ESA Error Handling on

ESA Upgrade Readiness Patch Error Messages and Resolutions

Mon, 01 Jan 0001 00:00:00 +0000

This article provides detailed information on error messages and their resolutions related to the ESA Upgrade Readiness Patch for version 10.2.0. It covers various issues such as insufficient disk space, version compatibility, unicast hosts file errors, analytics initialization, and service status checks. Each error message is accompanied by high-level steps for resolving the issue, ensuring a smooth upgrade process to ESA version 10.2.0.

Use the information provided in this section for the detailed steps to resolve the issues shown by the readiness patch.

Common ESA Logs

Mon, 01 Jan 0001 00:00:00 +0000

Log type	Details	Logs Description
Appliance logs ESA Web Interface, System Information → Appliance Logs	Here you can view appliance system logs. These logs are saved for two weeks, and then they are automatically deleted.	The ESA appliance logs the appliance-specific system events: Users logging into/out of Web Interface and the IP from which the users logged Users logging into/out of CLI Manager License status warnings Operations in the internal LDAP: users/groups adding/editing/removing, password changes System Data and Time changes System Configuration (OS level, disk space problem) logs Network configuration changes Starting/stopping of the services.
Data Management Server (DMS) logs ESA Web Interface, Logging & Reporting → Logs	Here you can view DMS system related logs: Startup WatchDog Database Access layer Database Engine	System logs related to monitoring and maintenance of the Logging Repository (DMS).

Common ESA Errors

Mon, 01 Jan 0001 00:00:00 +0000

Table: ESA Common Errors

Error /Problem	This may happen because…	Recovery Actions
While ESA is running, some services stop abruptly.	This issue occurs when the ESA OS partition is completely full. When the disk space gets full, there is an impact on the services that are running. These services encounter a shortage of resources, and hence, stop abruptly.	Perform the following steps to resolve this issue. Clear the OS(/) partition. For more information about cleaning up the OS(/) partition, refer to the documentation available at the following link. https://my.protegrity.com/knowledge/ka0Ul0000000a9xIAA/ Restart the ESA.
After upgrading the ESA to v10.2.0, the Label of ESA node in the TAC is not Consul Server or Consul Client	This issue occurs when the ESA is upgraded to v10.2.0, and the Label of ESA node in the TAC is not Consul Server or Consul Client. This may impact the functionality of the TAC.	Perform the following steps to resolve this issue. From the ESA CLI Manager, navigate to Administration > OS Console. Enter the root password. Navigate to the /etc/opt/scripts/support directory. To stabilize the cluster, run the following command. ./stabilize_consul.py --force
From v10.2.0, all the packages, including the Protegrity developed packages, are signed by Protegrity. This ensures the integrity of the software being installed. The following errors may occur while uploading the patch using Web UI or CLI Manager. The patch is signed by Protegrity signing key and the verification key is expired	This issue occurs if the verification key is expired, the following error message appears: Error: Patch signature(s) expired. Would you like to continue installation?	Click Yes to install the patch. The patch gets installed successfully. Click No. The patch installation gets terminated. For more information about the Protegrity signed patch, contact Protegrity Support.
The patch is not signed by Protegrity signing key	This issue occurs if the patch is not signed by Protegrity signing key. Error: Signatures not found. Aborting	Click Exit to terminate the installation process. It is recommended to use a Protegrity signed patch. For more information about the Protegrity signed patch, contact Protegrity Support.
Insufficient disk space in the /var/log directory	This issue occurs if the disk space in the /var/log directory is insufficient. Error: Unable to install the patch. The required disk space is insufficient for the following partition: /var/log	Ensure that at least 20% disk space in the /var/log directory is available to install the patch successfully.
Insufficient disk space in the /opt/ directory	This issue occurs if the disk space in the /opt/ directory is insufficient. Error: Unable to install the patch. The required disk space is insufficient for the following partition: /opt/	Ensure that the available disk space in the /opt/tmp directory is at least twice the patch size.
Insufficient disk space in the /OS directory	This issue occurs if the disk space in the /OS directory is insufficient.	Ensure that at least 40% disk space in the _/OS_ directory is available to install the patch successfully. The space used in the OS(/) partition should not be more than 60%. If the space used is more than 60%, then you must clean up the OS(/) partition before proceeding with the patch installation process. For more information about cleaning up the OS(/) partition, refer to the documentation available at the following link. https://my.protegrity.com/knowledge/ka0Ul0000000a9xIAA/
Unable to export the information while executing the cluster task using the IP address of the node.	This might occur if the task is executed using the IP address of the cluster task instead of the Hostname.	To resolve this issue, ensure that the IP address of the cluster node is replaced with the Hostname in the task. For more information about executing the cluster task, refer [Scheduling Configuration Export to Cluster Tasks](/docs/aog/web_user_interface_management/aog_system_webui/aog_schedule_tasks/aog_schedule_cluster_tasks).
If you try to perform operations, such as, joining a cluster, exporting data/ configuration to a remote appliance, and so on , the operation fails with the following error: Errorcode: 403	This issue occurs if the Basic Authentication is disabled, and you try to perform any of the following operations. Joining an existing cluster Establishing set ESA Communication Exporting data/configuration to a remote appliance Work with RADIUS authentication	Ensure that the Can Create JWT Token permission is assigned to the role. If the Can Create JWT Token permission is not assigned to the role of the required user, then the operation fails. To verify the Can Create JWT Token permission, from the ESA Web UI navigate to Settings > Users > Roles.
In the ESA CLI, when you copy files to home directories (/`home/service_admin, /home/local_admin, or /home/service_viewer`) using the `Put Files` for the option under Trusted Appliance Cluster, a following traceback error appears. `Permission denied:`	The user does not have the permission to copy the file to the target directory.	Perform the following steps to copy the files to the home directory: From the ESA CLI, navigate toTools → Trusted Appliance Cluster → Cluster Operations: Execute Commands/Deploy files → Put Files. Select the required files from the source directory. Select Next. In the Target Path screen, choose Select Target Directory. Navigate to the required target directory. A message to enter the directory manually appears. Select Yes. Type the path for the target directory and select OK. Select the required target nodes in the Target Node screen and select OK. The files are deployed to the target node.
When you run a cluster export task, the following message appears for all the target nodes: `Host Denied`		Perform the following steps: Login to the CLI Manager of the target node. Navigate to > > Tools → SSH Configuration → Known Hosts: Hosts I can connect to. Select Add Host. Enter `127.0.0.1` and select Done. On the Web UI, refresh the trusted appliance cluster screen.
When exporting or importing custom files, the export import process fails.	The file that is exported does not exist.	You can perform one of following options: Remove the file path in the `customer.custom` file. Remove the file path in the exclude file. Perform the following steps: In the Web UI, navigate to Settings → System → Files. Click Edit corresponding to the `customer.custom`. Add the prefix, `optional`, to the required file paths and save the changes. Run the export process.
While uploading a file from the Web UI the following error appears: `Proxy Error` `Reason: Error reading from remote server`	The file is not uploaded to the server.	Perform one of the following methods.. Perform the following steps to increase the session timeout for the service dispatcher: In the OS Console, navigate to the `/etc/ksa/service_dispatcher/proxies/mng` directory. Run the following command to create a file. `# vi apache.mng.UploadFile` Type the following configuration changes. `ProxyPass/Management/Upload File http://0.0.0.0:2443/Management/UploadFile/ retry=0 timeout=3600` `ProxyPassReverse/Management/Upload File http://0.0.0.0:2443/Management/UploadFile` Save the changes. Run the following command to restart the service dispatcher service. `# /etc/init.d/service_dispatcher restart` Upload the file using the following `scp` command: In the CLI Manager, navigate to the OS Console. Run the following command to transfer files between the source and target directories. `# scp -r user@host:directory/<Source directory> <Target directory>`
A failure occurs while extending the OS or logs partition.		Perform the following steps to fix the errors: Boot the system from the ISO. In the OS Console, run the following command to enable LVM mapping. `# lvchange -ay PTYVG` Run the following command to fix the errors in the file system for the required volume group. For example, `# reiserfsck --fix-fixable /dev/mapper/PTYVG-OS` Run the following command to mount the required volume. For example, `# mount /dev/mapper/PTYVG-OS /TARGET` If the above step fails, perform the following steps: Run the following command to format the partition. For example, `# mkfs.reiserfs /dev/mapper/PTYVG-OS` Restart the appliance in the `System-Restore Mode` and restore the backup data.
While extending the OS partition, the following message appears: Couldn't find device with uuid <ID> Cannot change VG <volume group> while PVs are missing		Run the following command and press ENTER: `#vgreduce -removemisssing <volumegroup>`
When a role is deleted, the users associated with the role are not updated. The deleted role appears on user list in the User Management screen. For example, role name appears in the following format: `<Role name><Random number>`		Delete the user from the User Management screen. If required, add a user with the same name and credentials.
When you are importing a file from System → Backup & Restore → Import, the following error appears: `Bad Gateway The proxy server received an invalid response from an upstream server`	The size of the file is more than the value in the Max File Upload Size.	Perform the following steps to increase the file upload size: On the Web UI, navigate to Settings → Network → Web Settings. Under General Settings, increase the size of the file from the Max File Upload Size slider. Select Update.
The Linux Host ID does not change in an ESA or a DSG instance created on the AWS cloud platform.	The Linux Host ID and the Protegrity Host ID are generated after an ESA or DSG instance is created on the AWS cloud platform. As per the expected behaviour of the appliance, only the Protegrity Host ID is modified after running the appliance rotation tool on the ESA or the DSG instance.	Perform the following steps to modify the Linux Host ID: Launch an ESA or DSG instance on the AWS cloud platform. On the CLI of the ESA or DSG instance, navigate to Administration → OS Console. Run the following command to change the Linux Host ID: echo -ne \\x$11\\x$22\\x$22\\x$11 > /etc/hostid In this example, parameters like `x$11` and `x$22` are sample values for the Linux Host ID. You must enter actual values for `x$11` and `x$22`. Run the following command to check the Linux Host ID: # hostid 11222211
The SSH session is terminated during the creation of a bond on the ethMNG interface.		Restart the session after the NIC bond on the ethMNG NIC is created.
The slave NICs do not have an IP assigned, but the following message appears during creating a bond: `NIC Bonding is not available`	The NICs might be on the DHCP mode.	Convert the NICs to Static mode.
The Web UI is not accessible after the NICs are bonded.		Reset the Network Bonding from the CLI Manager and bond the NICs again. For more information about resetting the NIC bonding, refer to the Appliance Overview Guide.
During binding NICs, the following message appears. `Unknown Error`	This might occur if the network is slow.	Restart the appliance queues using the following command: /etc/init.d/appliance-queues server restart
When you enable Two-Factor Authentication and export data from one ESA to another, the export process fails.		You must create two separate scheduler tasks to export data. First you must export the LDAP settings. Then, you must export the OS settings.
When you remove an appliance from the cluster is removed, a warning that the appliance is the last leader of the server of the cluster appears.	The appliance that is the last server of the cluster cannot be removed as all the clients are connected to it for receiving cluster-related information. Removing the last server from the cluster might de-stabilize the cluster.	NA
You cannot add an appliance to the cluster.	Certificates are not valid.	Ensure that you assign a valid server and CA certificates on the appliance. For more information about validating certificates, refer the Certificate Management Guide.
When you join an appliance to the cluster, the process is not completed, and a following error appears in the logs: `Error: [WARNING] No Consul node is available as join target!`	The Consul service is not available.	Perform the following steps to remove the Consul labels for the appliance: On the CLI Manager, navigate to Tools → Trusted Appliances Cluster → Update Cluster Information. Remove Consul Client or Consul Server label from the Label textbox. Select OK. Login to the Web UI and remove the appliance from the cluster.
When you simultaneously remove multiple appliances from a cluster, the following error appears in the logs: `Failed To Update KV Store.`		Remove the appliances separately from the cluster and refresh the Trusted Appliances Cluster screen.
When you remove a node from the cluster the following error appears on the screen: `RunNow error: [object Object] errorThrown: error`		Perform the following steps to remove the Consul labels for the appliance: On the CLI Manager, navigate to Tools → Trusted Appliances Cluster → Update Cluster Information. Remove Consul Client or Consul Server label from the Label textbox. Select OK. Login to the Web UI and remove the appliance from the cluster.
When you create a cluster, the following error appears on the screen: `Failed to join. Error: “Cannot get/parse target cluster config file. Please make sure the target node’s cluster is enabled.`	The SSH configuration on the target machine is incorrect.	Ensure that the Authentication Type on the SSH configuration manager screen is set to Password + PublicKey. Perform the following steps: On the Web UI, navigate to Settings → Network → SSH. Select Password + PublicKey from the Authentication Type drop-down list. Click Apply.
The following error is observed in the logs: `/dev/shm/heardbeat/servers File Doesn't exists`	When a Set ESA Communication is established, the heartbeat service checks for the ESA's that are available. If the heartbeat is not established, the file is not generated, and the error appears.	There is no functional impact on the appliance. This error can be ignored.
In the System File page, when you modify, upload, or reset a file, the ownership of the file changes from local user such as, `service_admin` user to the `root` user. The ownership of the files in the following file groups change: Logging Configuration Files Policy Management Files		Perform the following commands to change the ownership of the file In the CLI Manager, navigate to Administration → OS Console. Run the following command to change the ownership. chown service_admin:service_admin <directory of file> For example, to change the ownership of the `DMS.cfg` file, run the following command. chown service_admin:service_admin /opt/protegrity/DefianceEnterprise/Config/DMS.cfg
In the System File page, when you modify, upload, or reset a file, the ownership of the file changes from local user such as, `www-data` user to the `root` user. The ownership of the files in the following file group changes: Cloud Gateway		Perform the following commands to change the ownership of the file: In the CLI Manager, navigate to the Administration → OS Console. Run the following command to change the ownership. chown www-data:www-data <directory of file> For example, to change the ownership of the `gateway.json` file, run the following command. chown www-data:www-data /opt/protegrity/alliance/config/gateway.json
On the ESA Web UI, run the the export-import procedure to a file or a cluster by selecting the Log-Repository Server option. The following error appears on the Forensics screen: `Internal Error: Invalid input provided`		Perform the following steps: In the CLI Manager, navigate to the Administration → OS Console. Create a `recover-emsdb.sh` file using the vi editor and insert the following script: #!/bin/sh -e PGSQL_DIR="/opt/protegrity/DefianceEnterprise/database/pgsql" DUMPFILE=/root/pgdumpall.sql.$$ echo "Press ENTER to recover the logging database or CTRL+C to cancel" read SERVICE_ADMIN_PASSWORD=`python -m ksa.acl --get-credentials \| grep SERVICE_ADMIN_PASSWORD \| cut -d= -f2` test -z "$SERVICE_ADMIN_PASSWORD" && { echo "Failed to obtain service-admin password" ; exit 1 ; } export PGPASSWORD=$SERVICE_ADMIN_PASSWORD echo "Resetting xlog..." # su dmsuser -c "$PGSQL_DIR/bin/pg_resetxlog /opt/protegrity/DefianceEnterprise/database/data/" # su dmsuser -c "$PGSQL_DIR/bin/pg_resetxlog -f /opt/protegrity/DefianceEnterprise/database/data/" echo "Reindex database..." $PGSQL_DIR/bin/reindexdb -U admin -a -h 127.0.0.1 -p 5433 echo "Dumping to file $DUMPFILE" $PGSQL_DIR/bin/pg_dumpall -U admin -h 127.0.0.1 -p 5433 --clean > $DUMPFILE echo "restore (MUST stop DMS)..." dms stop $PGSQL_DIR/bin/psql -h 127.0.0.1 -p 5433 -U admin -d postgres < $DUMPFILE rm /root/pgdumpall.sql.$$ echo "Restarting services" dms_postgres restart dms restart Save the file. Assign execute permissions to the `recover-emsdb.sh` file using the following command. chmod 700 recover-emsdb.sh Run the `recover-emsdb.sh` script. Press ENTER. Enter the your administrative credentials on the screen and press ENTER.
When you upload a patch on the Web UI, the following message appears on the Web UI. `The file cannot be uploaded as it may be infected`		This is a false positive message that appears on the Web UI. Select Yes to continue uploading the file. Ensure that the minimum space available in the `/opt` directory is more than twice the size of the patch. For example, if the size of the patch is 2 GB, the minimum space available in the `/opt` directory is more than 4 GB.
The update of the antivirus database fails.		Complete the following steps: On the CLI Manager, navigate to Administration → OS Console Run the following command: rm /var/lib/clamav/.c?d On the Web UI, navigate to Settings* → Security → Antivirus. Select Database Update to update the antivirus database. A warning message appears. You can ignore the warning message. The antivirus database is updated.
The Proxy Authentication service is not visible on the Services screen.		Complete the following steps: On the ESA Web UI, navigate to Settings → Users → Advanced Click Save. Logout from the ESA Web UI and login again. Navigate to System → Services. Ensure that the required services are running.
When you export a report, the following error appears. `Error Message There was an error on the server. Try again or contact site administrators.` or `Internal server error occurred. Please contact your system administrator`. `Details: Handler processing failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class org.apache.batik.bridge.CursorManager`		Complete the following steps: On the CLI Manager, navigate to Administration → OS Console. Run the following command: `sed -i '/^assistive_technologies/s/^/# /g' /etc/java-8-openjdk/accessibility.properties` Login to the ESA Web UI and navigate to System → Services. Restart the Reporting Server service.
The following error appears on the logs or the error is observed when you add a new user. `LDAP Failure: {'info': 'operation restricted', 'desc': Server is unwilling to perform'}`	The OS backup procedure was interrupted or not completed.	Restart the OS backup operation by running the following command from the OS Console: /etc/opt/scripts/after-backup.sh
When you add an appliance to the cluster and remove them immediately from the cluster, the following error appears on the screen. /etc/init.d/appliance-queues-server: Exception while calling -.-().Serialize(args=['<ESA IP Address>', '<username>', '<password>', [u'<ESA IP Address>', u'<hostname>']],kwargs={}) :#012Traceback (most recent call last):#012 File "/usr/local/lib/python/dist-packages/ksa/backend/server.py", line 232, in call_function#012 File "/usr/local/lib/python/dist-packages/ksa/backend/server.py", line 120, in call_serialized_function#012 File "<string>", line 1, in <module>#012 File "/opt/cluster/cluster_operations.py", line 144, in _join#012 password=target_password, comm_methods=communication_methods)#012 File "/etc/opt/Cluster/clustermgr.py", line 1066, in JoinCluster#012 File "/etc/opt/Cluster/clustermgr.py", line 1400, in _JoinCluster#012ClusterException: Failed to add the requested cluster-node: Node id gZ68G4kWoOdMoWxj already exists	The status of the nodes are not updated after you immediately add a remove an appliance from the cluster.	When you add or remove a node from a cluster, the updates are propagated across all appliances in the cluster. The wait time for this process is approximately one minute. You must wait for a minute before performing any action on the cluster.
After performing a delete operation from the Files screen, you are unable to reset the following files: `gateway.json` `alliance.conf` `exampleusers.txt` `examplegroups.txt`		When you delete a file from the Files screen, the files are backed up in the `/etc/configuration-files-backup` directory. You can restore them by copying the files from the backup directory to the original directory. In the OS Console of the CLI Manager, run the `copy` or `move` command to restore the file from the backup directory to the original directory. The original directory of the files are as follows: `gateway.json` - `/opt/protegrity/alliance/config/gateway.json` `alliance.conf` - `/opt/protegrity/alliance/config/rsyslog/alliance.conf` `exampleusers.txt` - `/opt/protegrity/mbs/users/exampleusers.txt` `examplegroups.txt` - `/opt/protegrity/mbs/groups/examplegroups.txt`
When the Appliance OS keys rotation process is run, the following error appears. `Failed to set admin password. Error : LDAP Error: {'desc': Invalid credentials'}` and `Failed to set viewer password. Error : LDAP Error: {'desc': Invalid credentials'}`	The appliance keys are rotated after the Set ESA communication process is performed.	Perform the following steps: On the screen, select OK. Run the Set ESA communication process again.
On the Web UI, when you navigate Settings → Network → Web Settings and click Update under the SSL Cipher Settings tab, the following error appears. `Fail to update Cipher Settings, please check events`	The DES-CBC3-SHA cipher suite is not supported	Perform one of the following steps: In the SSLCipherSuite text box, remove the DES-CBC3-SHA cipher suite from the list In the SSLCipherSuite text box, append an exclamation (!) before DES-CBC3-SHA to disable the cipher suite
During the reinitialization of the finalization an instance, the following message is displayed. `Finalization is already in progress.` However, the finalization of the instance is not completed.	During the finalization an instance, if the session was interrupted, then the instance will become unstable. If you reinitialize the finalization on the same instance, the system will not be able to process the finalization process.	NA
While restoring a VM using the 'Creating a new virtual machine' procedure, the following error is observed: `UserErrorInvalidManagedDiskOperation`	While restoring a virtual machine using recovery services vaults, the Instance size of VM inherits the Instance Size that is specified while creating the instance from which backup is taken. If this instance size that is used to create the instance is insufficient, the error is displayed.	Clear the resources for this instance before creating the VM Create a new VM from the existing disk
After a TAC is created, an status `Unknown` is displayed.	The Authentication type on the SSH screen is set to Password.	Set the Authentication Type to Password + PublicKey or Public key
On the ESA Web UI, navigate to System → Files. When you edit `exampleusers.txt` the or `examplegroups.txt` files, the following error appears. `Failed to retrieve product file from the server`	The files might contain a `\U` character	On the CLI manager, navigate to Administration → OS Console Run the following command. vi /opt/protegrity/mbs/users/exampleusers.txt or vi /opt/protegrity/mbs/users/examplegroups.txt Remove the `\U` character and save the changes. On the ESA Web UI,navigate to System → Files and edit the files. The files can be edited.
On the Web UI, reset password for the `ldap_bind_user` account. When you refresh the User Management screen, the following message appears: `No Users available` Also, an LDAP user cannot log in to the appliance from the CLI Manager or Web UI.		Perform the following steps: Log in to the CLI Manager with the`local_admin` user. Navigate to Administration → Specify LDAP server/s. Enter the root credentials. Select Set Proxy Authentication. In the Bind Password text box, enter the password that you specified for `ldap_bind_user` while resetting it from the Web UI Save the changes. Log in to the CLI manager or Web UI with any LDAP user. The LDAP user can log in to the appliance. On the User Management screen, the users are visible.
In a Primary ESA of a TAC, when you navigate to External Groups screen, the following message appears. Failed to fetch data from External Groups. Try refreshing the page	The following JSON files in `/opt/externallookup/data` whose size are 0 KB: `ESA_Policy_Admins.json` `BankDataAccess.json` `ESA_Admins.json` `ESA_Developers.json`	Delete the mentioned files. This issue mainly occurs if the size the `/opt` partition is full. Ensure that you maintain the required space in the `/opt` partition by keeping only the relevant files in it.
When you run the Full OS Backup operation from the Web UI, the following message appears. Unauthorised User		Perform the following steps: Click Done. Click OS Full. Wait till the notification Backup has been initiated appears. Click Ok.
When removing a remote node from the cluster, uninstalling the cluster services, or performing a leave cluster operation on the Web UI, the following message appears. Error! Failed to leave cluster: LeaveCluster <IP address>: The node cannot leave the cluster as it has existing associated tasks.		Delete all the tasks associated with the node before removing the node from the cluster.
On the Azure and the GCP instances, when you reset the password from the CLI manager for a user, you get the following error message: Login failure - 'failed to authenticate user: Insufficient privileges'		Azure and GCP instances do not support reset password in the CLI manager. You must reset passwords only from the Web UI.
When the listening address of the SNMPD port is changed, the following error appears on the Web UI: SNMP Service started failed	The assigned port is already configured for SNMPTRAPD.	It is recommended to not use the listening address which is already assigned and configured for other ports.
When the listening address of the SNMPD port is set as an invalid value (example: abcd), the following error appears on the Web UI: SNMP Service started failed		It is recommended to not set invalid listening address for the ports.
When the cluster node label is updated in the CLI Manager under Tools → TAC → Node Management → Update Cluster Information, the Appliance logs on the Web UI show the following traceback:`/etc/init.d/appliance-cluster-status: Cluster-AutoUpdate:Exception while updating cluster-status: (<type 'exceptions.ValueError'>, ValueError('list.remove: x not in list',), <traceback object at 0x7f26293a5d40>`		To remove the traceback from the Appliance logs, remove the custom labels added for the cluster nodes. To update the cluster node label, perform the following steps: In the CLI Manager of the node hosting the cluster, navigate to Tools → TAC → Node Management → Update Cluster Information. The Update Cluster Information screen appears. Update the label of the node in the `custom:<your label>` format. Select OK. The label for the cluster node is updated.
When you try to revoke Two-Factor Authentication shared secret for per user shared secret setting, the operation fails	This may happen if the `username` contains special characters.	To revoke the shared secrets, perform the following steps. From the Web UI, navigate to Settings → Security → Two Factor Authentication. From the Settings, change the Storage type to Local file-system. From the OS Console, remove the file containing shared secret for each user using the following command: rm /opt/protegrity/.OS/users/<username>/2FA.vcode
The `logrotate` task fails intermittently with the following error. Cloud gateway logrorate failed with error: error renaming temp state file /var/lib/logrotate/status.tmp However, the logs are rotated successfully.	The `logrotate` task maintains a temporary file which is common for all logrotate operations. When the `logrotate` script is executed, it updates the temporary file, renames the temporary file, and rotates the logs successfully. Simultaneously, if another `logrotate` operation is triggered, then it is unable to find the temporary file as it was updated and renamed during the previous `logrotate` operation. This results in the `logrotate` task failure.	To resolve the `logrotate` task fail error, perform the following steps. Copy the `/etc/cron.d/ksa` file. Edit the `/etc/cron.d/ksa` file. Update the following lines. /10 * * * root /usr/sbin/logrotate /etc/ksa/logrotate.conf 2-59/10 * * * * root /usr/sbin/logrotate -s /var/lib/logrotate/status1.tmp /var/webservices/logrotate.conf 4-59/10 * * * * root /usr/sbin/logrotate -s /var/lib/logrotate/status2.tmp /etc/ksa/service_dispatcher/logrotate.conf Save the `/etc/cron.d/ksa` file.
When you access Help from the CLI Manager, you are not able to exit from the CLI Help menu.		To exit from the CLI Manager Help menu, you can: Close/restart the SSH session. Restart the ESA.
When you log in to the ESA instance in either AWS or GCP, the following error appears. WARNING: Failed to find a usable hardware address from the network interfaces; using random bytes: 1b:1f:ff:64:9b:b6:ea:ce	The licenses generated are not locked to the MAC address of the ESA machine.	You must contact Protegrity support to generate a license file that is linked to the MAC address of the ESA machine.
When you execute the Antivirus daily update, a high severity log event is generated, and the following error message appears. Anti-Virus database update has failed.	The Anti-virus program connects to the `clamav` web and check for updates. If there are no update available for download, then the task is executed and a high severity log event is generated.	Run the task manually. Perform the following steps: Navigate to Tools → AntiVirus. Select Options and press Enter.
On ESA or appliance based product, after you reboot the system, the service dispatcher stops. It does not starts even after performing the operation manually. The status of `/etc/init.d/service_dispatcher` shows `running` on `OS Console`. However, if you navigate to Administration → Services from the `CLI Manager`, then the status appears as `stopped`.	This might occur when the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file is present.	Perform the following steps: Verify if the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file is present. If the file is present, then remove the `"/usr/local/pty-apache/var/run/apache2/httpd.pid"` file using the following command: rm /usr/local/pty-apache/var/run/apache2/httpd.pid Restart the service dispatcher using the following command. /etc/init.d/service_dispatcher restart
When you rotate the appliance OS keys, no error log event is generated, however, the following error message appears on the screen. Failed to apply all the changes. Please accept all the changes from the Web UI		Perform the following steps: Login to ESA CLI using the `administrative user` credentials. Navigate to Administration → OS Console. Enter `root` password. In the VI editor, edit the `/var/lib/samhain/samhain_file` file. Add the following line in the file `[SOF]` and save the file. Quit and exit from the console. Navigate to Tools → Rotate Appliance OS Keys. Enter `root` password. Select Yes and enter `admin` credentials. Set new passwords for the required users and click Apply. After the credentials are successfully updated, exit from the CLI Manager. Login to the CLI Manager using the updated passwords.
After creating the backup of the system, if you modify the the authorized keys, then the ESA overwrites the updated keys while performing the import operation. However, after creating the backup of the system, if you add new users and their authorized keys, then the ESA will include them in the system after you perform the import operation. By default, the ESA will append the new users and their corresponding keys.		Delete the new users and their corresponding keys from the system, if they are not required. For more information about deleting keys, refer to `Deleting an Authorized Key` in the Protegrity Appliance Overview Guide 9.1.0.0.
On the Azure and GCP cloud platforms, if a new machine is created using a snapshot of the disk, then the machine is not reachable.	When you create a machine using a snapshot of the disk, then the routing tables are not updated.	To resolve this issue, restart the network settings for the new machine. To restart the network settings, perform the following steps: Login to the CLI Manager. Navigate to Administration → OS Console. Enter `root` password. To restart the networking settings, run the following command. /etc/init.d/networking restart
Unable to export the information while executing the cluster task using the `IP address` of the node.	This might occur if the task is executed using the `IP address` of the cluster task instead of the `Hostname`.	To resolve this issue, ensure that the `IP address` of the cluster node is replaced with the `Hostname` in the task. For more information about executing the cluster task, refer to `Scheduling Configuration Export to Cluster Tasks` in the Protegrity Appliance Overview Guide 9.2.0.0.
After upgrading the ESA, the `webservices` stays in the `stop` state and the WEB UI is inaccessible.	This might happen due to duplicate entries of localhost and ESA IP in the `/etc/hosts` file.	If the ESA IP, ESA domain name and FQDN are already present in the `/etc/hosts` file, then do not add these details in the `/etc/ksa/hosts.append` file. Avoid editing the `/etc/hosts` file. Changes should be done only in the `/etc/ksa/hosts.append` file. Add the details to the `/etc/ksa/hosts.append` file and then restart the networking services. The changes will be reflected in the `/etc/hosts` file.
When upgrading the ESA, the upgrade fails with the following error: Call to check key state failed. Please verify that all services are running.	This might happen due to the GPG Public Key used to sign Debian packages embedded in Protegrity appliances expired on April 9, 2024. The appliances installed before this date will continue to function, however issues will occur when upgrading or applying any maintenance patches to these appliances.	To avoid this issue, it is recommended to apply the `PAP_PAP-ALL-64_x86-64_Generic.V-6.pty` patch to extend the expiry date of the GPG Public Key used to sign Debian packages embedded in Protegrity appliances. This patch must be applied before applying maintenance releases or upgrading the ESA. For more information, refer the following `GPG Public Key Expiration` announcement on My.Protegrity.com portal. https://my.protegrity.com/notifications/GPG-notification#_New_Installations

Understanding the Insight indexes

Mon, 01 Jan 0001 00:00:00 +0000

All the Appliances and Protectors send logs to Insight. The logs from the Audit Store are displayed on the Discover screen of the Audit Store Dashboards. Here, you can view the different fields logged. In addition to viewing the data, these logs serve as input for Insight to analyze the health of the system and to monitor the system for providing security. These logs are stored in the Audit index with the name, such as, pty_insight_analytics_audit_9.2-*. To refer to old and new audit indexes, the alias pty_insight_*audit_* is used.

Understanding the index field values

Mon, 01 Jan 0001 00:00:00 +0000

Common Logging Information

These logging fields are common with the different log types generated by Protegrity products.

Note: These common fields are used across all log types.

Field	Data Type	Description	Source	Example
cnt	Integer	The aggregated count for a specific log.	Protector	5
logtype	String	The type of log. For example, Protection, Policy, Application, Audit, Kernel, System, or Verification.For more examples about the log types, refer here.	Protector	Protection
level	String	The level of severity. For example, SUCCESS, WARNING, ERROR, or INFO. These are the results of the logging operation.For more information about the log levels, refer here.	Protector	SUCCESS
starttime	Date	This is an unused field.	Protector
endtime	Date	This is an unused field.	Protector
index_time_utc	Date	The time the log was inserted into the Audit Store.	Audit Store	Sep 8, 2024 @ 12:55:24.733
ingest_time_utc	Date	The time the Log Forwarder processed the logs.	Log Forwarder	Sep 8, 2024 @ 12:56:22.027
uri	String	The URI for the log. This is an unused field.
correlationid	String	A unique ID that is generated when the policy is deployed.	Hubcontroller	clo5nyx470bi59p22fdrsr7k3
filetype	String	This is the file type, such as, regular file, directory, or device, when operations are performed on the file. This displays the value ISREG for files and ISDIR for directories. This is only used in File Protector.	File Protector	ISDIR
index_node	String	The index node that ingested the log.	Audit Store	protegrity-esa746/192.168.2.20
operation	String	This is an unused field.
path	String	This field is provided for Protector-related data.	File Protector	/hmount/source_dir/postmark_dir/postmark/1
system_nano_time	Long	This displays the time in nano seconds for the Signature Verification job.	Signature Verification	255073580723571
tiebreaker	Long	This is an internal field that is used with the index time to make a record unique across nodes for sorting.	Protector, Signature Verification	2590230
_id	String	This is the entry id for the record stored in the Audit Store.	Log Forwarder, td-agent	NDgyNzAwMDItZDI5Yi00NjU1LWJhN2UtNzJhNWRkOWYwOGY3
_index	String	This is the index name of the Audit Store where the log is stored.	Log Forwarder, td-agent	pty_insight_analytics_audits_10.0-2024.08.30-000001

Additional_Info

These descriptions are used for all types of logs.

Index entries

Mon, 01 Jan 0001 00:00:00 +0000

Audit index

The log types of protection, metering, audit, and security are stored in the audit index. These log are generated during security operations. The logs generated by protectors are stored in the audit index with the name as shown in the following table for the respective version.

ESA version	Index pattern	Description	Example
ESA v10.2.0	pty_insight_analytics_*audits*	Use in the Audit Store Dashboards for viewing v10.2.0 logs on the dashboard.	pty_insight_analytics_audits_10.0-2024.08.30-000001
v9.2.0.0 and earlier	pty_insight_*audit_*	Use in the Audit Store Dashboards for viewing older release logs on the dashboard.	pty_insight_analytics_audit_9.2-2024.08.07-000001, pty_insight_audit_v9.1-2028.02.10-000019, pty_insight_audit_v2.0-2022.02.19-000006, pty_insight_audit_v1.1-2021.02.17-000001, pty_insight_audit_v1-2020.12.21-000001
v8.0.0.0 and above	pty_insight_*audit*	Use in the Audit Store Dashboards for viewing all logs.	pty_insight_analytics_audits_10.0-2024.08.30-000001, pty_insight_analytics_audit_9.2-2024.08.07-000001, pty_insight_audit_v9.1-2028.02.10-000019, pty_insight_audit_v2.0-2022.02.19-000006, pty_insight_audit_v1.1-2021.02.17-000001, pty_insight_audit_v1-2020.12.21-000001

The following parameters are configured for the index rollover in v10.2.0:

Log return codes

Mon, 01 Jan 0001 00:00:00 +0000

Return Code	Description
0	Error code for no logging
1	The username could not be found in the policy
2	The data element could not be found in the policy
3	The user does not have the appropriate permissions to perform the requested operation
4	Tweak is null
5	Integrity check failed
6	Data protect operation was successful
7	Data protect operation failed
8	Data unprotect operation was successful
9	Data unprotect operation failed
10	The user has appropriate permissions to perform the requested operation but no data has been protected/unprotected
11	Data unprotect operation was successful with use of an inactive keyid
12	Input is null or not within allowed limits
13	Internal error occurring in a function call after the provider has been opened
14	Failed to load data encryption key
15	Tweak input is too long
16	The user does not have the appropriate permissions to perform the unprotect operation
17	Failed to initialize the PEP: this is a fatal error
19	Unsupported tweak action for the specified fpe data element
20	Failed to allocate memory
21	Input or output buffer is too small
22	Data is too short to be protected/unprotected
23	Data is too long to be protected/unprotected
24	The user does not have the appropriate permissions to perform the protect operation
25	Username too long
26	Unsupported algorithm or unsupported action for the specific data element
27	Application has been authorized
28	Application has not been authorized
29	The user does not have the appropriate permissions to perform the reprotect operation
30	Not used
31	Policy not available
32	Delete operation was successful
33	Delete operation failed
34	Create operation was successful
35	Create operation failed
36	Manage protection operation was successful
37	Manage protection operation failed
38	Not used
39	Not used
40	No valid license or current date is beyond the license expiration date
41	The use of the protection method is restricted by license
42	Invalid license or time is before license start
43	Not used
44	The content of the input data is not valid
45	Not used
46	Used for z/OS query default data element when policy name is not found
47	Access key security groups not found
48	Not used
49	Unsupported input encoding for the specific data element
50	Data reprotect operation was successful
51	Failed to send logs, connection refused
52	Return code used by bulkhandling in pepproviderauditor

Policy Management Errors

Mon, 01 Jan 0001 00:00:00 +0000

Nodes Connectivity Status of the nodes is displayed as `Error` under Policy Management > Data Stores in ESA Web UI

Issue : In a multi-site ESA configuration, if the protectors are at or below v9.1.0.0, then the Node Connectivity Status on the Primary site ESAs might display Error status. This behavior is observed for all the protector nodes after performing failover and fail back operations between Primary and the Disaster Recovery sites.

Protectors security log codes

Mon, 01 Jan 0001 00:00:00 +0000

The security logging level can be configured when a data security policy is created in the Policy management in ESA. If logging level is set to audit successful and audit failed, then both successful and failed Unprotect/Protect/Reprotect/Delete operations will be logged.

You can define the server where these security audit logs will be sent to. You can do that by modifying the Log Server configuration section in pepserver.cfg file.

If you configure to send protector security logs to ESA, you will be able view them in Discover, by logging into the ESA and navigating to Audit Store > Dashboard > Open in new tab, select Discover from the menu, and select a time period such as Last 30 days. The following table displays the logs sent by protectors.

Additional log information

Mon, 01 Jan 0001 00:00:00 +0000

These are values for understanding the values that are displayed in the log records.

Log levels

Most events on the system generate logs. The level of the log helps you understand whether the log is just an information message or denotes some issue with the system. The log message and the log level allows you to understand more about the working of the system and also helps you identify and troubleshoot any system issues.

ESA Error Handling on

ESA Upgrade Readiness Patch Error Messages and Resolutions

Common ESA Logs

Common ESA Errors

Table: ESA Common Errors

Understanding the Insight indexes

Understanding the index field values

Common Logging Information

Additional_Info

Index entries

Audit index

Log return codes

Policy Management Errors

Nodes Connectivity Status of the nodes is displayed as Error under Policy Management > Data Stores in ESA Web UI

Protectors security log codes

Additional log information

Log levels

Nodes Connectivity Status of the nodes is displayed as `Error` under Policy Management > Data Stores in ESA Web UI