Internal Server Error while creating a EventGrid Namespace subscription in Push delivery mode

Question

Internal Server Error while creating a EventGrid Namespace subscription in Push delivery mode

Guru Pasupathy 0

I’m trying to create an EventGrid Namespace subscription in Push delivery mode, but I encountered the following error. However, I can create a subscription in Queue mode without any issues. Could you help me understand what’s causing this error?

│`` RESPONSE 500: 500 Internal Server Error

│`` ERROR CODE: InternalServerError

│`` {

│`` "error": {

│`` "code": "InternalServerError",

│`` "message": "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report a0e84731-1198-49ae-99f9-6dde59726a93:8/26/2025 6:13:38 AM (UTC) to our forums for assistance or raise a support ticket ."

│`` }

│`` --------------------------------------------------------------------------------

│`` RESPONSE 500: 500 Internal Server Error

│`` ERROR CODE: InternalServerError

│`` --------------------------------------------------------------------------------

│`` {

│`` "error": {

│`` "code": "InternalServerError",

│`` "message": "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report 0652ede7-3a61-4c20-a8dc-b77443ef102d:8/26/2025 8:09:11 AM (UTC) to our forums for assistance or raise a support ticket ."

│`` }

│`` --------------------------------------------------------------------------------

│

╵

Rakesh Mishra 255 Reputation points Microsoft External Staff Moderator

2025-08-27T18:55:31.6533333+00:00
Hi @Guru Pasupathy ,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

For similar internal server errors, the most common root causes are:

The Microsoft.EventGrid resource provider is not fully registered, or its service principal is disabled, causing backend failures when provisioning Push subscriptions.

The Push endpoint is unreachable or not responding correctly to Event Grid’s subscription validation handshake, resulting in a backend timeout/error surfaced as a 500.

A transient service-side fault in the Event Grid control plane (rare but possible), requiring retry with exponential backoff.

Could you please retry creating as the error suggested and provide the details below.

What type of endpoint are you trying to use (Webhook, Azure Function, etc.)?

Have you validated that the endpoint is reachable from the Internet?

Are there any specific configurations or settings applied to your EventGrid Namespace that we should be aware of?

Have you faced any other errors or abnormalities in the Azure portal?

Guru Pasupathy 0

Thank you for looking into this earlier. I was able to get past the error — it turned out to be caused by the IP restrictions I had in place.I’d like to use this thread for a follow-up question.

I’m able to create a push delivery mode subscription using a SAS URL as the endpointUrl. However, I’m unable to create a subscription (push delivery mode, endpoint type = WebHook) that uses Managed Identity authentication between the Event Grid Namespace and a Logic App (where the Logic App is the webhook receiver).

**
Question:** Is Event Grid Namespace topic subscription creation supported in push delivery mode for WebHook endpoint type when the webhook points to a Logic App in the Consumption tier?

I came across a forum thread suggesting it is not supported (https://learn.microsoft.com/en-au/answers/questions/2259362/sasauthenticationpolicy-json-object-disable-in-log last response from @Suwarna S Kale ) , but I’d like to confirm whether this is explicitly stated anywhere in the official documentation.

For reference, here’s my Terraform snippet:

resource "azapi_resource" "egns_internal_topic_logicapp_push_subscription" {
  type                      = "Microsoft.EventGrid/namespaces/topics/eventSubscriptions@2025-04-01-preview"
  name                      = "internal-topic-logicapp-sub-msi"
  parent_id                 = "/subscriptions/${var.subscription_id}/resourceGroups/${var.resource_group_name}/providers/Microsoft.EventGrid/namespaces/${var.event_grid_namespace}/topics/internal-topic"
  schema_validation_enabled = false
  body = {
    properties = {
      deliveryConfiguration = {
        deliveryMode = "Push"
        push = {
          deliveryWithResourceIdentity = {
            destination = {
              endpointType = "WebHook"
              properties = {
                endpointUrl                            = "https://prod-xx.xxxxxxxx.logic.azure.com:443/workflows/xxxxxxxxxx/triggers/When_a_HTTP_request_is_received/paths/invoke?api-version=2016-10-01"
                azureActiveDirectoryApplicationIdOrUri = "https://management.azure.com/"
                azureActiveDirectoryTenantId           = "00000000-0000-0000-0000-000000000000"
                maxEventsPerBatch                      = 100
                preferredBatchSizeInKilobytes          = 64
              }
            }
            identity = {
              type                 = "UserAssigned"
              userAssignedIdentity = data.azurerm_user_assigned_identity.common_identity.id
            }
          }
          eventTimeToLive  = "P7D"
          maxDeliveryCount = 10
        }
      }
      eventDeliverySchema = "CloudEventSchemaV1_0"
    }
  }

}

1 answer

Your answer

Rakesh Mishra 255 Reputation points Microsoft External Staff Moderator

2025-08-27T18:55:31.6533333+00:00

Hi @Guru Pasupathy ,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

For similar internal server errors, the most common root causes are:

The Microsoft.EventGrid resource provider is not fully registered, or its service principal is disabled, causing backend failures when provisioning Push subscriptions.

The Push endpoint is unreachable or not responding correctly to Event Grid’s subscription validation handshake, resulting in a backend timeout/error surfaced as a 500.

A transient service-side fault in the Event Grid control plane (rare but possible), requiring retry with exponential backoff.

Could you please retry creating as the error suggested and provide the details below.

What type of endpoint are you trying to use (Webhook, Azure Function, etc.)?

Have you validated that the endpoint is reachable from the Internet?

Are there any specific configurations or settings applied to your EventGrid Namespace that we should be aware of?

Have you faced any other errors or abnormalities in the Azure portal?

Answer 1

Hello Guru Pasupathy,

Thank you for posting your question in the Microsoft Q&A forum.

You cannot create an Azure Event Grid Namespace topic subscription in push delivery mode for a WebHook endpoint that points to a Logic App (Consumption) using its default trigger URL.

Here’s the detailed explanation of why and what the correct approach is - The Core Problem is Authentication

The primary reason is the authentication requirement for WebHook endpoints with the new Event Grid Namespace (the GA/released version of the service, not the classic "Event Grid" resource).

When you create an event subscription on a Namespace topic and select WebHook as the endpoint type, it mandatorily requires you to select an authentication method (e.g., Azure Active Directory, SAS Token). You cannot proceed without it.

The default HTTP request trigger URL for a Logic App (Consumption) looks like this: ***https://prod-07.westus.logic.azure.com:443/workflows/{GUID}/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig={SAS_KEY}***

This URL contains a SAS (Shared Access Signature) token (sig={SAS_KEY}) for authentication. However, the Event Grid Namespace WebHook configuration does not support the specific SAS token format used by the Logic App's built-in trigger. There is no field to configure the sig parameter in the way the Logic App expects it.

The Recommended Solution: Use the "Azure Logic Apps" Endpoint Type

Instead of fighting the WebHook configuration, you should use the dedicated endpoint type built specifically for this purpose.

When creating your event subscription, in the "Endpoint Details" section, do not select "WebHook".
Select "Azure Logic Apps" from the dropdown menu of endpoint types.
Azure will then allow you to browse and select your specific Logic App (Consumption) from your subscription.

Why this works perfectly:

Automatic Authentication: Behind the scenes, Azure automatically handles the authentication between Event Grid and your Logic App using a managed identity. You don't have to worry about SAS tokens or keys.
Simplified Setup: The connection is established with a few clicks, eliminating configuration errors.
Native Integration: It represents the officially supported path for this integration, making it more reliable and future-proof.

Please, let me know the response helps answer your question? If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. 🙂

Share via

Internal Server Error while creating a EventGrid Namespace subscription in Push delivery mode

1 answer

Your answer