Traffic from MS Teams conversational bot not reaching bot through Azure Application Gateway

1
votes

The bot application is hosted in AKS and service is exposed via azure application gateway. Traffic from webchat is logged in AzureDiagnostics table, but traffic from Teams is not reaching the application gateway, meaning no logs of traffic. But when the endpoint of the same appID is changed to a self-hosted URL traffic is reaching the service.

Note: Application gateway is configured with external public DNS, well known CA certificate, multi site listener and WAF disabled

Is there anyway to trace traffic from azure bot service to the endpoint?

Edit: Enabled Application Insights, with which the message seems to reach Microsoft.BotService. But it does not in turn reach Application Gateway.

customDimensions

{"Conversation ID":"a:1vstDiztKcL0xGIiDfmxdvXOq8YBiaEK9sQOn9BSUR26SFEiSBmtEgBErUmtYaEQ1JnsKD5mL2NvaXWiO3jMp_BjCZYsaQrd2KTDTepiqqKP-Eirna2BrcRZDxLwm7mBb","Activity type":"message","Activity ID":"1588002132547","Channel ID":"msteams","EventName":"Activity","Recipient ID":"28:63148178-66a2-4f4a-9b66-d0e6d66ee848","From ID":"29:1zQLscSre40-ZdcWvVvzbbfjOpLMydkjdh3aTdPzwYfduwU9y10aViImc08CUkldfjlkdjflkdsjfOk4KsKJ0Sg","Bot ID":"MBFBOT"}

client_Type PC

client_IP 0.0.0.0

client_City Central

client_StateOrProvince Central and Western District

client_CountryOrRegion Hong Kong

cloud_RoleInstance RD00155DB5D431

appId fc983553-f680-4dc5-9b4a-1893566cb82b

appName MBFBOT

sdkVersion dotnet:2.6.4-28384

2
azurebotframeworkazure-application-gateway
When a user is on Teams and starts a conversation with the bot hosted in AKS, are they able to maintain that conversation or does it fail? Is it just the logging that isn't captured? If so, I suspect it's because Teams maintains their own servers separate from ABS. Web Chat traffic is run via ABS as a web app utilizing Direct Line. Teams does not. The BotFramework connector is able to receive and send the messages to Teams but logging is not accessible via ABS outside of the traffic sent between the bot and the connector.Steven Kanberg
@StevenKanberg, The conversation does not reach the bot hosted in AKS :(.. though I do not get any error on the teams client. Usually when there is something wrong while sending the message there would be an error in teams client.. "Message could not be delivered" of that sort. but in this case no errors and the logs are populating in application insights from teams client to connector but it is not reaching the botRamakrishnan S
There is a possibility you need to tell your app service to accept the Teams service URL. Normally, the lack of this generates a 401 Unauthorized error, but the error might be getting lost in the traffic. Try adding the TrustServiceUrl(), as described here, and let me know if it works.Steven Kanberg

2 Answers

0
votes

Corebot-app-insights demonstrates how to add telemetry logging to your bot, storing telemetry within Application Insights.

https://github.com/microsoft/BotBuilder-Samples/tree/master/samples/csharp_dotnetcore/21.corebot-app-insights

0
votes

Enabling the following cipher suites fixed the issue;

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA