connection errors

Not applicable

In order to troubleshoot any Apigee to external system connectivity issues (network error, SSL error, TCP connection reset etc.). Would system log policy be of any help ? If so what variables we should populate in log file which describes these errors in detail ?

Apigee edge properties and variables for service call out only give very generic error details in trace, so that doesn't help understanding root cause.

0 8 2,195
8 REPLIES 8

@Mayank Can you paste that error that you receive, also maybe a screen shot of the trace or an export of it? Typically, the trace would give your some additional errors about why the call is failing. The first thing I would do is attempt the send the request directly with Postman or curl and make sure that it works. Then I would configure the Service Callout to match the successful Postman/curl request.

What happens when you send the request via Postman?

Not applicable

Testing from postman to external server would not work in most cases where external (to APG) server is behind DMZ and firewall rules are configured between APG and external server.Here are errors;

error Execution of ServiceCallout failed. Reason: Connection refused error.cause Connection refused

Connection refused sounds like a port/firewall issue. Can you confirm that the target service is listening on the port? Can you ssh into the box and send a curl command directly to localhost to confirm the correct request payload, headers, query params, etc.? I'm assuming that this is a service that is under your control, meaning you can ssh into it.

Is there a firewall between the message processor and the target service that is denying the traffic? If the MP and target server are in the same subnet, then is the port open on the target server?

Not applicable

yes target is listening and running. Firewall holes are punched through.Well anyway question is to address bigger issue of what is better way to get more details about errors?

Connection refused

Connection timeout

kind of error message doesn't provide much detail about what is causing it. For ex. it can be cause by ;

DNS resolution error, LB TCP reset, SSL handshake failure, FW rules

there are workarounds like configuring ip address, instead url of external server, if you suspect DNS related issue but these are heat and trial methods and wastage of time.

You can try this link. It talks through how to turn on debugging on the MP, but be sure to turn it off. You can view the log files after that.

https://community.apigee.com/articles/1533/how-to-enable-debug-in-the-apigee-edge-router-and.html

Hi William,

We are facing similar issue and need your expertise. Can you please send your email address or contact number ?

Not applicable

thanks but that's for Apigee on premise set up . That wouldn't work for cloud customers.

@Mayank

Cloud customers don't have access to Apigee log files. If you want to get information about errors that occur within the API then you have to use the MessageLogging policy. But this policy is typically used with the FaultRules or in the PostClientFlow to send errors to your syslog server. The Message logging policy would not give you any additional information that you don't already have available in the trace session.

But this answer doesn't help you solve the error that you receiving.

I've listed some additional troubleshooting tips you could use to help debug errors in general.

The following error variables are available in the Error Flow.

http://docs.apigee.com/api-services/reference/variables-reference#errorvariables

You could use a JavaScript policy that that prints the flow variables in the trace window. The example below would just print the error status code, which is the same status code that is returned in the default error response from Apigee. All of these error variables should also be available from the trace window.

print(context.getVariable('error.status.code'));

You can view the JavaScript print statements by clicking the "Output from all Transactions" button at the bottom of the screen.

3433-screen-shot-2016-08-25-at-64555-pm.png

Additionally, you have the ability to export the trace sessions as XML. Click the "Download Trace Session". This is what I was requesting that you send to me so that I can review the results of the service callout and how it is configured.

3434-screen-shot-2016-08-25-at-64712-pm.png

I still think the connection refused error is indicating that the firewall is not open or the service is not listening on that port. I would double-check that the firewall is open.

Can you attach your service callout policy and the trace session or you could send it to me via email if you don't want to attach it here? Did you whitelist the Apigee IP address in your firewall? I think we need a lot more information on your current setup to resolve this.