HttpAdaptorException - TARGET_REQ_FLOW

Not applicable

Hello,

We are getting this error right after the 'Target Request Flow Started' step. We checked the target service and it is up and running. Any ideas? Thanks!

error error.cause error.class Identifier state type
The Service is temporarily unavailableConnection refusedcom.apigee.messaging.adaptors.http.HttpAdaptorExceptionfaultTARGET_REQ_FLOWErrorPoint
1 5 2,113
5 REPLIES 5

sarthak
Participant V

I think because of some reason Apigee is not able to talk to the backend service. One of the most common reason we see for this is IP-whitelisting. I.e. if the backend service is whitelisted to receive requests from specific IPs only and the Apigee IPs are not in that list. Can you double check that ?

Not applicable

As @sarthak notes this is generally indicative of a connection issue. Possible causes:

  • The target is down.
  • The target server is saturated and unable to accept new requests.
  • The target server name is not resolving via DNS.
  • The ip address provided is not routable.
  • A firewall is denying connections to the target because of a whitelist violation.
  • Mutual client certification is required to connect to the host and is failing.

Many things to check...

Not applicable

Thanks for the feedback. To add some details, we are using Apigee 1504 OPDK.

We have validated all the scenarios you mentioned and all looks good. I searched the community and found some information related to SNI (Server Name Indication) but I don't believe that applies to us.

http://apigee.com/docs/api-services/content/about-...

The same proxy in non-prod installation when pointed to prod target backend works fine. So definitely not a target server or whitelisting/blocking issue. Also, we are using one-way SSL only.

sarthak
Participant V

Can you run a quick test ? SSH into the box and try to curl or wget the backend endpoint and make sure you can hit it from the MP node. Let us know what you find out

adas
Participant V
@LZ Dev

The error message is very generic, so unless you attach the message-processor logs it would be hard to give a definitive answer. I would request you to do the following:

- Change the log level to DEBUG, restart the message-processors and try the same call

- Collect the logs and attach them to this post

- Log into the message-processor server and run the openssl commands to verify the connection to your target server.

I think you would see the openssl commands would fail. In either case, please provide more details about the error and the log files for us to look into it further.