Azure Key Vault Properties Provider connector times out from on-prem Mule runtime behind a forward proxy

Publish Date: May 12, 2026

Description

The user encountered an issue deploying an API in their On-PREM Mule runtime server with the Azure Key Vault Properties Provider connector. While the same API deployment works correctly in cloud environments (CH1, CH2, and AKS), the On-PREM deployment fails with configuration errors and timeouts related to proxy settings.

## Symptoms

After deploying an application that uses the Azure Key Vault Properties Provider, application startup or first secret resolution

fails. The runtime log shows:

ERROR com.azure.core.http.netty.NettyAsyncHttpClient:

io.netty.channel.ConnectTimeoutException: connection timed out after 10000 ms:

.vault.azure.net/:443

ERROR org.mule.runtime.core.privileged.exception.DefaultExceptionListener:

Exception while executing p("azure-key-vault-properties-provider::secret::")

cause: io.netty.channel.ConnectTimeoutException ...

Error type: MULE:EXPRESSION

Common companion observations:

- The same `curl https://<vault-name>.vault.azure.net/...` from the same OS user **on the same host** succeeds (because `curl` honors

the shell's `HTTPS_PROXY` / `http_proxy` environment variables; the JVM does not).

- DNS resolves correctly — the failure is at the TCP layer (`ConnectTimeoutException`, not `UnknownHostException`).

- The same Mule application deployed to **CloudHub 1.0, CloudHub 2.0, or AKS / customer-managed Kubernetes** works without any

change. Only on-prem Standalone / RTF behind a corporate forward proxy fails.

Resolution

Set the required proxy properties in the wrapper.conf file of the Mule runtime.

Add the following lines, replacing and with the appropriate proxy details:

wrapper.java.additional.XX=-Dhttps.proxyHost=,
wrapper.java.additional.XX=-Dhttps.proxyPort=,
wrapper.java.additional.XX=-Dhttps.proxyUser=,
wrapper.java.additional.XX=-Dhttps.proxyPassword=,
and wrapper.java.additional.XX=-Djava.net.useSystemProxies=true.

2. Restart the Mule runtime service after making the changes to wrapper.conf to ensure the new proxy settings take effect.
3. If the above steps do not resolve the issue, consider setting OS-level environment variables for the proxy settings before starting the Mule runtime service.
Use commands like export MULE_AZURE_KEY_VAULT_NAME= and export AZURE_CLIENT_ID= etc. .

Additional Resources

Troubleshooting Technique:

Verify the proxy is reachable from the runtime host

From the OS user that runs Mule:

# Through the corporate proxy — should return 200 / 401 / 403

curl -v --max-time 10 \

-x http://<proxy-host>:<proxy-port> \

https://<vault-name>.vault.azure.net/secrets/<secret-name>?api-version=7.4

# AAD token endpoint must also be reachable through the proxy

curl -v --max-time 10 \

-x http://<proxy-host>:<proxy-port> \

https://login.microsoftonline.com/

Knowledge Article Number

005322019

Did this article solve your issue?

Let us know so we can improve!

Azure Key Vault Properties Provider connector times out from on-prem Mule runtime behind a forward proxy

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List