Layer7 API Management

 View Only
Expand all | Collapse all

GMU Migration Issue-Connetion time out

  • 1.  GMU Migration Issue-Connetion time out

    Posted Jan 24, 2017 03:25 AM

    Hi,

     

    While i am trying to export the Policies, I encounter below error.

     

    ./GatewayMigrationUtility.sh migrateOut -z layer7.args  -all -d layer7.xml
    Warning: TLS hostname verification has been disabled
    Warning: TLS server certificate check has been disabled
    Running..........................................................................................................................................................................................................
    Execution failed. Reason: connect timed out

     

    Can you please let me know what i am doing wrong.

     

    Thanks,

    Ravi



  • 2.  Re: GMU Migration Issue-Connetion time out

    Broadcom Employee
    Posted Jan 24, 2017 11:21 AM

    Hi ravikiranbg,

     

    I would check that you are able to connect to the host as defined in your args file:

     

    curl -v https://<host>:<port> --insecure

     

    Regards,

    Joe



  • 3.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 25, 2017 01:32 AM

    Hi Joe,

     

    I get 500 Internal Server error while i do the same. Should i use ClientCertificare get into it? I am able to Login to the Policy manager and manually export or Import Policies though

     

    Thanks,

    Ravi



  • 4.  Re: GMU Migration Issue-Connetion time out

    Broadcom Employee
    Posted Jan 25, 2017 09:43 AM

    Hi Ravi,

     

    A 500 error is typical when hitting the root host. I should have asked for you to specify an endpoint, such as the below.

    The client certificate should not be an issue, we would return a 401 unauthorized error. Right now we just wanted to verify connectivity to the gateway from the system where the GMU is being run.

     

    curl -v https://<host>:<port>/restman/1.0/services --insecure

    or

    curl -v https://<host>:<port>/restman/1.0/services --insecure -u <uid>:<password>

     

    Regards,

    Joe



  • 5.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 28, 2017 08:47 AM

    Hi Joe,

     

    I have published the Restman, The Gateway is running on 7443 and Services on 8443. I did get a response when i ran curl on 8443 port and not 7443. When i tried running GMU on port 8443 i see the Below error.

     

     ./GatewayMigrationUtility.sh migrateOut -z layer7.args  -all -d layer7.xml
    Warning: TLS hostname verification has been disabled
    Warning: TLS server certificate check has been disabled
    Running...................................
    Execution failed. Reason: Internal Server Error. Detail: naming exception

     

    Thanks,

    Ravi



  • 6.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 28, 2017 09:02 AM

    Just to add to above comment, I have the CA gateway running on the Docker container. I am running the GMU utility from the Host machine.



  • 7.  Re: GMU Migration Issue-Connetion time out

    Broadcom Employee
    Posted Feb 06, 2017 06:56 PM

    Ravi,

     

    The form factor should not make a difference as it is a API call to the RESTMAN service. I would normal start by looking at the connection of the port such as firewall and routing rules as it shows a different response based on the different ports you use. Also I would look at the configuration of the port as 8443 by default does Client Authentication for SSL where your 7443 may not.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 8.  Re: GMU Migration Issue-Connetion time out

    Broadcom Employee
    Posted Jan 24, 2017 05:12 PM

    Hi Ravi

     

    Have you published the "Restman" service on your gateway?



  • 9.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 27, 2017 09:02 AM

    Here is a link to the documentation for publishing the RESTMAN service:

    Publish the REST Management Service



  • 10.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 28, 2017 08:55 AM

    Hi Aric,

     

    Yes i have the Restman service running.

     

    Thanks,

    Ravi



  • 11.  Re: GMU Migration Issue-Connetion time out

    Posted Feb 20, 2017 07:01 AM

    Got this Resolved, Was an AD authentication ISsue.



  • 12.  Re: GMU Migration Issue-Connetion time out

    Posted Jan 17, 2019 10:48 AM

    Thanks for the hint!


    Just to add a little more flesh... We had this error and it turned out to be issues with LDAP servers being out of service.

     

    GMU was spitting "Execution failed. Reason: Internal Server Error. Detail: naming exception"

     

    These are the entries from the log file 

     

    2019-01-17T15:37:32.608+0000 WARNING 510 com.l7tech.server.identity.ldap.LdapGroupManagerImpl: LDAP error, while building group
    2019-01-17T15:37:32.608+0000 WARNING 510 com.l7tech.external.assertions.gatewaymanagement.server.rest.exceptions.ExceptionMapper: Error processing management request: naming exception
    2019-01-17T15:37:32.608+0000 INFO 510 com.l7tech.external.assertions.gatewaymanagement.server.rest.exceptions.ExceptionMapper: Error processing management request:naming exception

     

    Going into the policy manager and using "Test" for our AD / LDAP integrations revealed that the gateway was having trouble reaching an LDAP server. Traffic could get from the gateway to the ldap server listed in it but not to another LDAP server that it was being referred to.

    It appears that in an AD setup, regardless of how many LDAP servers are list as being available (when the bind occurs) the Gateway will always pick the first one. We've seen this with other LDAP client implementations in the last few days too.