Bot Framework 405 Method Not Allowed, 401 Unauthorized and 500, Internal Server Error getting started

This article has been moved to its new home here:

I have been working with the Bot Framework available from here. While I was testing it out I encountered 3 road blocks that I will share just to make it move along faster if you happen to encounter the same.  I followed these instructions which worked just fine.  The issue I faced were during the testing of the Bot via the Emulator.  I had 3 issues:

  • 405 MethodNotAloowed
  • 401 Unauthorized
  • 500 InternalServerError

405 MethodNotAllowed when testing a Bot from the Emulator

As shown in Figure 1, the response from my ‘Hi’ message was a 405.  The issue was on my side and was due to the configuration/setting I had for the Bot Url.


Figure 1, 405 Method Not Allowed using the Bot Framework Emulator

I wrote this article here where I had received a 405 when calling a WebAPI and thought immediately that ‘I got this’.  It actually turned out to be easier than that.

The issue was that the Bot Url was going to the root directory and in the root directory of the solution there is a default.htm file which cannot handle a POST.

The fix was to update the Bot Url to include /api/messages so that the request went to the controller instead of the default.htm file, as shown in Figure 2.


Figure 2, how to solve 405 using the Bot Emulator

As you can see, however, I then received a 401 Unauthorized response.

401 Unauthorized when testing a Bot from the Emulator

In the web.config for the Bot default solution, you will see some default settings for the MicrosoftAppId and MicrosoftAppPassword.  For testing on your localhost only, make sure there are no values in the text boxes for Microsoft App Id and Microsoft App Password, as illustrated in Figure 3.


Figure 3, app id and app password for a Bot

500 Internal Server Error when testing a Bot from the Emulator

Two things:

  • If you want to test your published Bot with the Emulator you need to configure NGROK as per these instructions
  • If you do not do that you will get this 500 error

Figure 4 shows the error you get when you try and use the Emulator without NGROK configured.


Figure 4, getting a 500 internal server error with my Bot

To troubleshoot this I enabled FREB tracing on my Azure App Service Web App and it immediately made sense to me…as shown in Figure 5, the response is being sent back to the localhost address on port 9000.


Figure 5, Bot exception 500

Using NGROK I was able to make the Emulator work, nothing too complicated there.

As I am writing a Skype Bot I simply added my Bot to my list of contacts and it also worked as expected.  This is really cool stuff.


Comments (3)
  1. Amer says:

    Thanks for this post. I’ve recently started working with the Bot framework and have run into a few roadblocks, and this post certainly helps with a few of them. I am, however, facing an issue, which is slightly unrelated to this post but the bot framework error discussions are a bit sparse on the internet right now, so, I’m seeking help here.
    I have a two fold issue. I’m working with the Simple Sandwich Order bot and when I first run it, I’m getting a 200 OK message in the Bot emulator and it’s not generating the FormFlow for the order as expected, now, this might be because of a firewall blocking the port but can you think of anything else that might be causing this. Second, after publishing the Bot on Azure, I get an ‘unauthorized’ message, when I test the bot in the Bot dashboard(after registering the bot). I have pretty much tried all the combinations of App ID and App Secret that I can, i.e., using the Microsoft App ID and the Bot handle for the App ID and using the App password and the Private key for the App Secret in Web.config. I’m also using HTTPS instead of HTTP for the endpoint URL and appending it with /api/messages. Would really appreciate if you have a workaround or advice for this issue.

  2. Marten Liebster says:

    I am getting a 401. What’s the difference between Figure 2 and Figure 3 in your samples? The textboxes appear to be blank in both snapshots.

    You wrote: ” For testing on your localhost only, make sure there are no values in the text boxes for Microsoft App Id and Microsoft App Password, as illustrated in Figure 3.”

    When I click the send, I am getting the “full” set of fields in the json, just as in Figure 2. (Figure 3 has less fields in the top fields)

    What am I missing?

    1. Marten Liebster says:

      Just for a hoot, I added in my ID and password in those 2 boxes, and got a 200.

Comments are closed.

Skip to main content