org:myorg env:myenv NIOThread@1 INFO MESSAGING.FLOW - SyncExecutionStrategy.execute() : SyncExecution failed unexpectedly with message : Access Denied for client ip : xx.xx.xx.xx

Not applicable

we just started sending a lot of traffic through a couple of systems that have been accidentally not handling traffic for a while and started seeing this message in the message-processor logs:

org:myorg env:myenv NIOThread@1 INFO MESSAGING.FLOW - SyncExecutionStrategy.execute() : SyncExecution failed unexpectedly with message : Access Denied for client ip : xx.xx.xx.xx

the ip address in question is not one of our other servers - so the message seems a bit bizarre to us.

Does anyone ahve a clue what this might be?

Solved Solved
0 3 430
1 ACCEPTED SOLUTION

@Benjamin Goldman

The Access Denied message is thrown because an Access Control Policy has been set up that allows only specific IPs (and denies the rest).

http://docs.apigee.com/api-services/reference/access-control-policy

While I understand that it is unlikely , Could you please check (just to be sure) if there are any processes on the server (backup of the load balancer) that are likely to be sending out requests ?

Also, if this is recurring, it may be worthwhile to set up tcpdump between the specific src and destination servers (i.e the backup load balancer and the message processor) to ascertain if there has been any request sent.

View solution in original post

3 REPLIES 3

Not applicable

Can you print debug logs ? may be that can provide more info @Benjamin Goldman

Unfortunately i cant. I could not take the risk that we were denying service to one of our premium sites.

I could use some information on what MIGHT be generating this kind of message though - as it seems very suspect to us:

1) the ip address is actually the address of the BACKUP inbound enterprise load balancer in our environment.

2) It makes almost no sense that we would be getting this error as part of a synch activity in the message processor - as the message processors sit next to eachother in the network and are not aware of the load balancer So this makes us think this is a mis-cast error which is related to some sort of provider flow right? And that isnt good!

@Benjamin Goldman

The Access Denied message is thrown because an Access Control Policy has been set up that allows only specific IPs (and denies the rest).

http://docs.apigee.com/api-services/reference/access-control-policy

While I understand that it is unlikely , Could you please check (just to be sure) if there are any processes on the server (backup of the load balancer) that are likely to be sending out requests ?

Also, if this is recurring, it may be worthwhile to set up tcpdump between the specific src and destination servers (i.e the backup load balancer and the message processor) to ascertain if there has been any request sent.