call to external API is getting blocked on Google cloud compute engine - google-cloud-platform

I am trying to connect to an external API from .net.
It is working as expected from other machines.
But we are not getting any respond from the API call when trying from the server.
We have tried accessing the api url on the browser and it failed with the same no response error.
This is what we have done so far.
We have checked VPC firewall and tried some firewall rules ( Google Cloud firewall) and made sure that there is no blocking to this API.
We have checked Windows firewall and it is switched off now. We also made sure that there is no rules to block this API. However to test it further, we are now switched it off.
Checked that we are able to connect to other websites from the server.
Checked whether we can access the API from other machines. We are able to connect to the API successfully using the tokens from the server.
We have also installed Wireshark to analyze the incoming and outgoing packets from the server. From this analysis, we were able to find that there are network packets sending to this API and it is trying the retransmits the packets, but there is no acknowledgement packet received. This might be of the below two scenarios.
The acknowledgement packet sent from the API server lost in transition.
The data that we have sent from the server to the API lost in transition.
Contacted the API technical team and made sure that the IP is not getting blocked on their end.
Tried contacting Google Support but we have not received much help from them as ours are in "Bronze plan"
This was working without any issues from the server in the past. Not sure what is happening now.
Thank you in advance for all the helps.

Thank you Jeffrey and Patrick for your kind reply. As suggested by Patrick, I am adding here my comments as an answer to close this post. We were able to identify the issue from the wireshark analysis. It was the API provider who was blocking the IP. We have contacted them again with the results and they confirmed this. Thank you very much.

Related

Cannot communicate with ESXi through CIM (port 5989)

We have recently started experiencing problems with communication with our ESXi devices through CIM, TCP port 5989. At first we thought this was related to our remote monitoring and maintenance tool, N-central by SolarWinds N-able, however we now have reason to believe that this is not the case.
The reason for why I believe this is a Vmware is that I've attempted to reach one of the ESXi devices at 5989 by browsing to it with Internet Explorer. These attempts have all resulted in the HTTP error message 501/505 Not Implemented.
I have already attempted to browse to the page with HTTP 1.1 both enabled and disabled in Internet Explorer, no change. I've tried with and without compatibility view, no change. I've tried Google Chrome, I only get a blank page and when I check the response from the server Google Chrome just says "Failed to load response data."
Is anyone able to assist me in figuring out what is wrong, and fixing the error(s)? Please do let me know what information is required to best troubleshoot this issue.
I may misunderstood of your question;
the port 5989 descripted here in vmware website:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2039095
vcenter server should access the esxi host with this port(CIM XML transactions over HTTPS), the error code 501/505 means that the esxi host did not recognize your client(which you use browser try connected to).
if you can pretend the agent to be vcenter, I guess you can fix the problem.

Fiddler blocks some HTTPS connections like Dropbox

I work on a project which make ajax query to a webservice so I use fiddler to see JSON responses.
But I have encounter troubles using Fiddler. When I launch it on my laptop, Dropbox can't synchronize my files anymore but I can debug my ajax requests. The real problem is when I use Fiddler on my desktop computer, all my requests to my WebService are blocked. My WebService runs on localhost.
I don't understand how it works, can you help me?
Dropbox connections don't work because that application uses a feature called "Certificate Pinning" that reject's Fiddler's HTTPS interception certificate. Why this happens is discussed in the Fiddler book, but you can configure Fiddler not to decrypt dropbox.exe's connections which resolves the issue.
To avoid blocking DropBox App traffic while Fiddler is running, you can use Tools > Fiddler Options > HTTPS to either only decrypt Browser traffic or you can configure Fiddler not to decrypt traffic to *.dropbox.com.
The issue with your "WebService" is almost certainly completely unrelated. You need to be far more specific for anyone to help: What is the client? What is the service written in? What do you see in Fiddler when this happens?

POSTing to session-validate.jsp not playing with WSO2 ELB

I came across an issue using WSO2 Stratos 1.6.0 when trying to browse the registry. The browser just hangs when clicking on Resources > Browse. Having a look at the network traffic I see an HTTP POST request to /carbon/admin/jsp/session-validate.jsp that doesn't complete.
I then started debugging the org.apache.synapse.transport.passthru.ServerWorker (2.1.1-wsov1) in the WSO2ELB (2.0.2). I found that the code that writes the ACK to the response output stream is being skipped. This only appears to happen when POSTing to /carbon/admin/jsp/session-validate.jsp, when I hacked the /carbon/admin/js/main.js to perform a GET, everything worked fine.
So my question(s) being... is this a bug in main.js? is it a bug in ServerWorker in WSO2ELB? is there a special reason that the sessionAwareFunction in main.js uses POST as opposed to GET?
This is a bug in the transport ELB uses. Please use the latest release ELB http://wso2.com/products/elastic-load-balancer/

Duplicate Soap Requests

We are upgrading from 10.0 to 10.3.6. Our web app is running in a DMZ and uses .jar files created with clientgen to invoke JAX-RPC web service operations deployed on our internal network by going through an XML firewall. My problem is that the XML firewall is behaving as though the HTTP request to invoke the web service operation was sent twice, when as near as I can tell it was only sent once. I set the following properties to view the soap traffic:
-Dweblogic.wsee.verbose=*
-Dweblogic.log.RedirectStdoutToServerLogEnabled=true
Unfortunately I don't have access to the XML firewall but I have been able to get the log entires for my service endpoints. I can see that it reports receiving duplicate requests but for the life of me I don't know how this can be happening. This does not happen when the web service clients are running on version 10.0.
I've tried everything I can think of to troubleshoot this problem. I'm hoping somebody here can offer up some suggestions or perhaps tell me if this is a known issue.
You could use TCP Monitor to intercept the SOAP traffic between your server and the firewall.
This way you can tell if the requests are being sent twice or if there is some internal issue with the firewall.
Also, after you intercept the requests, you can use again TCP Monitor or SOAP UI to re-send the request to emulate the webserver and debug the firewall.

Fiddler - error when simulating modem speeds with Web Services

I have an application that pulls data from several web services.
The application is correctly using fiddler as a proxy for all these web service requests, and everything works as it should.
I would like to simulate the web services servers being slow, so I enabled "Simulate Modem Speeds" in fiddler (without modifying the default rules file). Now most of the responses I get back are:
ReadResponse() failed: The server did not return a response for this request.
If I disable the "Simulate Modem Speeds", everything works fine again.
Is there a way to get this to work, or a better way to simulate a web services response being slow?
Uh, it certainly sounds like your webservice is configured to timeout if it doesn't get a given request within a certain period of time, suggesting that the simulation has, in fact, turned up the sort of problem you'd want to be testing for.
If you want to adjust the "slowness", edit the Rules > Customize Rules file. Search for modem to see the latencies.