search cancel

Monthly Platform Patch upload shows : Runtime error (check configuration): Authentication Required

book

Article ID: 202886

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

I am getting an authentication error when trying to upload the monthly platform patch:

[[email protected] bin]# /opt/SecureSpan/Controller/bin/patch.sh  upload /home/ssgconfig//Layer7_API_PlatformUpdate_64bit_v9.X-CentOS-2020-10-21.L7P -v
Runtime error (check configuration): Authentication Required

-------------------------------

2020-11-02T04:50:04.302-0800 INFO    1 com.l7tech.server.processcontroller.patching.client.PatchCli: Using Patch Service API endpoint: https://localhost:8765/services/patchServiceApi
2020-11-02T04:50:05.170-0800 INFO    1 com.l7tech.server.processcontroller.patching.client.PatchCli: Running patch action: UPLOAD
2020-11-02T04:50:12.050-0800 WARNING 1 com.l7tech.server.processcontroller.patching.client.PatchCli: Runtime error (check configuration): Authentication Required

-------------------------------

Patch permissions are ok. What could be causing this?

I am seeing this only on one node in a 4 node cluster if that helps.

Environment

Release : 9.4

Component : API GATEWAY

Cause

 Customer did changes on /etc/hosts file for tests and remained there producing the error t

Resolution

from the log files there are many errors related to DNS,

2020-11-02T06:21:02.281-0800 WARNING 1 com.l7tech.server.processcontroller.q: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.soap.SOAPFaultException: Request denied for non-local address.

after you Removed the entry from /etc/hosts. "Probably some remanence from a test".

The DNS was re-stablished and the patch was able to upload.

Log Files Shows :
2020-11-02T08:24:59.520-0800 WARNING 1 com.l7tech.server.processcontroller.q: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.soap.SOAPFaultException: Request denied for non-local address.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:157)
at com.sun.proxy.$Proxy81.ping(Unknown Source)

Note :
Also, the Gateway service must be run all time when you install a patch, otherwise the patch routine cannot reach the pacthServiceAPI
and you will get " I/O Error: ConnectException invoking https://localhost:8765/services/patchServiceApi: Connection refused " .

You can easily reproduce this by :

# service ssg stop

# /opt/SecureSpan/Controller/bin/patch.sh list

** The probable root cause here is something you changed had an impact the patch list also and why you could then upload the patch successfully.

** If you bind the port to a specific IP, then connection to  localhost will be refused the port should listen to all interface (*) as showed on log files.