Layer7 API Gateway: Rejected - No policy match for layer7

book

Article ID: 195940

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

When attempting to start the Gateway service it enters a WONT_START state. No entries will be found in the ssg logs however the process controller will show:

 

com.l7tech.server.processcontroller.ProcessController: default crashed on startup with exit code 127
com.l7tech.server.processcontroller.ProcessController: default crashed on startup; copying its output:
com.l7tech.server.processcontroller.ProcessController:         STDOUT: 
com.l7tech.server.processcontroller.ProcessController:         STDOUT: ### Rejected - No policy match for layer7.
com.l7tech.server.processcontroller.ProcessController:         STDOUT: ### This means layer7 is not allowed to run /opt/SecureSpan/Appliance/libexec/gateway_control pc run -J-Dcom.l7tech.server.home=/opt/SecureSpan/Gateway/node/default -J-Dcom.l7tech.server.processControllerPresent=true -J-Dcom.l7tech.server.processControllerCert=/opt/SecureSpan/Controller/var/run/pc.cer -J-Dcom.l7tech.server.processControllerIpAddress=::1 -J-Dcom.l7tech.server.processControllerPort=8765 -J-Djava.util.logging.config.class=com.l7tech.server.log.JdkLogConfig on gatewayserver.fqdn.
com.l7tech.server.processcontroller.ProcessController:         STDOUT: ### as gateway.  Please run 'pbrun mycommands' and 'pbrun mypolicy' for details on what
com.l7tech.server.processcontroller.ProcessController:         STDOUT: ### layer7 is allowed to run.
com.l7tech.server.processcontroller.ProcessController:         STDOUT: 
com.l7tech.server.processcontroller.ProcessController: default wouldn't start; restarting...

Environment

Release : 10.0

Component : API GATEWAY

Resolution

This occurs when using third-party software, such as Powerbroker, to manage the Gateway. Using Powerbroker is not an officially supported configuration and will need to be removed.

Please refer to our statement regarding Third-party software on the provided Gateway images.

https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=16296