We are getting the 503 Service Unavailable Error when we make the API call to the backend server through Apigee Edge
HTTP/1.1 503 Service Unavailable Content-Type: application/json Date: Thu, 15 Jun 2017 14:33:15 GMT Server: Apigee Router Content-Length: 139 Connection: keep-alive {"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}
However, when we make the direct call to the backend server we get a successful response.
Can you please check why ?
Solved! Go to Solution.
1. Enabled the trace for the call made via Edge and found that the cause for 503 Error is that we get the handshake failure:
Received fatal alert: handshake_failure
2. When I ran the direct call to the backend server from the Message Processor, I got 200 successful response.
3. I ran the openssl command against the backend server and found the following information:
adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 CONNECTED(00000003) 70541:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593: adevegowda-macbookpro:~ adevegowda$
openssl command without server name, showed the handshake failure.
4. Ran the openssl command to the backends server with the servernameadevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 -servername <backendserver> CONNECTED(00000003) depth=1 /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain ...<snipped>I was able to get the server certificate information as shown above.
7. Enabled the SNI property jsse.enableSNIExtension to true on the MP
jsse.enableSNIExtension=true
With this, we were able to get the API calls working through Apigee Edge.
@AMAR DEVEGOWDA, Did you check if SNI is causing the issue? by default the SNI is disabled on the SB.
Best way to troubleshoot is to take a tcp dump.
Thanks for your suggestion.
1. Enabled the trace for the call made via Edge and found that the cause for 503 Error is that we get the handshake failure:
Received fatal alert: handshake_failure
2. When I ran the direct call to the backend server from the Message Processor, I got 200 successful response.
3. I ran the openssl command against the backend server and found the following information:
adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 CONNECTED(00000003) 70541:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593: adevegowda-macbookpro:~ adevegowda$
openssl command without server name, showed the handshake failure.
4. Ran the openssl command to the backends server with the servernameadevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 -servername <backendserver> CONNECTED(00000003) depth=1 /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain ...<snipped>I was able to get the server certificate information as shown above.
7. Enabled the SNI property jsse.enableSNIExtension to true on the MP
jsse.enableSNIExtension=true
With this, we were able to get the API calls working through Apigee Edge.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |