search cancel

New Application Protection Subscription Database Update Fails to Install when Multi-Tenant Policy Fails to Compile


Article ID: 170346


Updated On:


ProxySG Software - SGOS


Users of Multi-Tenant and Application Protection Subscription (APS) may experience an issue during an update to the APS database. 

When the ProxySG appliance downloads an updated APS database, it re-compiles all policy before it installs the database. During this process, if any multi-tenant policy object has the same name as an object in non-tenant policy, policy fails to compile and the APS database installation fails, but continues to attempt installation. A memory leak in this process compounds in subsequent failed attempts, resulting in system instability.

%  New default policy was installed. Failed to refresh 1 tenant policy


The policy compilation process will not complete successfully if mutilple objects bear the same name. During normal operation, a list of compilation errors are produced and the process stops. During a APS database update, however, the system continually attempts to compile policy.


ProxySG deployments that make use of both Multi-Tenant configurations and the Application Protection Subscription service.


  • Fix the policy compilation issue.
    • Examine and compare your local and multi-tenant policy object names and alter any duplicates.
    • To compare policy sets and search for object names, you can use the policy viewer. See this article for details. 
  • Update to 6.7.4 or later.
    • The memory leak component to this issue is resolved in SGOS 6.7.4.
  • Disable automatic APS updates