Troubleshoot Private Endpoints

Get help troubleshooting issues with private endpoints.

Error When Creating a Private Endpoint

The error message that appears on the Log messages page helps you troubleshoot. Which error message did you see?

Tip:

You can open the Log messages page from the Private endpoints page. In the left menu, below Resources, click Work requests. Then, in the table of work requests, find the work request for the private endpoint, and click the value in the Operation column.
Error Reason for the error and next steps

Unable to add or enable Private Endpoint Outbound Connection for the integration instance. This error can occur, if the customer tenancy is not configured with the required policy to enable the Private Endpoint. Update or add the policy, and retry.

The error occurs when the policy is missing or incorrect, or you're not part of the group that is assigned to the policy.

Check your policy, and make sure you're part of the group that is allowed to create private endpoints.

See Prerequisites for Configuring a Private Endpoint.

Unable to add Private Endpoint. The option to add a Private Endpoint for the integration instance is not supported.

The error occurs when your region doesn't support private endpoints. If this message appears, you can't create or use private endpoints.

Unable to add Private Endpoint outbound Connection for the Integration instance. This error can occur when all available IP addresses of the Subnet has already been allocated; ensure there are sufficient unassigned IP addresses available in the Subnetld subnet_id.

The error occurs when all the subnet's available IP addresses have already been allocated.

Increase the CIDR limit for the subnet.

Unable to Edit a Private Endpoint

You cannot edit an existing private endpoint. However, you can delete the endpoint and create another one.

See Delete a Private Endpoint.

Error When Testing a Connection

The error message that pops up after you test the connection helps you troubleshoot. Which error message did you see?

Error Reason for the error and next steps

Unable to fetch the value of dnsProxyIp , make sure the endpoint is connecting to a valid private endpoint

The error occurs when the private endpoint hasn't been created yet, or when the private endpoint has been deleted.

See Configure a Private Endpoint for an Instance.

CASDK-003: Unable to parse the resource, connection_url. Verify that URL is reachable, can be parsed and credentials if required are accurate.

The error occurs when you select Public gateway as the Access type when creating the connection.

Select Private endpoint instead.

{"detail":""."status":"HTTP 500 Internal Server Error","Operation (testConnection) failed: Error while performing AddressTranslation for private endpoint. Please check if the connection url is valid","type":"https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1")

or

{"detail":""."status":"HTTP 500 Internal Server Error","Operation (testConnection) failed: This connection is configured with an address which is not in an allowable range","type" "https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1"}

This error can occur for the following reasons:

  • When you try to connect to a resource that's in a different VCN than the private endpoint connects to. A private endpoint can connect to a single subnet in a single VCN.

    Ensure that all private resources are in the subnet that the private endpoint connects to.

  • When you provide a host IP address on the Connections page. To connect through a private endpoint, you should always provide the host FQDN and not the IP address.

  • When the private endpoint is configured in a subnet of a VCN and the endpoint (database/REST service) exists in another subnet whose security list is not open to the private endpoint subnet for access, even though both are on the same VCN.

    See Security Lists.

    Open the ingress of the endpoint subnet CIDR to let the private endpoint subnet access the endpoint. Also, the egress of the private endpoint subnet should allow access to the endpoint CIDR. Ensure the network is open between the two subnets.

  • Your DNS zone is unable to resolve the Autonomous Transaction Processing custom host name. To resolve this issue, update your DNS zone and add an entry that maps the Autonomous Transaction Processing FQDN to the Autonomous Transaction Processing private IP.

Runtime Errors

Error Reason for the error and next steps

Error while performing AddressTranslation for private endpoint, Please check if the connection url is valid;

The error occurs when the private endpoint hasn't been created yet, or when the private endpoint has been deleted.

See Configure a Private Endpoint for an Instance.