503 Service Unavailable Error while connecting to ...

praviningawale · 08-06-2020 06:18 AM

Getting 503 Service Unavailable error while connecting to Workday application.

We have imported all the required certificates in APIGEE. Is there something we are missing here

dchiesa1

YES! You are missing something.

As for just what you are missing, it is hard to say with the information you are providing.

I don't know Workday, I don't know the behavior of Workday when incorrect messages are sent to its endpoint. You mentioned certificates. I don't know if Workday requires 2-way TLS

It's possible you think you have configured the TLS correctly, but have not. To determine that, I suggest you start by using Apigee trace to see if it indicates a handshake error with the Workday endpoint.

It's possible it's not related to TLS, and it's something else. It's possible you mis-spelled the domain name in the URL for the target endpoint.

But we can't tell, with the information you've provided.

praviningawale

{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

error	The Service is temporarily unavailable
type	ErrorPoint
state	TARGET_REQ_FLOW
error.class	com.apigee.errors.http.server.ServiceUnavailableException
error.cause	Connection reset by peer
Identifier	fault

dchiesa1

"Connection reset by peer" generally means the remote endpoint ("peer") is rejecting the connection, for some reason. Maybe the remote end is too busy. Maybe the Workday system is rejecting the IP address of the caller (Apigee's IP Address) because of past rate limit violations. Maybe there's a failure to negotiate a TLS handshake.

We cannot tell from the information provided. This error is a TCP error; it's not transmitted at the HTTP level. If the problem was the app sent an incorrect, invalid, or Expired token, then the peer (Workday) would send back a valid HTTP response with a 4xx status code saying "invalid token" (or expired, etc). But that's not what is happening here.

I think ... if you have Apigee OPDK, then you should look in the logs for the MP to get additional information. If you use Apigee SaaS, you can ask Apigee support for assistance debugging.

But before doing that, I would double-check the requirements to connect to Workday. Have you verified that you have the certificates correct? The truststore correct? Do you need to add IP addresses to an allowlist? Etc Etc. Double check.

And check your assumptions. The request may not be reaching Workday at all. Maybe trying the manual Curl command (as suggested elsewhere) if you are using OPDK. It may be an internal networking problem - the TCP Reset may be coming from inside your own network.

Report Inappropriate Content

you just restart the rmps once and test again. Work with your network team to know the connection issue.

praviningawale

error	The Service is temporarily unavailable
type	ErrorPoint
state	TARGET_REQ_FLOW
error.class	com.apigee.errors.http.server.ServiceUnavailableException
error.cause	Connection reset by peer
Identifier	fault

{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

{"fault":{"faultstring":"The Service is temporarily unavailable","detail":{"errorcode":"messaging.adaptors.http.flow.ServiceUnavailable"}}}

I have attached the trace error.

Report Inappropriate Content

try adding the certificate information in the TargetConnection configuration. Its not able to connect to the backend.

Report Inappropriate Content

check also curl from the message processor to backend url. Once you are able to get the responwse from there, the same you can impelent in teh proxy.

503 Service Unavailable Error while connecting to Workday (Cloud Application)