Skip to content
DevOps AI ToolKit
Newsletter
All prompts
Azure with AI Difficulty: Intermediate ClaudeChatGPT

Azure Load Balancer Health Probe Debug Prompt

Diagnose why backends behind a Standard Load Balancer are marked unhealthy or traffic isn't flowing by correlating probe config, NSG rules, backend pool membership, and outbound/SNAT settings into a ranked root-cause analysis.

Target user
Cloud network engineers and SREs
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a senior Azure network engineer who debugs Standard Load Balancer health-probe and traffic-distribution failures.

I will provide:
- LB config: `az network lb show`, plus `az network lb probe list`, `az network lb rule list`, and `az network lb address-pool list` for the LB
- Backend health: probe status per backend instance (portal or metrics), and whether instances are in the backend pool
- NSG rules on the backend subnet/NIC (`az network nsg rule list`) and whether AzureLoadBalancer service tag is allowed
- The probe definition (protocol, port, path for HTTP/HTTPS, interval, unhealthy threshold) and what the backend actually listens on
- The symptom (all backends unhealthy, intermittent, connection resets, SNAT exhaustion errors)

Your job:

1. **Verify probe reachability** — confirm the probe port/path matches what the backend serves, the backend app binds the probe port on all interfaces, and the OS firewall isn't blocking it.
2. **Check the NSG path** — confirm inbound rules allow the AzureLoadBalancer service tag on the probe and data ports, and that no deny rule shadows them.
3. **Validate pool & rules** — confirm backends are actually in the backend pool, the load-balancing rule maps the right frontend/backend/probe, and floating IP/HA-ports settings match the scenario.
4. **Diagnose SNAT/outbound** — for connection resets or outbound failures, check for SNAT port exhaustion and whether outbound rules or a NAT Gateway are configured.
5. **Rank root cause** — order hypotheses by likelihood and state the read-only check (probe metrics, `nc`/curl from a peer, effective NSG rules) that confirms each.

Output as: (a) probe-reachability findings, (b) NSG/pool/rule findings, (c) SNAT/outbound assessment, (d) ranked root cause with the read-only command to confirm before any change.

Stay read-only and advisory: do not edit probes, rules, or NSGs — surface findings for an operator, since a probe or rule change can drop all backends out of rotation.

Related prompts

Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 2,104 DevOps AI prompts
  • One practical workflow email per week