How to Enable Sitecore Analytics on Azure Using ARM Templates


Debugging Sitecore Analytics on Azure: Lessons From a Real Deployment



When deploying a Sitecore solution on Azure PaaS, most teams expect Sitecore Analytics to work out-of-the-box—especially when the deployment follows the standard ARM templates or the Sitecore Azure Toolkit.

But during one of our recent deployments, we noticed that Sitecore Analytics was not working at all, even though the application was healthy, CD/CM were synced, and the xConnect endpoints were reachable.

After investigation, we found the root cause:

allowInvalidClientCertificates was not enabled in our ARM template.

And enabling this single configuration value instantly fixed Analytics.

This blog walks you through the issue, symptoms, root cause, and how re-deploying the ARM template with the correct setting resolved everything.


The Problem: Analytics Events Not Being Recorded

Even though:

  • xConnect services were up

  • XP roles were able to communicate

  • CM/CD could reach the xConnect endpoint

  • No major errors appeared in Sitecore logs

Analytics simply was not recording any interactions.

No new contacts, no page events, no engagement value.

On a deeper look, the xConnect log on the XP XConnect Search & Collection role showed errors such as:

The client certificate provided is not trusted.

But in our environment setup, we were not using custom client certificates — Azure manages them internally for Sitecore PaaS.

So why was xConnect rejecting internal traffic?




Root Cause: allowInvalidClientCertificates Was Missing

In Azure PaaS Sitecore deployments, some internal components communicate using automatically generated certificates.
These certificates are valid but not always evaluated as trusted by xConnect without a specific configuration flag.

That flag is:

"allowInvalidClientCertificates": true


When this setting is missing or set to false, xConnect rejects internal calls used for tracking and analytics.
This results in:
  • No analytics data stored
  • No interactions tracked
  • xConnect responding with certificate validation errors
  • Sitecore not showing any Experience Analytics data
This setting is normally included in standard Sitecore ARM deployments—but in our case, it was missing from a custom template.



Once this was added and we redeployed:


  1. xConnect accepted the internal client certificates
  2. Tracking events started flowing
  3. Analytics began processing interactions normally
Key Takeaways
  1. Sitecore XP on Azure may require allowInvalidClientCertificates = true for proper xConnect communication.
  2. If analytics is not working and logs show certificate errors, check this setting first
  3. The fix requires a redeploy, not just a restart.
  4. Custom ARM templates often miss this setting—always validate configuration against Sitecore’s baseline templates.
  5. This setting is safe on Azure PaaS because communication happens inside secure Azure-managed infrastructure.

Comments

Post a Comment

Popular posts from this blog

XM Cloud Basics – Part 1

 🚀 Connecting Next.js with Sitecore XM Cloud: A Developer’s Guide: With the evolution of Sitecore into a composable DXP platform, Sitecore XM Cloud stands out as the cloud-native, headless-first CMS designed for speed, scalability, and modern front-end frameworks like Next.js . In this post, we’ll walk through how to connect Next.js to Sitecore XM Cloud using the official SDKs and headless services. 🔍 What is Sitecore XM Cloud? Sitecore XM Cloud is a SaaS version of Sitecore Experience Manager. It provides: Headless content delivery Integrated personalization A fully managed cloud platform Native support for front-end frameworks like Next.js and React XM Cloud replaces the need for hosting your own Sitecore infrastructure, while still providing all the benefits of Sitecore's flexible content model and editing tools. 🛠️ Prerequisites Before diving in, make sure you have: A Sitecore XM Cloud environment provisioned Access to the Sitecore Cloud Portal Nod...
Read more

Sitecore 10.4 + Docker + Next.js: A Complete Setup Guide for JSS Developers

Image
  Setting Up Sitecore xp 10.4 with Docker and Next.js (JSS Connected Mode) Setting up a modern Sitecore solution using Docker and Next.js enables rapid local development with a clean separation of front-end and back-end concerns. In this post, we’ll walk through how to set up Sitecore XP 10.4  using Docker along with Next.js in connected mode , using Sitecore JSS Prerequisites Before starting, make sure you have the following installed: Windows 10/11 Pro or Enterprise (for Docker Desktop with Hyper-V) Docker Desktop (configured for Windows containers) .NET SDK 6.0+ Node.js v18+ Git Sitecore Container Deployment Packages (WDPs) Sitecore License File JSS CLI Steps:    1. Enable hyer-v      Control panel --->programs --> program and feature 2. Download and Install docker using below link        Click here to download and install docker 3. Install the template   Open PowerShell with administ...
Read more

Deploying Next.js + Sitecore JSS: Real-World Azure PaaS Setup

Image
Deploying Next.js + Sitecore JSS on Azure PaaS  Overview: Deploying a Sitecore JSS (JavaScript Services) app with Next.js can be challenging when moving to production or any upar enviroment, especially in Azure PaaS . This post outlines a clean separation of concerns deployment architecture where: CM handles only content authoring (no Next.js). CD acts as the Sitecore backend API provider for the JSS app. Web App hosts the Next.js SSR app (head) independently. This architecture ensures performance , security , and scalability for modern composable solutions. Architecture Overview: Setup Breakdown:  Sitecore CM (Content Management) Purpose : Only used by authors to manage content. Does NOT include : JSS app, rendering host config. Deployment : Done via Sitecore Azure Toolkit or ARM templates. Benefit : Keeps CM clean and lightweight. Sitecore CD (Content Delivery) Purpose : Serves layout data & APIs for JSS app. Configured with :...
Read more