 
HTTP status 502: Bad Gateway
I'm getting "HTTP status 502: Bad Gateway" trying to connect to Aurion to either retrieve schema or data. It hasn't worked previously as this is a new solution.
While it sounds like a network error it does look like IdB can talk to Aurion - if I deliberately mis-spell the Query name I get this error: "Query xx was not found". When the Query name is correct I get the 502 error.
What else can I do to troubleshoot this? I tried enabling IdB trace logging and reproducing the error, but there's nothing in the trace at all - ie searching on the Aurion URI address or the error message gets no results, and I can't see any errors in the trace.
This is the full error from the IdB log file:
System.Net.WebException: The request failed with HTTP status 502: Bad Gateway.at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Unify.Communicators.AurionAPI.EV397_AURION_WSService.CALLFUNCTION3(String P_TOKEN, String P_FUNCTION, String P_DELIMITER, String P_WRAPPER, String P_PARAMETERS, String& P_OUTPUT, String& P_MESSAGE, Decimal& P_STATUS) at Unify.Communicators.AurionWSCommunicator.CallFunction(String function, IEnumerable`1 values) at Unify.Communicators.AurionAgent.QueryToXml(String queryId, String expectedObjectName) at Unify.Connectors.AurionApiReadingConnector.<GetAllEntities>d__5.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at Unify.Product.IdentityBroker.AuditReadingConnectorDecorator.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.EventNotifierReadingConnectorDecoratorBase`1.GetAllEntities(IStoredValueCollection storedValues, CancellationToken cancellationToken) at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.ImportAllChangeProcess() at Unify.Product.IdentityBroker.ChangeDetectionImportAllJob.RunBase() at Unify.Framework.DefinedScopeJobAuditTrailJobDecorator.Run() at Unify.Product.IdentityBroker.ConnectorJobExecutor.<>c__DisplayClass30_0.<Run>b__0() at Unify.Framework.AsynchronousJobExecutor.PerformJobCallback(Object state)",Normal
Answer
 
The only instance of this issue that I could find was at IDBAUR-18, could you please check that the proxy settings are correct for the environment?
What do you mean by IdB trace logging? Is that just regular .NET network trace? If not could you please try that?
Thanks.
 
The problem is on the Aurion side as I managed to get the schema from a different query. But if there's any help I can offer the Aurion people here as to what they've done wrong that would help.
So far one got the schema, and another two have failed with "Bad gateway". Got another two to test...
 
Person and Employee queries failed with "Bad Gateway". Schedule, Org Unit and Security user connectors all successfully retrieved the schema (though they then all failed on the Import with "The key <null> has been duplicated" - but that's another issue). So problem is definitely something to do with the queries themselves. I will escalate back to the Aurion people here.
 
Back looking at this again. The customer had a problem running reports locally in Aurion so I had to leave it while they sorted that out - they say that is now fixed, however it hasn't made any changes to IdB. For all my connectors I either get "key <null> has been duplicated" or "HTTP 502 Bad Gateway", exactly as before. They did increase the ASVTIMEOUT value from 300 to 3000 in the Tomcat web.xml file. What else can we try? They're on Aurion 11.21.
 
Create a query that returns only a single item (and that returns instantly in the query designer). That'll help us determine whether the volume of data is at fault (by using the reading connector to import the item). Perform either a .NET network trace or similar (e.g. Wireshark) to see the exact traffic making it to Identity Broker.
 
Thanks that's a good idea - assuming I can talk someone on the Aurion side into doing it. I've asked for soapUI to be put on the IdB server and I've got the Aurion API doc to follow - I'll see if I can get anything from that.
 
I have successfully exported the AFI_SECUSERS_XML report through SoapUI but IdB won't do it - error is "The key <null> has been duplicated". I originally had Person_Number as the key but changed to User_Id, as I can see there are some service accounts with no Person_Number. I still get the same error.
 
No - it contains user identifying information, cannot send out of the environment. Anything I should look for?
 
Please confirm that you have used the security user schema provider and not the query schema provider and that there is a schema mapping for the key field to the name of the field returned by the query. Failing that, please attach your connector configuration file.
 
I seem to have two issues going on here - I'm still getting HTTP 502 Bad Gateway on the Aurion Person report. I have successfully run the report through SoapUI so I don't think Aurion-side timeouts are the problem. I have set the timeout on the Aurion Agent in IdB to 1 hour, but I get this error back after 2 minutes.
 
Also on still getting 502 error on Aurion Employees report. The Security User and Org Unit reports work. The Schedules report does not return this error but there is also no data. I also cannot get the schema for Person and Employees. Both reports run fine through SoapUI, and only take a few minutes.
 
Now that you have shown it working outside of Aurion, please answer the question from the first comment:
The only instance of this issue that I could find was at IDBAUR-18, could you please check that the proxy settings are correct for the environment?
 
In addition to that, the following was done on the attached issue, however, I'm not sure if it's appropriate for your environment:
- Set URL to https://
- Set Authentication to NONE
- Set proxy to Unauthenticated proxy
 
I don't know what URL setting you mean - should this be on the Agent? I have:
Uri = Aurion uri
Security User = Aurion user
Password = Aurion password
Handle Certificate Errors = Default
Preauthenticate not selected
Use Default Timeout not selected
Timeout = 01:00:00
Credentials = None
 
- Is the uri over https?
- When testing using SoapUI, is it on the same box as Identity Broker?
- Are the proxy settings correct for the environment? You may need the client's network admin to assist with this.
 
Sorry the first No should have been a Yes - the traffic is over https. I can open the URI webpage without any cert errors.
 
Hey Carol - I recently had the "The key <null> has been duplicated" issue with my Aurion Security User connector.
It was an issue with the schema mapping not saving correctly to the IdB config XML file.  Give me a yell if you need to know more and I can show you in my lab.
 
Yes that was the issue I had with that particular error as well - Adam says there's a fix in the next version which will do something better with those mappings. The 502 error was due to the network connection being killed by something in between the two servers - so I actually had two separate issues on this thread, both now resolved.
 
Hi Carol,
It sounds like the same issue that I am facing now with a customer. When the IdB is pulling 1500 users in Aurion Person report, IDB is fine and no issues. But when 1000 more users were added, it is throwing a bad gateway error in ~2 mins.
Can you please elaborate the network connection fix? Thanks.
 
The below resolution appears to relate to timeout issues being triggered as a result of timeouts, due to larger amounts of data. If even small (instantly returning) data sets are failing, this will likely not have any impact.
Resolution:
There was a timeout set on IIS for 2 mins. But even after updating it, I still faced the same issue. So used the address location that is in the xml output of the WSDL.
<service name="EV397_AURION_WSService"> <port name="EV397_AURION_WS" binding="tns:EV397_AURION_WSBinding"> <soap:address location="http://AurionServerFQDN:8080/Production/servlet/services/EV397_AURION_WS"/> </port> </service>
The URI I used in IDB Aurion Agent: http://AurionServerFQDN:8080/Production/servlet/services/EV397_AURION_WS?wsdl
The address was originally entered without the port number. The implication being that the requests were being served differently, e.g. hosted by something other than IIS, or bypassing the configured setting.
Customer support service by UserEcho
 Questions
		
		
	
Questions 
	
 
                
Yes that was the issue I had with that particular error as well - Adam says there's a fix in the next version which will do something better with those mappings. The 502 error was due to the network connection being killed by something in between the two servers - so I actually had two separate issues on this thread, both now resolved.