Topic
  • 21 replies
  • Latest Post - ‏2014-09-26T18:44:37Z by Asim80
SystemAdmin
SystemAdmin
6772 Posts

Pinned topic Datapower url-open Statuscode 7

‏2012-11-13T23:32:21Z |
i am trying to open a MPG with the followinf XSL, but, I am getting above error. Any thoughts!!

I have front handler running on port 4445 and backend is defined as MQ Queue with Queue.

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:dp="http://www.datapower.com/extensions"
xmlns:dpconfig="http://www.datapower.com/param/config" extension-element-prefixes="dp"
exclude-result-prefixes="dp dpconfig" version="1.0">
<xsl:template match="/">
<xsl:variable name="properties" select="document('local:///ConfigFiles/IdentityDocument.xml')" />
<dp:set-variable name="'var://system/Env/Props'" value="$properties" />
<xsl:variable name="Request_Xml_Ctx" select="." />
<dp:set-variable name="'var://context/Request/Request_Xml_Ctx'" value="$Request_Xml_Ctx" />

<!-- xsl:variable name="ip" select ="data/value"/ -->
<xsl:variable name="ip" select="$properties/environment/endPoints/MQServices/ip"/>
<xsl:variable name="port" select="4445" />
<xsl:variable name="uri" select="/MQFSHPUT" />
<xsl:variable name="MDMMpgMQPutTarget" select="concat('https://',$ip,':',$port,$uri)"/>

<dp:set-variable name="'var://service/mpgw/skip-backside'" value="1"/>
<!-- Invoking UIUtilityMPG service for putting message into MQ-->
<xsl:variable name="MDMMQputResponse">
<dp:url-open target="{$MDMMpgMQPutTarget}" response="responsecode-ignore">
<xsl:copy-of select="."/>
</dp:url-open>
</xsl:variable>
<xsl:choose>
<xsl:when test="$MDMMQputResponse/url-open/responsecode='200'">
<xsl:if test="$MDMMQputResponse/url-open/headers/header='OK OK'">
<dp:accept/>
</xsl:if>
<xsl:if test="$MDMMQputResponse/url-open/headers/header!='OK OK'">
<dp:set-variable name="'var://context/Error/Message'" value="'Connection Error'" />
<dp:set-variable name="'var://context/Error/Detail'" value="'Error in putting CCResponse into MQ'" />
<dp:reject/>
</xsl:if>
</xsl:when>

<xsl:when test="$MDMMQputResponse/url-open/responsecode!='200'">
<dp:set-variable name="'var://context/Error/Message'" value="'Connection Error'" />
<dp:set-variable name="'var://context/Error/Detail'" value="'Error in putting CCResponse into MQ'" />
<dp:reject/>
</xsl:when>

<xsl:when test="not($MDMMQputResponse/url-open/responsecode)">
<xsl:variable name="error-code" select="string($MDMMQputResponse/url-open/statuscode)" />
<dp:set-variable name="'var://context/Error/Error-code'" value="$error-code" />

<xsl:variable name="Message" select="string($MDMMQputResponse/url-open/errorstring)" />
<dp:set-variable name="'var://context/Error/Message'" value="$Message" />
<dp:reject/>

</xsl:when>

</xsl:choose>

</xsl:template>
</xsl:stylesheet>
Updated on 2012-11-14T23:04:17Z at 2012-11-14T23:04:17Z by SystemAdmin
  • HermannSW
    HermannSW
    4903 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T09:06:54Z  
    Can you log and let us know the value of "{$MDMMpgMQPutTarget}"?
    What is the exact error message you see in the log?

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T15:55:05Z  
    • HermannSW
    • ‏2012-11-14T09:06:54Z
    Can you log and let us know the value of "{$MDMMpgMQPutTarget}"?
    What is the exact error message you see in the log?

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    I am dexpectting following statement to translate as:
    xsl:variable name="MDMMpgMQPutTarget" select="concat('https://',$ip,':',$port,$uri)" />
    as https://10.5.10.3:4445/MQFSHPUT

    1 url-open https://uiqat2datapower.uinet.com:4445/ (show nodeset) response-code-ignore (show nodeset) Cannot create connection

    Response is

    <url-open>
    <statuscode>7</statuscode>
    <errorstring>Cannot create connection</errorstring>
    </url-open>

    Host Alias is definned as:
    Host Name IP Address Type
    uiesbdp.com 10.5.10.3 Host Alias
    uiqat2datapower.uinet.com 10.5.10.3 Host Alias
    Following are the log erorrs:
    10:51:22 network error 424129 error 10.5.10.3 0x80e0003e wsgw (MDMPRTIWSP): url-open: Cannot create connection to 'https://10.5.10.3:4445/'
    10:51:22 network error 424129 10.5.10.3 0x80e0005a Cannot establish SSL credentials (credential is NULL), URL: 'https://10.5.10.3:4445/'.
    10:51:22 network warn 424129 10.5.10.3 0x80e00058 SSL connection to 'https://10.5.10.3:4445/' failed, unable to get SSL Proxy Profile ''
  • kenhygh
    kenhygh
    1620 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T16:41:05Z  
    I am dexpectting following statement to translate as:
    xsl:variable name="MDMMpgMQPutTarget" select="concat('https://',$ip,':',$port,$uri)" />
    as https://10.5.10.3:4445/MQFSHPUT

    1 url-open https://uiqat2datapower.uinet.com:4445/ (show nodeset) response-code-ignore (show nodeset) Cannot create connection

    Response is

    <url-open>
    <statuscode>7</statuscode>
    <errorstring>Cannot create connection</errorstring>
    </url-open>

    Host Alias is definned as:
    Host Name IP Address Type
    uiesbdp.com 10.5.10.3 Host Alias
    uiqat2datapower.uinet.com 10.5.10.3 Host Alias
    Following are the log erorrs:
    10:51:22 network error 424129 error 10.5.10.3 0x80e0003e wsgw (MDMPRTIWSP): url-open: Cannot create connection to 'https://10.5.10.3:4445/'
    10:51:22 network error 424129 10.5.10.3 0x80e0005a Cannot establish SSL credentials (credential is NULL), URL: 'https://10.5.10.3:4445/'.
    10:51:22 network warn 424129 10.5.10.3 0x80e00058 SSL connection to 'https://10.5.10.3:4445/' failed, unable to get SSL Proxy Profile ''
    Why would you try to open a connection to MQ with an https:// url?

    Check the documentation for url-open.

    Ken
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T17:49:53Z  
    • kenhygh
    • ‏2012-11-14T16:41:05Z
    Why would you try to open a connection to MQ with an https:// url?

    Check the documentation for url-open.

    Ken
    I can open MPG directly and successfully put a message on it. But, not from url-open.
  • HermannSW
    HermannSW
    4903 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T19:48:49Z  
    I can open MPG directly and successfully put a message on it. But, not from url-open.
    Hi,

    as Ken said, you need to use MQ URLs for accessing MQ (you cannot use "https:" URLs for that), see InfoCenter help:
    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fextensionfunctions39.htm

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Datapower url-open Statuscode 7

    ‏2012-11-14T23:04:17Z  
    • HermannSW
    • ‏2012-11-14T19:48:49Z
    Hi,

    as Ken said, you need to use MQ URLs for accessing MQ (you cannot use "https:" URLs for that), see InfoCenter help:
    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fextensionfunctions39.htm

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    Thanks guys, I was able to put message on the queue by using as:

    dpmq://UIQM1/?RequestQueue=adtest

    This is a better way, now I don't have to write WMPG rule.

    But, I will be back again, since I am rockie in XSL and Datapower.
  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T16:13:21Z  
    • HermannSW
    • ‏2012-11-14T09:06:54Z
    Can you log and let us know the value of "{$MDMMpgMQPutTarget}"?
    What is the exact error message you see in the log?

     
    Hermann<myXsltBlog/> <myXsltTweets/>

    I get a similar response when I make a soma call. What am I possibly doing wrong here? Do I need to enable anything in particular on xml management interface to be called from within xslt. Or anything wrong with my xsl code? Thanks 

    Request

    <dp:url-open target="https://127.0.0.1:5550/service/mgmt/current" response="responsecode">
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Body>
    <dp:request xmlns:dp="http://www.datapower.com/schemas/management">
    <dp:get-status class="CPUUsage"/>
    </dp:request>
    </env:Body>
    </env:Envelope>
    </dp:url-open>
    Response
    <url-open>
       <statuscode>7</statuscode>
       <errorstring>Cannot create connection</errorstring>
    </url-open>

    Error in Logs:  url-open: Cannot create connection to 'https://127.0.0.1:5550/service/mgmt/current'

     

  • kenhygh
    kenhygh
    1620 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T16:34:47Z  
    • Asim80
    • ‏2014-09-25T16:13:21Z

    I get a similar response when I make a soma call. What am I possibly doing wrong here? Do I need to enable anything in particular on xml management interface to be called from within xslt. Or anything wrong with my xsl code? Thanks 

    Request

    <dp:url-open target="https://127.0.0.1:5550/service/mgmt/current" response="responsecode">
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Body>
    <dp:request xmlns:dp="http://www.datapower.com/schemas/management">
    <dp:get-status class="CPUUsage"/>
    </dp:request>
    </env:Body>
    </env:Envelope>
    </dp:url-open>
    Response
    <url-open>
       <statuscode>7</statuscode>
       <errorstring>Cannot create connection</errorstring>
    </url-open>

    Error in Logs:  url-open: Cannot create connection to 'https://127.0.0.1:5550/service/mgmt/current'

     

    It's an HTTPS url. You'll need an ssl proxy.

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T17:07:27Z  
    • kenhygh
    • ‏2014-09-25T16:34:47Z

    It's an HTTPS url. You'll need an ssl proxy.

    I have setup xml manager where I have added the ssl proxy now (forward direction). And I have got the cert for the ssl proxy from the broswer using the xml management interface url (https://myIp:5550/service/mgmt/current). Now I get the below error. Also, not I am using admin user/pw for authentication in xml manager as well. 

    <url-open>
       <statuscode>5</statuscode>
       <errorstring>Remote error on URL</errorstring>
    </url-open>
  • kenhygh
    kenhygh
    1620 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T17:33:24Z  
    • Asim80
    • ‏2014-09-25T17:07:27Z

    I have setup xml manager where I have added the ssl proxy now (forward direction). And I have got the cert for the ssl proxy from the broswer using the xml management interface url (https://myIp:5550/service/mgmt/current). Now I get the below error. Also, not I am using admin user/pw for authentication in xml manager as well. 

    <url-open>
       <statuscode>5</statuscode>
       <errorstring>Remote error on URL</errorstring>
    </url-open>

    you'll need the basic auth header for the xml management interface, just like you thought :-)

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T17:55:19Z  
    • kenhygh
    • ‏2014-09-25T17:33:24Z

    you'll need the basic auth header for the xml management interface, just like you thought :-)

    You mean to setup 'Basic-Auth Policy'? That is already setup. Additional Info from logs:

    SSL connection failed

    valcred (DeviceBackup_ValCreds)SSL Proxy Profile 'DeviceBackup_ProxyProfile': connection error: peer did not send a certificate

    TCP connection attempt refused from 127.0.0.1 to 127.0.0.1 port 5550

     

  • kenhygh
    kenhygh
    1620 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T18:25:48Z  
    • Asim80
    • ‏2014-09-25T17:55:19Z

    that sounds like you changed the url-open() to http.

    can you post your code again?

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T18:31:58Z  
    • kenhygh
    • ‏2014-09-25T18:25:48Z

    that sounds like you changed the url-open() to http.

    can you post your code again?

    xsl file of my dp service  below (ssl proxy profile and basic auth user/pw is configured in xml management  interface):

    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" xmlns:mgmt="http://www.datapower.com/schemas/management" extension-element-prefixes="dp" xmlns:date="http://exslt.org/dates-and-times">
     <xsl:output method="xml"/>
     <xsl:template match="/">
     
      <dp:url-open target="https://127.0.0.1:5550/service/mgmt/current" response="responsecode">
       <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Body>
    <dp:request xmlns:dp="http://www.datapower.com/schemas/management">
    <dp:get-status class="CPUUsage"/>
    </dp:request>
    </env:Body>
       </env:Envelope>
      </dp:url-open>
     
     <xsl:message dp:type="backup" dp:priority="alert">Backup Passed</xsl:message>
        
     </xsl:template>
    </xsl:stylesheet>

     

  • HermannSW
    HermannSW
    4903 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T18:56:10Z  
    • Asim80
    • ‏2014-09-25T18:31:58Z

    xsl file of my dp service  below (ssl proxy profile and basic auth user/pw is configured in xml management  interface):

    <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dp="http://www.datapower.com/extensions" xmlns:mgmt="http://www.datapower.com/schemas/management" extension-element-prefixes="dp" xmlns:date="http://exslt.org/dates-and-times">
     <xsl:output method="xml"/>
     <xsl:template match="/">
     
      <dp:url-open target="https://127.0.0.1:5550/service/mgmt/current" response="responsecode">
       <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Body>
    <dp:request xmlns:dp="http://www.datapower.com/schemas/management">
    <dp:get-status class="CPUUsage"/>
    </dp:request>
    </env:Body>
       </env:Envelope>
      </dp:url-open>
     
     <xsl:message dp:type="backup" dp:priority="alert">Backup Passed</xsl:message>
        
     </xsl:template>
    </xsl:stylesheet>

     

    Your <dp:url-open> misses the @ssl-proxy entry needed, see InfoCenter:
    http://pic.dhe.ibm.com/infocenter/wsdatap/v5r0m0/index.jsp?topic=%2Fcom.ibm.dp.xi.doc%2Fextensionfunctions35.htm

    You can do similar by dp:soap-call() as well, see this blog posting:
    https://www.ibm.com/developerworks/community/blogs/HermannSW/entry/accessing_xml_management_interface_from_within_a_stylesheet38


    Hermann <myBlog/> <myTweets/> | <GraphvizFiddle/> | <xqib/> | <myCE/> <myFrameless/> | 
     

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-25T21:04:07Z  
    • HermannSW
    • ‏2014-09-25T18:56:10Z

    Hermann - I tried using your xslt, used the default xml manager this time. I have an ssl proxy setup on the domain that I used. Also do I use the pw in this line of code? <xsl:variable name="pwd64" select="dp:encode('myUser,'myPw)"/>. Log error below please:

    xmlfirewall (DeviceBackup_XMLFW): soap-call: Error parsing reply, Could not open URL 'https://127.0.0.1:5550/service/mgmt/current'
    xmlfirewall (DeviceBackup_XMLFW): Error occurred (port error) when connecting to URL 'https://127.0.0.1:5550/service/mgmt/current'
    xmlmgr (DeviceBackup_XMLMGR): cannot connect to host '127.0.0.1:5550': returning error
    SSL connection failed
    valcred (DeviceBackup_ValCreds): SSL Proxy Profile 'DeviceBackup_ProxyProfile': connection error: peer did not send a certificate
    TCP connection attempt refused from 127.0.0.1 to 127.0.0.1 port 5550
  • HermannSW
    HermannSW
    4903 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T08:10:29Z  
    • Asim80
    • ‏2014-09-25T21:04:07Z

    Hermann - I tried using your xslt, used the default xml manager this time. I have an ssl proxy setup on the domain that I used. Also do I use the pw in this line of code? <xsl:variable name="pwd64" select="dp:encode('myUser,'myPw)"/>. Log error below please:

    xmlfirewall (DeviceBackup_XMLFW): soap-call: Error parsing reply, Could not open URL 'https://127.0.0.1:5550/service/mgmt/current'
    xmlfirewall (DeviceBackup_XMLFW): Error occurred (port error) when connecting to URL 'https://127.0.0.1:5550/service/mgmt/current'
    xmlmgr (DeviceBackup_XMLMGR): cannot connect to host '127.0.0.1:5550': returning error
    SSL connection failed
    valcred (DeviceBackup_ValCreds): SSL Proxy Profile 'DeviceBackup_ProxyProfile': connection error: peer did not send a certificate
    TCP connection attempt refused from 127.0.0.1 to 127.0.0.1 port 5550

    Did you enable "Objects-->Device Management-->XML Management Interface"?

    Can you send SOMA request from outside of DataPower successfully?


    Hermann.

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T14:12:48Z  
    • HermannSW
    • ‏2014-09-26T08:10:29Z

    Did you enable "Objects-->Device Management-->XML Management Interface"?

    Can you send SOMA request from outside of DataPower successfully?


    Hermann.

    Yes Hermann, its enabled and I can send soma calls from soapUI. Thanks 

  • HermannSW
    HermannSW
    4903 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T14:33:59Z  
    • Asim80
    • ‏2014-09-26T14:12:48Z

    Yes Hermann, its enabled and I can send soma calls from soapUI. Thanks 

    Good, then you need to change "127.0.0.1" to the interface XML Management Serice is configured on for the url-open URL -- I did the sloppy "0" as IP address allowing external as well as internal access.


    Hermann.

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T15:26:16Z  
    • HermannSW
    • ‏2014-09-26T14:33:59Z

    Good, then you need to change "127.0.0.1" to the interface XML Management Serice is configured on for the url-open URL -- I did the sloppy "0" as IP address allowing external as well as internal access.


    Hermann.

    I changed the destination ip to the xml management interface. Also on the xml management interface I added 127.0.0.1 to the entry list which means to accept requests from that ip (not sure if this step was needed or not given the request is coming from with in device, normally I have to add entry for external clients sending requests to xml interface). A bit diff error in the logs. I attached the xslt code file I am using, can you please validate that if that is not the cause?

        <xsl:variable name="result"
                      select="dp:soap-call('https://10.xx.xx.xx:5550/service/mgmt/current',
                                           $FirmwareVersion/*,
                                           'DeviceBackup_ProxyProfile',
                                           0,
                                           '',
                                           $httpHeaders/*
                                          )"
        />
    valcred (DeviceBackup_ValCreds): SSL Proxy Profile 'DeviceBackup_ProxyProfile': connection error: peer did not send a certificate
    xmlfirewall (DeviceBackup_XMLFW): soap-call: Error parsing reply, Could not open URL 'https://10.254.213.7:5550/service/mgmt/current'
    xmlfirewall (DeviceBackup_XMLFW): Error occurred when connecting to URL 'https://10.254.213.7:5550/service/mgmt/current'

    Attachments

  • kenhygh
    kenhygh
    1620 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T16:20:34Z  
    • Asim80
    • ‏2014-09-26T15:26:16Z

    I changed the destination ip to the xml management interface. Also on the xml management interface I added 127.0.0.1 to the entry list which means to accept requests from that ip (not sure if this step was needed or not given the request is coming from with in device, normally I have to add entry for external clients sending requests to xml interface). A bit diff error in the logs. I attached the xslt code file I am using, can you please validate that if that is not the cause?

        <xsl:variable name="result"
                      select="dp:soap-call('https://10.xx.xx.xx:5550/service/mgmt/current',
                                           $FirmwareVersion/*,
                                           'DeviceBackup_ProxyProfile',
                                           0,
                                           '',
                                           $httpHeaders/*
                                          )"
        />
    valcred (DeviceBackup_ValCreds): SSL Proxy Profile 'DeviceBackup_ProxyProfile': connection error: peer did not send a certificate
    xmlfirewall (DeviceBackup_XMLFW): soap-call: Error parsing reply, Could not open URL 'https://10.254.213.7:5550/service/mgmt/current'
    xmlfirewall (DeviceBackup_XMLFW): Error occurred when connecting to URL 'https://10.254.213.7:5550/service/mgmt/current'

    So what is MyIP, and what did you configure the XML Management Interface to listen to? they have to be the same - or the XML Management Interface can listen to 0.0.0.0 (bad practice) to make sure it works, and then lock it down.

  • Asim80
    Asim80
    19 Posts

    Re: Datapower url-open Statuscode 7

    ‏2014-09-26T18:44:37Z  
    • kenhygh
    • ‏2014-09-26T16:20:34Z

    So what is MyIP, and what did you configure the XML Management Interface to listen to? they have to be the same - or the XML Management Interface can listen to 0.0.0.0 (bad practice) to make sure it works, and then lock it down.

    Sweet :). It worked. I had to add the xml management interface ip to the list of ips on xml interface. 

    MyIP is the xml management interface ip (I just marked it in the attachment). Thanks for your everyone everyone.