Storage Account Blob Trigger Event could not be enabled (MinimumTlsVersion is not supported by webhook endpoint)

Question

Storage Account Blob Trigger Event could not be enabled (MinimumTlsVersion is not supported by webhook endpoint)

ANTONELLO PIO BARBONE 0

Hi everyone,

I'm trying to enable the "Created Blob Trigger" event for my Storage Account Datalake Gen 2 in order to trigger a Function App.
I followed the official documentation about this topic, but the last step fails with the following error

Official Docs:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-event-grid-blob-trigger?pivots=programming-language-python

Screenshot 2025-07-31 alle 13.00.10

What does this mean? I took a look to the TLS version specified for the Event Grid and the Function App, and it's the same.

Thanks in advance

1 answer

Your answer

Answer 1

Hi Antonello,

When you attempt to create the event subscription it starts webhook validation handshake to the endpoint url you set. If this url is incorrect and/or doesn't accept minimum TLS version you set and/or doesn't accept the web request properly in some way it will trigger this error, even though the cause may be unrelated to TLS version.

The fix is to make sure the webhook endpoint is publicly available and configured to properly respond to the handshake. For example, say Event Grid sends below message to endpoint to start handshake:

[
  {
    "id": "xxxxxxxx-xxxx-4xxx-xxxx-xxxxxxxxxxxx",
    "topic": "/subscriptions/xxxxxxxx-xxxx-4xxx-xxxx-xxxxxxxxxxxx/resourceGroups/my-resource-group/providers/Microsoft.Storage/StorageAccounts/contosostorageaccount",
    "subject": "",
    "data": {
      "validationCode": "XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX",
      "validationUrl": "https://rp-westus.eventgrid.azure.net:553/eventsubscriptions/subscription2/validate?id=XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX&t=2025-07-24T05:51:14.1234981Z&apiVersion=2024-12-15-preview&token=B9n2CV31AxMP1Zl452X77S4iRERkISCUER%2beWhgJSEq%3d"
    },
    "eventType": "Microsoft.EventGrid.SubscriptionValidationEvent",
    "eventTime": "2025-07-24T05:51:14.1234981Z",
    "metadataVersion": "1",
    "dataVersion": "2"
  }
]

the endpoint might extract validationUrl from above and make GET request:


GET https://rp-westus.eventgrid.azure.net:553/eventsubscriptions/subscription2/validate?id=XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX&t=2025-07-24T05:51:14.1234981Z&apiVersion=2024-12-15-preview&token=B9n2CV31AxMP1Zl452X77S4iRERkISCUER%2beWhgJSEq%3d

If it doesn't respond properly, the deployment will eventually fail with webhook validation handshake failed or similar error. This is only one way to respond to handshake. Another way is your endpoint could respond to message by returning HTTP 200 with validationCode given:

{
  "validationResponse": "XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX" 
}

For troubleshooting it may be helpful to set up an endpoint that logs the incoming request to help you see exactly what you need to respond to and test different techniques.

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP

ANTONELLO PIO BARBONE 0 Reputation points

2025-08-08T07:46:30.5833333+00:00

Hi! Firstly thank you for providing information.

The problem is that I am NOT managing that endpoint myself, but I think that is automatically handled by Azure... I do not have access to it... I mean, it is the blobTrigger hook for a specific Azure Function App, but that endpoint is not defined in my code anywhere.

I have it only because I followed the documentation, and in there is specified how to manually compose it to refer a specific function of your own.

This is the specific chapter where it talks about the endpoint composition:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-event-grid-blob-trigger?pivots=programming-language-python#build-the-endpoint-url
TP 131.6K Reputation points Volunteer Moderator

2025-08-08T08:15:35.17+00:00

The webhook endpoint is the Function App - Function that the tutorial had you create.

So two things (I believe you are at #1, so fix that first)

1) the endpoint url needs to be correct and ready to accept handshake, or else you can get MinimumTlsVersion error. This means function needs to running and the url must be correct with access key, etc.

2) the function code needs to properly respond to handshake. Perhaps the template already has code in it to respond to handshake, I didn't check. I'm thinking there is good chance it doesn't since in the tutorial it says eventgrid template isn't available yet.

If I'm right and the function template doesn't have code to respond to handshake then that means you will have to make some edits if you want things to work properly. I gave you what is necessary to be done above although I didn't write code.

Share via

Storage Account Blob Trigger Event could not be enabled (MinimumTlsVersion is not supported by webhook endpoint)

1 answer

Your answer