UserRegistry Attempted to authenticate invalid use

I followed https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+2.0.0

and

http://wso2.com/library/articles/2016/10/article-scalable-traffic-manager-deployment-patterns-for-wso2-api-manager-part-1/

referenced in the above document. I am using Postgress and not MySQL, but I know the JDBC connector works, both in this config and running the wso2am server in a single instance mode.

I get the error mentioned in the subject. I start the keymanager, then traffic manager with ./wso2server.sh -Dprofile=traffic-manager then get exception saying indexing fails on the traffic manager and the invalid user error on the keymanager. This says to me the traffic manager does connect to the keymanager registry (or tries to) so ports are open etc. I have also checked this by connecting to the endpoint with my browser and using telnet to the port.

I cannot find any reference to the user used to connect to a registry in any documentation or in the registry, carbon or axis config files. Or am I missing something?

Regards Andre

My changes to registry.xml

<currentDBConfig>wso2registry</currentDBConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>

<dbConfig name="wso2registry">
    <dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>

<remoteInstance url="https://api-keymanager-1:9443/registry">
  <id>InstanceId</id>
  <cacheId>jdbc:postgresql://api-db-1:5432/WSO2_CARBON_DB</cacheId>
  <dbConfig>wso2registry</dbConfig>
  <readOnly>false</readOnly>
  <enableCache>true</enableCache>
  <registryRoot>/</registryRoot>
  <username>wso2am</username>
  <password>wso2am</password>
  <driverClassName>org.postgresql.Driver</driverClassName>
</remoteInstance>

<mount path="/_system/config" overwrite="true">
  <instanceId>InstanceId</instanceId>
  <targetPath>/_system/config</targetPath>
</mount>

<mount path="/_system/governance" overwrite="true">
  <instanceId>InstanceId</instanceId>
  <targetPath>/_system/governance</targetPath>
</mount>

I use WSO2_CARBON_DB as registry DB and I intend to use a CustomUserDB. If I comment out the mount portion I have no issues. If I put it in, I have invalid user error as described above.

I can add that I am running api-keymanager-1 host as keymanager and this config is on api-trafficmanager-1 host on which I start with ./wso2server.sh -Dprofile=traffic-manager

I have one question on all of this InstanceId is not defined anywhere on api-keymanager-1 in any config, this is not mentioned anywhere in documentation, unless I missed something? Is this relevant?

You appear to have two issues. First, re-index your Solr indexing by stopping your service, backing up and deleting the /APIM/solr directory, and restarting your service. This should resolve the indexing issue.

Next, your registry configuration is not quite right. We had a similar issue when configuring remote registry mounting in APIM 1.10.0. You need two dbconfig nodes in your registry.xml definition, and your remote instance should point to the remote governance registry dbconfig:

<currentDBConfig>wso2registry</currentDBConfig>
...
<dbConfig name="wso2registry">
     <dataSource>jdbc/WSO2CarbonDB</dataSource> <!-- this is the local h2 db -->
</dbConfig>
<dbConfig name="govregistry">
     <dataSource>your-remote-dbsource</dataSource> <!-- this is the remote db -->
</dbConfig>

<remoteInstance url="remote-endpoint-here">
    <id>InstanceId</id>
    <dbConfig>govregistry</dbConfig>
    ...
</remoteInstance>

<mount path="/_system/governance" overwrite="true">
    <instanceId>InstanceId</instanceId>
    <targetPath>/_system/governance</targetPath>
</mount>

WSO2 has not properly explained to me why a local Carbon db is required to achieve a remote registry setup, but this is how we've configured our registry and it works in a distributed deployment of both 1.10.0 and 2.0.