Common ESA Errors

A list common error found while working with the ESA.

Table: ESA Common Errors

Error /Problem	This may happen because…	Recovery Actions
While ESA is running, some services stop abruptly.	This issue occurs when the ESA OS partition is completely full. When the disk space gets full, there is an impact on the services that are running. These services encounter a shortage of resources, and hence, stop abruptly.	Perform the following steps to resolve this issue. Clear the OS(/) partition. For more information about cleaning up the OS(/) partition, refer to the documentation available at the following link. https://my.protegrity.com/knowledge/ka0Ul0000000a9xIAA/ Restart the ESA.
After upgrading the ESA to v10.2.0, the Label of ESA node in the TAC is not Consul Server or Consul Client	This issue occurs when the ESA is upgraded to v10.2.0, and the Label of ESA node in the TAC is not Consul Server or Consul Client. This may impact the functionality of the TAC.	Perform the following steps to resolve this issue. From the ESA CLI Manager, navigate to Administration > OS Console. Enter the root password. Navigate to the /etc/opt/scripts/support directory. To stabilize the cluster, run the following command. ./stabilize_consul.py --force
From v10.2.0, all the packages, including the Protegrity developed packages, are signed by Protegrity. This ensures the integrity of the software being installed. The following errors may occur while uploading the patch using Web UI or CLI Manager. The patch is signed by Protegrity signing key and the verification key is expired	This issue occurs if the verification key is expired, the following error message appears: Error: Patch signature(s) expired. Would you like to continue installation?	Click Yes to install the patch. The patch gets installed successfully. Click No. The patch installation gets terminated. For more information about the Protegrity signed patch, contact Protegrity Support.
The patch is not signed by Protegrity signing key	This issue occurs if the patch is not signed by Protegrity signing key. Error: Signatures not found. Aborting	Click Exit to terminate the installation process. It is recommended to use a Protegrity signed patch. For more information about the Protegrity signed patch, contact Protegrity Support.
Insufficient disk space in the /var/log directory	This issue occurs if the disk space in the /var/log directory is insufficient. Error: Unable to install the patch. The required disk space is insufficient for the following partition: /var/log	Ensure that at least 20% disk space in the /var/log directory is available to install the patch successfully.
Insufficient disk space in the /opt/ directory	This issue occurs if the disk space in the /opt/ directory is insufficient. Error: Unable to install the patch. The required disk space is insufficient for the following partition: /opt/	Ensure that the available disk space in the /opt/tmp directory is at least twice the patch size.
Insufficient disk space in the /OS directory	This issue occurs if the disk space in the /OS directory is insufficient.	Ensure that at least 40% disk space in the _/OS_ directory is available to install the patch successfully. The space used in the OS(/) partition should not be more than 60%. If the space used is more than 60%, then you must clean up the OS(/) partition before proceeding with the patch installation process. For more information about cleaning up the OS(/) partition, refer to the documentation available at the following link. https://my.protegrity.com/knowledge/ka0Ul0000000a9xIAA/
Unable to export the information while executing the cluster task using the IP address of the node.	This might occur if the task is executed using the IP address of the cluster task instead of the Hostname.	To resolve this issue, ensure that the IP address of the cluster node is replaced with the Hostname in the task. For more information about executing the cluster task, refer [Scheduling Configuration Export to Cluster Tasks](/docs/aog/web_user_interface_management/aog_system_webui/aog_schedule_tasks/aog_schedule_cluster_tasks).
If you try to perform operations, such as, joining a cluster, exporting data/ configuration to a remote appliance, and so on , the operation fails with the following error: Errorcode: 403	This issue occurs if the Basic Authentication is disabled, and you try to perform any of the following operations. Joining an existing cluster Establishing set ESA Communication Exporting data/configuration to a remote appliance Work with RADIUS authentication	Ensure that the Can Create JWT Token permission is assigned to the role. If the Can Create JWT Token permission is not assigned to the role of the required user, then the operation fails. To verify the Can Create JWT Token permission, from the ESA Web UI navigate to Settings > Users > Roles.
In the ESA CLI, when you copy files to home directories (/`home/service_admin, /home/local_admin, or /home/service_viewer`) using the `Put Files` for the option under Trusted Appliance Cluster, a following traceback error appears. `Permission denied:`	The user does not have the permission to copy the file to the target directory.	Perform the following steps to copy the files to the home directory: From the ESA CLI, navigate toTools → Trusted Appliance Cluster → Cluster Operations: Execute Commands/Deploy files → Put Files. Select the required files from the source directory. Select Next. In the Target Path screen, choose Select Target Directory. Navigate to the required target directory. A message to enter the directory manually appears. Select Yes. Type the path for the target directory and select OK. Select the required target nodes in the Target Node screen and select OK. The files are deployed to the target node.
When you run a cluster export task, the following message appears for all the target nodes: `Host Denied`		Perform the following steps: Login to the CLI Manager of the target node. Navigate to > > Tools → SSH Configuration → Known Hosts: Hosts I can connect to. Select Add Host. Enter `127.0.0.1` and select Done. On the Web UI, refresh the trusted appliance cluster screen.
When exporting or importing custom files, the export import process fails.	The file that is exported does not exist.	You can perform one of following options: Remove the file path in the `customer.custom` file. Remove the file path in the exclude file. Perform the following steps: In the Web UI, navigate to Settings → System → Files. Click Edit corresponding to the `customer.custom`. Add the prefix, `optional`, to the required file paths and save the changes. Run the export process.
While uploading a file from the Web UI the following error appears: `Proxy Error` `Reason: Error reading from remote server`	The file is not uploaded to the server.	Perform one of the following methods.. Perform the following steps to increase the session timeout for the service dispatcher: In the OS Console, navigate to the `/etc/ksa/service_dispatcher/proxies/mng` directory. Run the following command to create a file. `# vi apache.mng.UploadFile` Type the following configuration changes. `ProxyPass/Management/Upload File http://0.0.0.0:2443/Management/UploadFile/ retry=0 timeout=3600` `ProxyPassReverse/Management/Upload File http://0.0.0.0:2443/Management/UploadFile` Save the changes. Run the following command to restart the service dispatcher service. `# /etc/init.d/service_dispatcher restart` Upload the file using the following `scp` command: In the CLI Manager, navigate to the OS Console. Run the following command to transfer files between the source and target directories. `# scp -r user@host:directory/<Source directory> <Target directory>`
A failure occurs while extending the OS or logs partition.		Perform the following steps to fix the errors: Boot the system from the ISO. In the OS Console, run the following command to enable LVM mapping. `# lvchange -ay PTYVG` Run the following command to fix the errors in the file system for the required volume group. For example, `# reiserfsck --fix-fixable /dev/mapper/PTYVG-OS` Run the following command to mount the required volume. For example, `# mount /dev/mapper/PTYVG-OS /TARGET` If the above step fails, perform the following steps: Run the following command to format the partition. For example, `# mkfs.reiserfs /dev/mapper/PTYVG-OS` Restart the appliance in the `System-Restore Mode` and restore the backup data.
While extending the OS partition, the following message appears: Couldn't find device with uuid <ID> Cannot change VG <volume group> while PVs are missing		Run the following command and press ENTER: `#vgreduce -removemisssing <volumegroup>`
When a role is deleted, the users associated with the role are not updated. The deleted role appears on user list in the User Management screen. For example, role name appears in the following format: `<Role name><Random number>`		Delete the user from the User Management screen. If required, add a user with the same name and credentials.
When you are importing a file from System → Backup & Restore → Import, the following error appears: `Bad Gateway The proxy server received an invalid response from an upstream server`	The size of the file is more than the value in the Max File Upload Size.	Perform the following steps to increase the file upload size: On the Web UI, navigate to Settings → Network → Web Settings. Under General Settings, increase the size of the file from the Max File Upload Size slider. Select Update.
The Linux Host ID does not change in an ESA or a DSG instance created on the AWS cloud platform.	The Linux Host ID and the Protegrity Host ID are generated after an ESA or DSG instance is created on the AWS cloud platform. As per the expected behaviour of the appliance, only the Protegrity Host ID is modified after running the appliance rotation tool on the ESA or the DSG instance.	Perform the following steps to modify the Linux Host ID: Launch an ESA or DSG instance on the AWS cloud platform. On the CLI of the ESA or DSG instance, navigate to Administration → OS Console. Run the following command to change the Linux Host ID: echo -ne \\x$11\\x$22\\x$22\\x$11 > /etc/hostid In this example, parameters like `x$11` and `x$22` are sample values for the Linux Host ID. You must enter actual values for `x$11` and `x$22`. Run the following command to check the Linux Host ID: # hostid 11222211
The SSH session is terminated during the creation of a bond on the ethMNG interface.		Restart the session after the NIC bond on the ethMNG NIC is created.
The slave NICs do not have an IP assigned, but the following message appears during creating a bond: `NIC Bonding is not available`	The NICs might be on the DHCP mode.	Convert the NICs to Static mode.
The Web UI is not accessible after the NICs are bonded.		Reset the Network Bonding from the CLI Manager and bond the NICs again. For more information about resetting the NIC bonding, refer to the Appliance Overview Guide.
During binding NICs, the following message appears. `Unknown Error`	This might occur if the network is slow.	Restart the appliance queues using the following command: /etc/init.d/appliance-queues server restart
When you enable Two-Factor Authentication and export data from one ESA to another, the export process fails.		You must create two separate scheduler tasks to export data. First you must export the LDAP settings. Then, you must export the OS settings.
When you remove an appliance from the cluster is removed, a warning that the appliance is the last leader of the server of the cluster appears.	The appliance that is the last server of the cluster cannot be removed as all the clients are connected to it for receiving cluster-related information. Removing the last server from the cluster might de-stabilize the cluster.	NA
You cannot add an appliance to the cluster.	Certificates are not valid.	Ensure that you assign a valid server and CA certificates on the appliance. For more information about validating certificates, refer the Certificate Management Guide.
When you join an appliance to the cluster, the process is not completed, and a following error appears in the logs: `Error: [WARNING] No Consul node is available as join target!`	The Consul service is not available.	Perform the following steps to remove the Consul labels for the appliance: On the CLI Manager, navigate to Tools → Trusted Appliances Cluster → Update Cluster Information. Remove Consul Client or Consul Server label from the Label textbox. Select OK. Login to the Web UI and remove the appliance from the cluster.
When you simultaneously remove multiple appliances from a cluster, the following error appears in the logs: `Failed To Update KV Store.`		Remove the appliances separately from the cluster and refresh the Trusted Appliances Cluster screen.
When you remove a node from the cluster the following error appears on the screen: `RunNow error: [object Object] errorThrown: error`		Perform the following steps to remove the Consul labels for the appliance: On the CLI Manager, navigate to Tools → Trusted Appliances Cluster → Update Cluster Information. Remove Consul Client or Consul Server label from the Label textbox. Select OK. Login to the Web UI and remove the appliance from the cluster.
When you create a cluster, the following error appears on the screen: `Failed to join. Error: “Cannot get/parse target cluster config file. Please make sure the target node’s cluster is enabled.`	The SSH configuration on the target machine is incorrect.	Ensure that the Authentication Type on the SSH configuration manager screen is set to Password + PublicKey. Perform the following steps: On the Web UI, navigate to Settings → Network → SSH. Select Password + PublicKey from the Authentication Type drop-down list. Click Apply.
The following error is observed in the logs: `/dev/shm/heardbeat/servers File Doesn't exists`	When a Set ESA Communication is established, the heartbeat service checks for the ESA's that are available. If the heartbeat is not established, the file is not generated, and the error appears.	There is no functional impact on the appliance. This error can be ignored.
In the System File page, when you modify, upload, or reset a file, the ownership of the file changes from local user such as, `service_admin` user to the `root` user. The ownership of the files in the following file groups change: Logging Configuration Files Policy Management Files		Perform the following commands to change the ownership of the file In the CLI Manager, navigate to Administration → OS Console. Run the following command to change the ownership. chown service_admin:service_admin <directory of file> For example, to change the ownership of the `DMS.cfg` file, run the following command. chown service_admin:service_admin /opt/protegrity/DefianceEnterprise/Config/DMS.cfg
In the System File page, when you modify, upload, or reset a file, the ownership of the file changes from local user such as, `www-data` user to the `root` user. The ownership of the files in the following file group changes: Cloud Gateway		Perform the following commands to change the ownership of the file: In the CLI Manager, navigate to the Administration → OS Console. Run the following command to change the ownership. chown www-data:www-data <directory of file> For example, to change the ownership of the `gateway.json` file, run the following command. chown www-data:www-data /opt/protegrity/alliance/config/gateway.json
On the ESA Web UI, run the the export-import procedure to a file or a cluster by selecting the Log-Repository Server option. The following error appears on the Forensics screen: `Internal Error: Invalid input provided`		Perform the following steps: In the CLI Manager, navigate to the Administration → OS Console. Create a `recover-emsdb.sh` file using the vi editor and insert the following script: #!/bin/sh -e PGSQL_DIR="/opt/protegrity/DefianceEnterprise/database/pgsql" DUMPFILE=/root/pgdumpall.sql.$$ echo "Press ENTER to recover the logging database or CTRL+C to cancel" read SERVICE_ADMIN_PASSWORD=`python -m ksa.acl --get-credentials \| grep SERVICE_ADMIN_PASSWORD \| cut -d= -f2` test -z "$SERVICE_ADMIN_PASSWORD" && { echo "Failed to obtain service-admin password" ; exit 1 ; } export PGPASSWORD=$SERVICE_ADMIN_PASSWORD echo "Resetting xlog..." # su dmsuser -c "$PGSQL_DIR/bin/pg_resetxlog /opt/protegrity/DefianceEnterprise/database/data/" # su dmsuser -c "$PGSQL_DIR/bin/pg_resetxlog -f /opt/protegrity/DefianceEnterprise/database/data/" echo "Reindex database..." $PGSQL_DIR/bin/reindexdb -U admin -a -h 127.0.0.1 -p 5433 echo "Dumping to file $DUMPFILE" $PGSQL_DIR/bin/pg_dumpall -U admin -h 127.0.0.1 -p 5433 --clean > $DUMPFILE echo "restore (MUST stop DMS)..." dms stop $PGSQL_DIR/bin/psql -h 127.0.0.1 -p 5433 -U admin -d postgres < $DUMPFILE rm /root/pgdumpall.sql.$$ echo "Restarting services" dms_postgres restart dms restart Save the file. Assign execute permissions to the `recover-emsdb.sh` file using the following command. chmod 700 recover-emsdb.sh Run the `recover-emsdb.sh` script. Press ENTER. Enter the your administrative credentials on the screen and press ENTER.
When you upload a patch on the Web UI, the following message appears on the Web UI. `The file cannot be uploaded as it may be infected`		This is a false positive message that appears on the Web UI. Select Yes to continue uploading the file. Ensure that the minimum space available in the `/opt` directory is more than twice the size of the patch. For example, if the size of the patch is 2 GB, the minimum space available in the `/opt` directory is more than 4 GB.
The update of the antivirus database fails.		Complete the following steps: On the CLI Manager, navigate to Administration → OS Console Run the following command: rm /var/lib/clamav/.c?d On the Web UI, navigate to Settings* → Security → Antivirus. Select Database Update to update the antivirus database. A warning message appears. You can ignore the warning message. The antivirus database is updated.
The Proxy Authentication service is not visible on the Services screen.		Complete the following steps: On the ESA Web UI, navigate to Settings → Users → Advanced Click Save. Logout from the ESA Web UI and login again. Navigate to System → Services. Ensure that the required services are running.
When you export a report, the following error appears. `Error Message There was an error on the server. Try again or contact site administrators.` or `Internal server error occurred. Please contact your system administrator`. `Details: Handler processing failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class org.apache.batik.bridge.CursorManager`		Complete the following steps: On the CLI Manager, navigate to Administration → OS Console. Run the following command: `sed -i '/^assistive_technologies/s/^/# /g' /etc/java-8-openjdk/accessibility.properties` Login to the ESA Web UI and navigate to System → Services. Restart the Reporting Server service.
The following error appears on the logs or the error is observed when you add a new user. `LDAP Failure: {'info': 'operation restricted', 'desc': Server is unwilling to perform'}`	The OS backup procedure was interrupted or not completed.	Restart the OS backup operation by running the following command from the OS Console: /etc/opt/scripts/after-backup.sh
When you add an appliance to the cluster and remove them immediately from the cluster, the following error appears on the screen. /etc/init.d/appliance-queues-server: Exception while calling -.-().Serialize(args=['<ESA IP Address>', '<username>', '<password>', [u'<ESA IP Address>', u'<hostname>']],kwargs={}) :#012Traceback (most recent call last):#012 File "/usr/local/lib/python/dist-packages/ksa/backend/server.py", line 232, in call_function#012 File "/usr/local/lib/python/dist-packages/ksa/backend/server.py", line 120, in call_serialized_function#012 File "<string>", line 1, in <module>#012 File "/opt/cluster/cluster_operations.py", line 144, in _join#012 password=target_password, comm_methods=communication_methods)#012 File "/etc/opt/Cluster/clustermgr.py", line 1066, in JoinCluster#012 File "/etc/opt/Cluster/clustermgr.py", line 1400, in _JoinCluster#012ClusterException: Failed to add the requested cluster-node: Node id gZ68G4kWoOdMoWxj already exists	The status of the nodes are not updated after you immediately add a remove an appliance from the cluster.	When you add or remove a node from a cluster, the updates are propagated across all appliances in the cluster. The wait time for this process is approximately one minute. You must wait for a minute before performing any action on the cluster.
After performing a delete operation from the Files screen, you are unable to reset the following files: `gateway.json` `alliance.conf` `exampleusers.txt` `examplegroups.txt`		When you delete a file from the Files screen, the files are backed up in the `/etc/configuration-files-backup` directory. You can restore them by copying the files from the backup directory to the original directory. In the OS Console of the CLI Manager, run the `copy` or `move` command to restore the file from the backup directory to the original directory. The original directory of the files are as follows: `gateway.json` - `/opt/protegrity/alliance/config/gateway.json` `alliance.conf` - `/opt/protegrity/alliance/config/rsyslog/alliance.conf` `exampleusers.txt` - `/opt/protegrity/mbs/users/exampleusers.txt` `examplegroups.txt` - `/opt/protegrity/mbs/groups/examplegroups.txt`
When the Appliance OS keys rotation process is run, the following error appears. `Failed to set admin password. Error : LDAP Error: {'desc': Invalid credentials'}` and `Failed to set viewer password. Error : LDAP Error: {'desc': Invalid credentials'}`	The appliance keys are rotated after the Set ESA communication process is performed.	Perform the following steps: On the screen, select OK. Run the Set ESA communication process again.
On the Web UI, when you navigate Settings → Network → Web Settings and click Update under the SSL Cipher Settings tab, the following error appears. `Fail to update Cipher Settings, please check events`	The DES-CBC3-SHA cipher suite is not supported	Perform one of the following steps: In the SSLCipherSuite text box, remove the DES-CBC3-SHA cipher suite from the list In the SSLCipherSuite text box, append an exclamation (!) before DES-CBC3-SHA to disable the cipher suite
During the reinitialization of the finalization an instance, the following message is displayed. `Finalization is already in progress.` However, the finalization of the instance is not completed.	During the finalization an instance, if the session was interrupted, then the instance will become unstable. If you reinitialize the finalization on the same instance, the system will not be able to process the finalization process.	NA
While restoring a VM using the 'Creating a new virtual machine' procedure, the following error is observed: `UserErrorInvalidManagedDiskOperation`	While restoring a virtual machine using recovery services vaults, the Instance size of VM inherits the Instance Size that is specified while creating the instance from which backup is taken. If this instance size that is used to create the instance is insufficient, the error is displayed.	Clear the resources for this instance before creating the VM Create a new VM from the existing disk
After a TAC is created, an status `Unknown` is displayed.	The Authentication type on the SSH screen is set to Password.	Set the Authentication Type to Password + PublicKey or Public key
On the ESA Web UI, navigate to System → Files. When you edit `exampleusers.txt` the or `examplegroups.txt` files, the following error appears. `Failed to retrieve product file from the server`	The files might contain a `\U` character	On the CLI manager, navigate to Administration → OS Console Run the following command. vi /opt/protegrity/mbs/users/exampleusers.txt or vi /opt/protegrity/mbs/users/examplegroups.txt Remove the `\U` character and save the changes. On the ESA Web UI,navigate to System → Files and edit the files. The files can be edited.
On the Web UI, reset password for the `ldap_bind_user` account. When you refresh the User Management screen, the following message appears: `No Users available` Also, an LDAP user cannot log in to the appliance from the CLI Manager or Web UI.		Perform the following steps: Log in to the CLI Manager with the`local_admin` user. Navigate to Administration → Specify LDAP server/s. Enter the root credentials. Select Set Proxy Authentication. In the Bind Password text box, enter the password that you specified for `ldap_bind_user` while resetting it from the Web UI Save the changes. Log in to the CLI manager or Web UI with any LDAP user. The LDAP user can log in to the appliance. On the User Management screen, the users are visible.
In a Primary ESA of a TAC, when you navigate to External Groups screen, the following message appears. Failed to fetch data from External Groups. Try refreshing the page	The following JSON files in `/opt/externallookup/data` whose size are 0 KB: `ESA_Policy_Admins.json` `BankDataAccess.json` `ESA_Admins.json` `ESA_Developers.json`	Delete the mentioned files. This issue mainly occurs if the size the `/opt` partition is full. Ensure that you maintain the required space in the `/opt` partition by keeping only the relevant files in it.
When you run the Full OS Backup operation from the Web UI, the following message appears. Unauthorised User		Perform the following steps: Click Done. Click OS Full. Wait till the notification Backup has been initiated appears. Click Ok.
When removing a remote node from the cluster, uninstalling the cluster services, or performing a leave cluster operation on the Web UI, the following message appears. Error! Failed to leave cluster: LeaveCluster <IP address>: The node cannot leave the cluster as it has existing associated tasks.		Delete all the tasks associated with the node before removing the node from the cluster.
On the Azure and the GCP instances, when you reset the password from the CLI manager for a user, you get the following error message: Login failure - 'failed to authenticate user: Insufficient privileges'		Azure and GCP instances do not support reset password in the CLI manager. You must reset passwords only from the Web UI.
When the listening address of the SNMPD port is changed, the following error appears on the Web UI: SNMP Service started failed	The assigned port is already configured for SNMPTRAPD.	It is recommended to not use the listening address which is already assigned and configured for other ports.
When the listening address of the SNMPD port is set as an invalid value (example: abcd), the following error appears on the Web UI: SNMP Service started failed		It is recommended to not set invalid listening address for the ports.
When the cluster node label is updated in the CLI Manager under Tools → TAC → Node Management → Update Cluster Information, the Appliance logs on the Web UI show the following traceback:`/etc/init.d/appliance-cluster-status: Cluster-AutoUpdate:Exception while updating cluster-status: (<type 'exceptions.ValueError'>, ValueError('list.remove: x not in list',), <traceback object at 0x7f26293a5d40>`		To remove the traceback from the Appliance logs, remove the custom labels added for the cluster nodes. To update the cluster node label, perform the following steps: In the CLI Manager of the node hosting the cluster, navigate to Tools → TAC → Node Management → Update Cluster Information. The Update Cluster Information screen appears. Update the label of the node in the `custom:<your label>` format. Select OK. The label for the cluster node is updated.
When you try to revoke Two-Factor Authentication shared secret for per user shared secret setting, the operation fails	This may happen if the `username` contains special characters.	To revoke the shared secrets, perform the following steps. From the Web UI, navigate to Settings → Security → Two Factor Authentication. From the Settings, change the Storage type to Local file-system. From the OS Console, remove the file containing shared secret for each user using the following command: rm /opt/protegrity/.OS/users/<username>/2FA.vcode
The `logrotate` task fails intermittently with the following error. Cloud gateway logrorate failed with error: error renaming temp state file /var/lib/logrotate/status.tmp However, the logs are rotated successfully.	The `logrotate` task maintains a temporary file which is common for all logrotate operations. When the `logrotate` script is executed, it updates the temporary file, renames the temporary file, and rotates the logs successfully. Simultaneously, if another `logrotate` operation is triggered, then it is unable to find the temporary file as it was updated and renamed during the previous `logrotate` operation. This results in the `logrotate` task failure.	To resolve the `logrotate` task fail error, perform the following steps. Copy the `/etc/cron.d/ksa` file. Edit the `/etc/cron.d/ksa` file. Update the following lines. /10 * * * root /usr/sbin/logrotate /etc/ksa/logrotate.conf 2-59/10 * * * * root /usr/sbin/logrotate -s /var/lib/logrotate/status1.tmp /var/webservices/logrotate.conf 4-59/10 * * * * root /usr/sbin/logrotate -s /var/lib/logrotate/status2.tmp /etc/ksa/service_dispatcher/logrotate.conf Save the `/etc/cron.d/ksa` file.
When you access Help from the CLI Manager, you are not able to exit from the CLI Help menu.		To exit from the CLI Manager Help menu, you can: Close/restart the SSH session. Restart the ESA.
When you log in to the ESA instance in either AWS or GCP, the following error appears. WARNING: Failed to find a usable hardware address from the network interfaces; using random bytes: 1b:1f:ff:64:9b:b6:ea:ce	The licenses generated are not locked to the MAC address of the ESA machine.	You must contact Protegrity support to generate a license file that is linked to the MAC address of the ESA machine.
When you execute the Antivirus daily update, a high severity log event is generated, and the following error message appears. Anti-Virus database update has failed.	The Anti-virus program connects to the `clamav` web and check for updates. If there are no update available for download, then the task is executed and a high severity log event is generated.	Run the task manually. Perform the following steps: Navigate to Tools → AntiVirus. Select Options and press Enter.
On ESA or appliance based product, after you reboot the system, the service dispatcher stops. It does not starts even after performing the operation manually. The status of `/etc/init.d/service_dispatcher` shows `running` on `OS Console`. However, if you navigate to Administration → Services from the `CLI Manager`, then the status appears as `stopped`.	This might occur when the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file is present.	Perform the following steps: Verify if the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file is present. If the file is present, then remove the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file using the following command: rm /usr/local/pty-apache/var/run/apache2/httpd.pid Restart the service dispatcher using the following command. /etc/init.d/service_dispatcher restart
When you rotate the appliance OS keys, no error log event is generated, however, the following error message appears on the screen. Failed to apply all the changes. Please accept all the changes from the Web UI		Perform the following steps: Login to ESA CLI using the `administrative user`credentials. Navigate to Administration → OS Console. Enter `root` password. In the VI editor, edit the `/var/lib/samhain/samhain_file` file. Add the following line in the file `[SOF]` and save the file. Quit and exit from the console. Navigate to Tools → Rotate Appliance OS Keys. Enter `root` password. Select Yes and enter `admin` credentials. Set new passwords for the required users and click Apply. After the credentials are successfully updated, exit from the CLI Manager. Login to the CLI Manager using the updated passwords.
After creating the backup of the system, if you modify the the authorized keys, then the ESA overwrites the updated keys while performing the import operation. However, after creating the backup of the system, if you add new users and their authorized keys, then the ESA will include them in the system after you perform the import operation. By default, the ESA will append the new users and their corresponding keys.		Delete the new users and their corresponding keys from the system, if they are not required. For more information about deleting keys, refer to `Deleting an Authorized Key` in the Protegrity Appliance Overview Guide 9.1.0.0.
On the Azure and GCP cloud platforms, if a new machine is created using a snapshot of the disk, then the machine is not reachable.	When you create a machine using a snapshot of the disk, then the routing tables are not updated.	To resolve this issue, restart the network settings for the new machine. To restart the network settings, perform the following steps: Login to the CLI Manager. Navigate to Administration → OS Console. Enter `root` password. To restart the networking settings, run the following command. /etc/init.d/networking restart
Unable to export the information while executing the cluster task using the `IP address` of the node.	This might occur if the task is executed using the `IP address` of the cluster task instead of the `Hostname`.	To resolve this issue, ensure that the `IP address` of the cluster node is replaced with the `Hostname` in the task. For more information about executing the cluster task, refer to `Scheduling Configuration Export to Cluster Tasks` in the Protegrity Appliance Overview Guide 9.2.0.0.
After upgrading the ESA, the `webservices` stays in the `stop` state and the WEB UI is inaccessible.	This might happen due to duplicate entries of localhost and ESA IP in the `/etc/hosts` file.	If the ESA IP, ESA domain name and FQDN are already present in the `/etc/hosts` file, then do not add these details in the `/etc/ksa/hosts.append` file. Avoid editing the `/etc/hosts` file. Changes should be done only in the `/etc/ksa/hosts.append` file. Add the details to the `/etc/ksa/hosts.append` file and then restart the networking services. The changes will be reflected in the `/etc/hosts` file.
When upgrading the ESA, the upgrade fails with the following error: Call to check key state failed. Please verify that all services are running.	This might happen due to the GPG Public Key used to sign Debian packages embedded in Protegrity appliances expired on April 9, 2024. The appliances installed before this date will continue to function, however issues will occur when upgrading or applying any maintenance patches to these appliances.	To avoid this issue, it is recommended to apply the `PAP_PAP-ALL-64_x86-64_Generic.V-6.pty` patch to extend the expiry date of the GPG Public Key used to sign Debian packages embedded in Protegrity appliances. This patch must be applied before applying maintenance releases or upgrading the ESA. For more information, refer the following `GPG Public Key Expiration` announcement on My.Protegrity.com portal. https://my.protegrity.com/notifications/GPG-notification#_New_Installations

Feedback

Was this page helpful?

Last modified : November 11, 2025