Share via

Deployment has failed with the following error: MinimumTlsVersion is not supported by webhook endpoint

Farzana Mustafa 241 Reputation points
2025-07-24T04:04:54.9966667+00:00

Trying to create Webhook Endpoint for Event Subscription but getting error. We have configured Event Grid System Topic. Tried selecting/deselecting all options in TLS (under Additional Features) but no luck.

Our existing Event subscriptions do not have any TLS configured. Kindly assist.

User's image

Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
0 comments
Accepted answer
  1. TP 131.6K Reputation points Volunteer Moderator
    2025-07-24T06:04:22.6866667+00:00

    Hi Farzana,

    When you attempt to create the event subscription it starts webhook validation handshake to the endpoint url you set. If this url is incorrect and/or doesn't accept minimum TLS version you set and/or doesn't accept the web request properly in some way it will trigger this error, even though the cause may be unrelated to TLS version.

    The fix is to make sure the webhook endpoint is publicly available and configured to properly respond to the handshake. For example, say Event Grid sends below message to endpoint to start handshake:

    [
  {
    "id": "xxxxxxxx-xxxx-4xxx-xxxx-xxxxxxxxxxxx",
    "topic": "/subscriptions/xxxxxxxx-xxxx-4xxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group/providers/Microsoft.Storage/StorageAccounts/contosostorageaccount",
    "subject": "",
    "data": {
      "validationCode": "XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX",
      "validationUrl": "https://rp-westus.eventgrid.azure.net:553/eventsubscriptions/subscription2/validate?id=XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX&t=2025-07-24T05:51:14.1234981Z&apiVersion=2024-12-15-preview&token=B9n2CV31AxMP1Zl452X77S4iRERkISCUER%2beWhgJSEq%3d"
    },
    "eventType": "Microsoft.EventGrid.SubscriptionValidationEvent",
    "eventTime": "2025-07-24T05:51:14.1234981Z",
    "metadataVersion": "1",
    "dataVersion": "2"
  }
]

    the endpoint might extract validationUrl from above and make GET request:

    
GET https://rp-westus.eventgrid.azure.net:553/eventsubscriptions/subscription2/validate?id=XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX&t=2025-07-24T05:51:14.1234981Z&apiVersion=2024-12-15-preview&token=B9n2CV31AxMP1Zl452X77S4iRERkISCUER%2beWhgJSEq%3d

    If it doesn't respond properly, the deployment will eventually fail with webhook validation handshake failed or similar error. This is only one way to respond to handshake.

    For troubleshooting it may be helpful to set up an endpoint that logs the incoming request to help you see exactly what you need to respond to and test different techniques.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.