Azure API gateway image password reset and user reset is not working


Article ID: 207859


Updated On:


CA API Gateway


When running the Azure Api Gateway image it is not possible to reset the gateway user password or run the backup tools.

The WAagent in the  Azure image is not working properly. This is providing issues with everything in the 'Operations' section for example password reset.

Please see the error here below.

"statusMessage""{\"status\":\"Failed\",\"error\":{\"code\":\"ResourceOperationFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"VMExtensionHandlerNonTransientError\",\"message\":\"The handler for VM extension type 'Microsoft.OSTCExtensions.VMAccessForLinux' has reported terminal failure for VM extension 'enablevmaccess' with error message: '[ExtensionOperationError] Non-zero exit code: 126, /var/lib/waagent/Microsoft.OSTCExtensions.VMAccessForLinux-1.5.8/ -c ./  -i\\n[stdout]\\n\\n\\n[stderr]\\n/bin/sh: /var/lib/waagent/Microsoft.OSTCExtensions.VMAccessForLinux-1.5.8/ Permission denied\\n'.\\r\\n    \\r\\n'Install handler failed for the extension. More information on troubleshooting is available at'\"}]}}"



Release : 10.0

Component : API GATEWAY


The password reset and backup on Azure images does not work , because the WAagent can not run the extension it needs . 

The Azure WAagent install the  extension scripts in the /var filesystem ,this is mounted with noexec by default ,which prevents the scripts to be executed.

To resolve this you need to edit the /etc/fstab  and remove the noexec option from the /var mount.

/dev/mapper/vg00-lv_var /var                    ext3    rw,nosuid,nodev,noexec,auto,nouser,async,relatime,acl 1 2

After a reboot the /var filesystem is mounted now with execute rights and and the WAagent can be executed .

Applying a platform patch will revert back this change , this is resolved in any platform patch published after  January 2021.