排查错误:“Azure Functions 运行时不可访问”Troubleshoot error: "Azure Functions Runtime is unreachable"

本文帮助你排查 Azure 门户中显示的以下错误字符串:This article helps you troubleshoot the following error string that appears in the Azure portal:

“错误:Azure Functions 运行时不可访问。"Error: Azure Functions Runtime is unreachable. 单击此处获取存储配置的详细信息。”Click here for details on storage configuration."

当 Azure Functions 运行时无法启动时,会出现此问题。This issue occurs when the Azure Functions Runtime can't start. 此问题的最常见原因是函数应用失去了对其存储帐户的访问权限。The most common reason for the issue is that the function app has lost access to its storage account. 有关详细信息,请参阅存储帐户要求For more information, see Storage account requirements.

本文的余下内容将帮助你排查此错误的以下原因,包括如何识别和解决每项原因。The rest of this article helps you troubleshoot the following causes of this error, including how to identify and resolve each case.

存储帐户已被删除Storage account was deleted

每个函数应用都需要存储帐户才能运行。Every function app requires a storage account to operate. 如果该帐户已被删除,则函数不会正常运行。If that account is deleted, your function won't work.

首先在应用程序设置中查找你的存储帐户名称。Start by looking up your storage account name in your application settings. AzureWebJobsStorageWEBSITE_CONTENTAZUREFILECONNECTIONSTRING 包含连接字符串中包装的存储帐户名称。Either AzureWebJobsStorage or WEBSITE_CONTENTAZUREFILECONNECTIONSTRING contains the name of your storage account wrapped up in a connection string. 有关详细信息,请参阅 Azure Functions 的应用设置参考For more information, see App settings reference for Azure Functions.

在 Azure 门户中搜索你的存储帐户,确定它是否仍然存在。Search for your storage account in the Azure portal to see whether it still exists. 如果它已被删除,请重新创建存储帐户,并替换存储连接字符串。If it has been deleted, re-create the storage account and replace your storage connection strings. 函数代码已丢失,需要重新部署。Your function code is lost, and you need to redeploy it.

存储帐户应用程序设置已被删除Storage account application settings were deleted

在上一步骤中,如果找不到存储帐户连接字符串,则可能是该字符串已被删除或覆盖。In the preceding step, if you can't find a storage account connection string, it was likely deleted or overwritten. 使用部署槽位或 Azure 资源管理器脚本设置应用程序设置时,通常会删除应用程序设置。Deleting application settings most commonly happens when you're using deployment slots or Azure Resource Manager scripts to set application settings.

必需的应用程序设置Required application settings

有关详细信息,请参阅 Azure Functions 的应用设置参考For more information, see App settings reference for Azure Functions.

指南Guidance

  • 对于其中的任何设置,请不要选中“槽位设置”。Don't check "slot setting" for any of these settings. 如果交换部署槽位,函数应用将会中断。If you swap deployment slots, the function app breaks.
  • 在自动部署过程中,请不要修改这些设置。Don't modify these settings as part of automated deployments.
  • 必须在创建时提供这些设置并使其生效。These settings must be provided and valid at creation time. 不包含这些设置的自动部署会导致函数应用不运行,即使以后添加设置,也是如此。An automated deployment that doesn't contain these settings results in a function app that won't run, even if the settings are added later.

存储帐户凭据无效Storage account credentials are invalid

如果重新生成存储密钥,则必须更新上述存储帐户连接字符串。The previously discussed storage account connection strings must be updated if you regenerate storage keys. 有关存储密钥管理的详细信息,请参阅创建 Azure 存储帐户For more information about storage key management, see Create an Azure Storage account.

存储帐户不可访问Storage account is inaccessible

函数应用必须能够访问存储帐户。Your function app must be able to access the storage account. 阻止函数应用访问存储帐户的常见问题是:Common issues that block a function app's access to a storage account are:

  • 将函数应用部署到应用服务环境时,未使用正确的网络规则来允许在存储帐户中传入和传出流量。The function app is deployed to your App Service Environment without the correct network rules to allow traffic to and from the storage account.

  • 存储帐户防火墙已启用,但未配置为允许在函数中传入和传出流量。The storage account firewall is enabled and not configured to allow traffic to and from functions. 有关详细信息,请参阅配置 Azure 存储防火墙和虚拟网络For more information, see Configure Azure Storage firewalls and virtual networks.

每日执行配额已满Daily execution quota is full

如果配置了每日执行配额,则会暂时禁用函数应用,导致许多门户控制措施不可用。If you have a daily execution quota configured, your function app is temporarily disabled, which causes many of the portal controls to become unavailable.

若要在 Azure 门户中验证配额,请在函数应用中选择“平台功能” > “函数应用设置”。 To verify the quota in the Azure portal, select Platform Features > Function App Settings in your function app. 如果超出了设置的“每日使用配额”,将显示以下消息: If you're over the Daily Usage Quota you've set, the following message is displayed:

“函数应用已达到使用配额并将停止使用 24 小时。”"The Function App has reached daily usage quota and has been stopped until the next 24 hours time frame."

若要解决此问题,请删除或提高每日配额,然后重启应用。To resolve this issue, remove or increase the daily quota, and then restart your app. 否则,应用的执行将被阻止一天。Otherwise, the execution of your app is blocked until the next day.

应用受防火墙保护App is behind a firewall

函数运行时可能会出于以下任一原因而不可访问:Your function runtime might be unreachable for either of the following reasons:

Azure 门户直接调用正在运行的应用以提取函数列表,并对 Kudu 终结点发出 HTTP 调用。The Azure portal makes calls directly to the running app to fetch the list of functions, and it makes HTTP calls to the Kudu endpoint. 仍可使用“平台功能”选项卡下的平台级设置。 Platform-level settings under the Platform Features tab are still available.

若要验证应用服务环境配置:To verify your App Service Environment configuration:

  1. 转到应用服务环境所在子网的网络安全组 (NSG)。Go to the network security group (NSG) of the subnet where the App Service Environment resides.
  2. 验证入站规则是否允许你在其中访问应用程序的计算机的公共 IP 传出的流量。Validate the inbound rules to allow traffic that's coming from the public IP of the computer where you're accessing the application.

还可以通过连接到运行应用的虚拟网络的计算机或虚拟网络中运行的虚拟机来使用门户。You can also use the portal from a computer that's connected to the virtual network that's running your app or to a virtual machine that's running in your virtual network.

有关入站规则配置的详细信息,请参阅应用服务环境的网络注意事项的“网络安全组”部分。For more information about inbound rule configuration, see the "Network Security Groups" section of Networking considerations for an App Service Environment.

后续步骤Next steps