New Application Protection Subscription Database Update Fails to Install when Multi-Tenant Policy Fails to Compile
Last Updated October 24, 2017
Users of Multi-Tenant and Application Protection Subscription (APS) may experience an issue during an update to the APS database.
When the ProxySG appliance downloads an updated APS database, it re-compiles all policy before it installs the database. During this process, if any multi-tenant policy object has the same name as an object in non-tenant policy, policy fails to compile and the APS database installation fails, but continues to attempt installation. A memory leak in this process compounds in subsequent failed attempts, resulting in system instability.
ProxySG deployments that make use of both Multi-Tenant configurations and the Application Protection Subscription service.
% New default policy was installed. Failed to refresh 1 tenant policy
The policy compilation process will not complete successfully if mutilple objects bear the same name. During normal operation, a list of compilation errors are produced and the process stops. During a APS database update, however, the system continually attempts to compile policy.
Fix the policy compilation issue.
Examine and compare your local and multi-tenant policy object names and alter any duplicates.
To compare policy sets and search for object names, you can use the policy viewer. See this article for details.
Update to 6.7.4 or later.
The memory leak component to this issue is resolved in SGOS 6.7.4.
Disable automatic APS updates
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe