Is there a way to get more specific troubleshooting information when getting a 503 from a target?

It seems that it is becoming more common for us to receive a 503 with {“fault”:{“faultstring”:“The Service is temporarily unavailable”,“detail”:“errorcode”:“messaging.adaptors.http.flow.ServiceUnavailable”}}}. We find that this is usually related to TLS or SSL, target not supporting https, etc but we are unable to see the specific cause within a trace.

So far, we have depended on Apigee Support to help us get at the root cause whether it is a self-signed cert, misconfiguration on the target system or other. Is there any way that we can get more visibility into this? We are on Apigee in the Cloud and I know that we can’t get access to the logs. Is there any point in the flow where more data about the failure/timeout is available? It would definitely speed up investigation/resolution.

in many cases, no, there is not. The service may simply return a 503 saying “I can’t help you now”.

You can investigate the Trace UI to see if there is any additional information.

Also you can try connecting to the same target with a ServiceCallout (Same TLS configuration) to see if you get any additional information.

It would be nice for the Apigee runtime to emit more information in particular detailed information about TLS negotiation problems.