CloudBlue Technical Support

Symptoms

Periodic task 'Synchronize resource usage for APS application instance...' fails with error like:

    Could not get resource usage for resource with UUID '8c376e77-760e-4946-a81e-7bcabb59f4f0': Could not invoke endpoint url 'https://10.193.32.63:10443/azure/aps/tenants/8c376e77-760e-4946-a81e-7bcabb59f4f0' of application instance with UUID '926f9ec1-c086-46ea-8651-814c958f2d34'. Could not create HTTPS client for connect with endpoints. /usr/local/pem/APS/certificates/controller.pem using TLSv1

The following exception could be found in /var/log/pa/core.log:

    ...
    Caused by: java.nio.file.AccessDeniedException: /usr/local/pem/APS/certificates/controller.pem
            at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
            at java.nio.file.Files.newByteChannel(Files.java:361)
            at java.nio.file.Files.newByteChannel(Files.java:407)
    ...

Cause

Directory /usr/local/pem/APS/certificates is not readable for group pemgroup. Software-related issue POA-111350 was submitted.

Resolution

In order to check the issue do the following:

1. Check permissions on /usr/local/pem/APS directory:

   # ls -la /usr/local/pem/APS
   total 68
   drwx------   2 pemuser pemgroup  4096 авг  9  2016 certificates
   

2. Set correct permissions:

   # chmod 750 /usr/local/pem/APS/certificates/
   

Internal content