Upgrade authpoint gateway causes HTTP status code 401

Hi,

I upgraded one of my AuthPoint gateways yesterday from version 6.1.x to 7.0.1-534.
Afterwords the gateway would not authentocate with authpoint cloud and the service stopped.

2022-01-03 10:13:01 INFO [main] c.w.a.p.a.gateway.GatewayApplication - Starting GatewayApplication on SERVERNAME with PID 152 (C:\Program Files (x86)\WatchGuard\AuthPoint Gateway\gateway.jar started by SERVERNAME$ in C:\Program Files (x86)\WatchGuard\AuthPoint Gateway)
2022-01-03 10:13:01 INFO [main] c.w.a.p.a.gateway.GatewayApplication - The following profiles are active: windowsUpdate
2022-01-03 10:13:04 INFO [main] c.w.a.p.a.g.c.ApplicationPropertiesLoaderConfig - Loading the initial properties file from gateway.properties.
2022-01-03 10:13:04 INFO [main] c.w.a.p.a.g.c.ApplicationPropertiesLoaderConfig - Setting Tomcat spare threads to 100.
2022-01-03 10:13:04 INFO [main] c.w.a.p.a.g.s.k.s.JavaKeyStoreHelper - Reading the key store file.
2022-01-03 10:13:13 INFO [main] c.w.a.p.a.gateway.ApplicationStartup - Validating IOT properties.
2022-01-03 10:13:14 INFO [main] c.w.a.p.a.g.h.g.s.GatewayServiceHttpClient - Sending gateway agent settings to Gateway Service. Request-Id:RequestID
2022-01-03 10:13:15 INFO [main] c.w.a.p.a.gateway.GatewayApplication - Started GatewayApplication in 14.119 seconds (JVM running for 37.123) Request-Id:RequestID
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-98] c.w.a.p.a.g.a.a.c.AcknowledgeController - Acknowledge agent request received. AgentType ldap.
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-88] c.w.a.p.a.g.a.a.c.AcknowledgeController - Acknowledge agent request received. AgentType adfs.
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-88] c.w.a.p.a.g.a.a.s.AcknowledgeService - Checking if there is already another registered agent. Type: ADFS.
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-98] c.w.a.p.a.g.a.a.s.AcknowledgeService - Checking if there is already another registered agent. Type: LDAP.
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-88] c.w.a.p.a.g.h.a.s.AdfsAgentHttpClient - ADFS health check.
2022-01-03 10:13:17 INFO [https-jsse-nio-9000-exec-98] c.w.a.p.a.g.h.l.s.LdapAgentHttpClient - Sending LDAP health check.
2022-01-03 10:13:18 ERROR [https-jsse-nio-9000-exec-88] c.w.a.p.a.g.e.RestTemplateResponseErrorHandler - HTTP status code: 401.

I had the delete the gateway in the cloud interface and recreate it, then uninstall the Windows gateway and reinstall it with the new authentication key.

It would be nice, if we could regenerate the authentication key in the cloud and enter this on the gateway when this happens.

/Robert

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Robert,

    This generally should not happen -- if you're running into this type of issue, I'd suggest a support case.

    Generally, regenerating the key for an existing gateway shouldn't be needed, so we'd prefer to correct any issues that cause this to be needed rather than trying to make a workaround and then fix the issue.

    -James Carson
    WatchGuard Customer Support

  • @james.carson

    Thanks. I know, but i had limited time and duo to the way, i currently create support cases, i did not have time to wait for a conversation to start up.

    (If you need to know mere about my "special" case you can contact Adrian Lahovary @ Watchguard).

    /Robert

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @rv@kaufmann.dk
    I don't really need to contact Adrian, I'm simply trying to direct you to the team that can help you most quickly and effectively. You're welcome to post to either or both places if you wish.

    -James Carson
    WatchGuard Customer Support

  • Hi @james.carson

    It was just to explain that due to the fact we a customer where where are renting our devices, we cannot directly contact support, as we cannot create a support case as Watchguard support system cannot find our devices from the Cloud interface. So we are unable to proceed when trying to create a support case.

    So for now we have to write to costumer care and they have to forward the case to support. Not optimal, but until Watchguard changes this, this is the way, support cases are handled when renting devices.

    /Robert

Sign In to comment.