Unable to select Region from Device > User Identification > Cloud Identity Engine due to 'You have not activated Cloud Identity Engine'

• Cloud identify engine is properly configured and activated
• When trying to select Region from GUI: User Identification > Cloud Identity Engine, The message 'You have not activated Cloud Identity Engine. Click here to learn how to activate Cloud Identity Engine.' is displayed.
• No Cloud Identity Engine Instance can be listed in the pulldown 
• In dscd.log (less mp-log dscd.log) in Panorama, we can see the following error;

{"level":"info","time":"2022-11-14T09:47:32.6547441+09:00","message":"[CFG-DATA] DSS URL app-registry.appsvc.paloaltonetworks.com--https://app-registry.appsvc.paloaltonetworks.com/apps/directory_sync?fields=regions"}
{"level":"error","time":"2022-11-14T09:47:32.7260165+09:00","message":"Failed to execute request to DSS &{GET https://app-registry.appsvc.paloaltonetworks.com/apps/directory_sync?fields=regions HTTP/1.1 1 1 map[Content-Type:[application/json]] <nil> <nil> 0 [] false app-registry.appsvc.paloaltonetworks.com map[] map[] <nil> map[]   <nil> <nil> <nil> <nil>}"}
{"level":"info","time":"2022-11-14T09:47:32.7260498+09:00","message":"[CFG-DATA]Fetching of Region, tenant and Domain is done: false"} <<<<<<<<<<< !!!

 {"level":"debug","time":"2023-01-30T15:57:57.11049343+09:00","message":"[CFG-DATA] TenantDomain: Get tenant Domains url: https://app-directory-sync.jp.apps.paloaltonetworks.com/service/directory/v1/tenantdomains"}
> {"level":"error","time":"2023-01-30T15:57:57.117140087+09:00","message":"Failed to retrieve tenantDomain for region jp"}

• Cloud Identity Engine
• Panorama

1. Verify all of the following URLs are not blocked on any devices on the path between Panorama and the CIE infrastructure.

*.apps.paloaltonetworks.com
enforcer.Device Security.services-edge.paloaltonetworks.com
app-registry.appsvc.paloaltonetworks.com

2. Once the communication issue is fixed, the region selection will work fine.