Symptoms
Periodic task 'Synchronize resource usage for APS application instance...' fails with error like:
Could not get resource usage for resource with UUID '8c376e77-760e-4946-a81e-7bcabb59f4f0': Could not invoke endpoint url 'https://10.193.32.63:10443/azure/aps/tenants/8c376e77-760e-4946-a81e-7bcabb59f4f0' of application instance with UUID '926f9ec1-c086-46ea-8651-814c958f2d34'. Could not create HTTPS client for connect with endpoints. /usr/local/pem/APS/certificates/controller.pem using TLSv1
The following exception could be found in /var/log/pa/core.log
:
...
Caused by: java.nio.file.AccessDeniedException: /usr/local/pem/APS/certificates/controller.pem
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
...
Cause
Directory /usr/local/pem/APS/certificates
is not readable for group pemgroup
. Software-related issue POA-111350 was submitted.
Resolution
In order to check the issue do the following:
Check permissions on
/usr/local/pem/APS
directory:# ls -la /usr/local/pem/APS total 68 drwx------ 2 pemuser pemgroup 4096 авг 9 2016 certificates
Set correct permissions:
# chmod 750 /usr/local/pem/APS/certificates/