Getting 503 Service Unavailable Error

We are getting the 503 Service Unavailable Error when we make the API call to the backend server through Apigee Edge

HTTP/1.1 503 Service Unavailable
Content-Type: application/json
Date: Thu, 15 Jun 2017 14:33:15 GMT
Server: Apigee Router
Content-Length: 139
Connection: keep-alive


{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

However, when we make the direct call to the backend server we get a successful response.

Can you please check why ?

Solved Solved
0 3 4,298
1 ACCEPTED SOLUTION

1. Enabled the trace for the call made via Edge and found that the cause for 503 Error is that we get the handshake failure:

Received fatal alert: handshake_failure

2. When I ran the direct call to the backend server from the Message Processor, I got 200 successful response.

3. I ran the openssl command against the backend server and found the following information:

adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 CONNECTED(00000003) 70541:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593: adevegowda-macbookpro:~ adevegowda$

openssl command without server name, showed the handshake failure.

4. Ran the openssl command to the backends server with the servername

adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 -servername <backendserver>
CONNECTED(00000003)
depth=1 /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
...<snipped>
I was able to get the server certificate information as shown above.

5. This shows that your backend server was SNI enabled.

6. By default, on the MPs, SNI property is disabled. So, we were seeing this issue.

7. Enabled the SNI property jsse.enableSNIExtension to true on the MP

jsse.enableSNIExtension=true

With this, we were able to get the API calls working through Apigee Edge.

View solution in original post

3 REPLIES 3

Not applicable

@AMAR DEVEGOWDA, Did you check if SNI is causing the issue? by default the SNI is disabled on the SB.
Best way to troubleshoot is to take a tcp dump.

@Maruti Chand,

Thanks for your suggestion.

1. Enabled the trace for the call made via Edge and found that the cause for 503 Error is that we get the handshake failure:

Received fatal alert: handshake_failure

2. When I ran the direct call to the backend server from the Message Processor, I got 200 successful response.

3. I ran the openssl command against the backend server and found the following information:

adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 CONNECTED(00000003) 70541:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23_clnt.c:593: adevegowda-macbookpro:~ adevegowda$

openssl command without server name, showed the handshake failure.

4. Ran the openssl command to the backends server with the servername

adevegowda-macbookpro:~ adevegowda$ openssl s_client -connect <backendserver>:443 -servername <backendserver>
CONNECTED(00000003)
depth=1 /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
...<snipped>
I was able to get the server certificate information as shown above.

5. This shows that your backend server was SNI enabled.

6. By default, on the MPs, SNI property is disabled. So, we were seeing this issue.

7. Enabled the SNI property jsse.enableSNIExtension to true on the MP

jsse.enableSNIExtension=true

With this, we were able to get the API calls working through Apigee Edge.