup \
    --name $nic \
    --vnet-name $vnet \
    --subnet $subnet \
    --network-security-group $nsg

  az network nic ip-config address-pool add \
    --resource-group $resourceGroup \
    --lb-name $lb \
    --address-pool $lbBackendPool \
    --nic-name $nic \
    --ip-config-name ipconfig1
done

# Create Ubuntu VMs with NGINX
for i in 1 2; do
  az vm create \
    --resource-group $resourceGroup \
    --name "${vmPrefix}$i" \
    --image "/subscriptions/8b8fdec4-790a-4019-a7e5-a8b5cb5a3d41/resourceGroups/Azuredevops/providers/Microsoft.Compute/images/PackerImage" \
    --admin-username $adminUser \
    --admin-password $adminPassword \
    --nics "${vmPrefix}-nic$i" \
    --location $location 

done

The Ubuntu image used for VM's is a custom Ubuntu image. All resources got created without any issues. However when I test the URL "http://lb-public-ip/index.html", the URL times out. I connected to each of VM via Bastion and did "curl http://vm-private-ip/index.html" again each VM, that works, so VM's or the image or the local firewalls can be ruled out.

I also checked the NSG rules, the http is allowed and there is no rule denying anything. I also check the HealthProbes, they indicate the backend pool is 100% healthy.

Not sure what am I missing - any hints? - Thanks!

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
Accepted answer
  1. Ganesh Patapati 8,755 Reputation points Microsoft External Staff Moderator
    2025-07-18T10:14:43.66+00:00

    Hello GP

    Ensure that the public IP assigned to your load balancer is correctly associated and configured. It should be set to "Static" and available.

    Outbound-SNAT true flag is typically used for internal load balancers. For a public load balancer, consider removing this flag or setting it to false.

    Refer: VMs behind the Load Balancer aren't responding to health probes

    Troubleshooting documents:

    Troubleshoot common problems with Azure Load Balancer | Microsoft Learn

    Troubleshoot load balancer health event logs - Azure Load Balancer | Microsoft Learn

    Meantime,

    • I request you to please try this with azure portal f still the issue persists, please share the screenshot of the error message.
    • Are there any error logs or metrics from the Load Balancer available in Azure Monitor?
    • From a machine outside of Azure, try using curl to access the public IP directly:
    • Can you try accessing the web server from a different client to see if the issue persists?
    • Have you tested other ports (say, port 8080) to rule out port-specific problems?

    I hope this was helpful!

    If the above is unclear or you are unsure about something, please add a comment below.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.