Cognos Analytics 11.1.7
Microsoft Windows 2019 server


I have installed all of cognos on the windows server, but only want it to act as Content Manager, in a multi server setup. What service should be running?


Go into Cognos Configuration on your CM server.

Set all to False, except this services:

Content Manager service enabled?
Event management service enabled?
Job service enabled?
Metadata service enabled?
Monitor service enabled?

Save the configuration and restart all your CA11 servers.

More information:

Schedule jobs in CA11 is handled by the Monitor service.

Cognos Controller 10.4.2
Cognos Analytics 11.1.7
Microsoft Windows 2016 server

After a windows patch, no one can login to cognos controller.


An error occurred while trying to access server…

System.Web.Services.Protocols.SoapException: Server was unable to process request. —> System.IndexOutOfRangeException: Index was outside the bounds of the array….


Login to Windows server where CA11 and Cognos Controller IIS are.

Launch a command prompt
Type the following:    IISRESET


Check if you can login to Cognos Controller, after above restart of www service.

More information:



Microsoft Windows 10

How stop virtual box vms from command line before computer shutdown?

Suggestion: (this may not work)

Create text files in a c:\scripts folder with the command you need to start and stop vms.
Important: that case of the vms name matched the name you have given them inside Virtualbox.

Create a CMD file with following command:

rem stop one virtualbox image
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" list runningvms

"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" controlvm "win2012big" acpipowerbutton
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" controlvm "Win2016 CAPA" acpipowerbutton

Add the file to group policy on the computer:

  1. In a command window, open the Group Policy Editor (GPE) by running gpedit.msc.
  2. Expand Computer Configuration and select Windows Settings.
  3. Double-click Scripts (Startup/Shutdown).
  4. Click Add and add c:/scripts/vboxshutdown.cmd.

Add the start script (c:/scripts/vboxstart.cmd) to the Start properties.

Create a CMD file with following command to start:

rem start one virtualbox image
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" startvm "Win2016 CAPA"
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" startvm "Win2019"


You may need to use the Task Scheduler instead, to make it work.

Or try placing a shortcut of the script as a startup program in %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup.

Or place a shortcut to your start script in folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp – that make the script run when user login.


More Information:

Vboxmanage command not found in Windows CMD or PowerShell

Managing VirtualBox with PowerShell

Cognos Controller 10.4.2
Microsoft Windows 2016 server

Working in a excel file with fgetval formulas, but even do – i is logged into Cognos Controller, the cell show “You have not logged in”.


Check if it will update the values if you press F9.

Otherwise check your formulas carefully in your spreadsheet, as if they are wrong you will get this error.

If it is only one spreadsheet that does not work, it is probably a misspelled formula in that sheet.

More information:

Cognos Controller 10.4.2
Cognos Analytics 11.1.7
Microsoft Windows 2019 server

When login to Cognos Controller, you get a error, after you select the database. This is a multi-server setup with load balanced Controller and CA11 servers. SSO with Active Directory is used.

Error message:


System.Web.Services.Protocols.SoapException: Server was unable to process request. —> System.NullReferenceException: Object reference not set to an instance of an object.
at Cognos.Controller.Common.CRNBridge.CRNBridge.ValidateUser(String passportId, String[]& membership, String sGuid, String sUser, String& sErrorMessage)….

— End of inner exception stack trace —
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at CCRRemoteServerProxy.Proxy.Light.WSLight.UserManager_GetCurrentUsers(String sGuid, String sUser)
at FrUserManagerB.RemoteUserManager.GetCurrentUsers…..


System.Web.Services.Protocols.SoapException: Server was unable to process request. —> System.NullReferenceException: Object reference not set to an instance of an object.
at Cognos.Controller.Proxy.ControllerReportNetService.RepNet.GetUserInfo(String sGuid, String sUser, String passportId)
at Cognos.Controller.Proxy.CCRWS.GetUserInfo(String sGuid, String sUser, String passportId)
— End of inner exception stack trace —
at Cognos.Controller.Forms.Common.Main.DoLoginCognos8(Form& frm)
at CCR.AppContext.DoLogin()
at CCR.AppContext.Login()

Suggested Solution:

Check that the Cognos Gateway point to the correct Cognos Dispatcher or correct port in the IIS setup.

Start Internet Information Services (IIS) manager on the Cognos Gateway server.

Click on the Server name and double-click the Configuration Editor icon.

Expand the drop-down list and select webFarms.

Mark Collection and click on the ellipses.

Click on the webFarm element and then the ellipses.

Select the server you want to check, expand the applicationRequestRouting, and see the port number.

Edit the number, if it is wrong.  Check the other servers in the list.
Close the dialog.

Close the collection editor dialog to.

Click Apply in the Configuration Editor.

Close IIS manager.

You can also check the values in applicationHost.config file, under C:\Windows\System32\inetsrv\Config folder.

Open the file in Notepad++

The lines for webfarms is at the end of the file.


How the communication probably works;

Check that the ccr.exe.config files WSSURL value point to a Cognos Controller server that is up;

<add key=”WSSUrl” value=””/>

On that server; Ensure that Cognos Controller Configuration points to a report server gateway that is up;

On that server; ensure that Cognos Analytics Configuration Dispatchers URI for gateway point to a CA dispatcher (report) server that is up;

But also check the IIS server farm, that they point to CA servers that is up and that they use the correct port:9300

The CA11 server cognos configuration, will use the Content Manager URI, to validate that you can login;

But also check that the IIS site /ibmcognos/sso have Windows Authentication enabled.

If the IBM Cognos service is not running, then the IIS Server Farm will classify it as unhealthy.

If the dispatcher server is unhealthy, then the CA gateway will not send the request there, and it will time out.

Check that the Windows firewall will allow port 8173 for the IIS communication and port 9300 for Cognos communication.

More information:

In the cognosserver.log file you can see error like this:

ERROR [Default Executor-thread-72] NA bi HttpServletResponseCode for /bi/v1/ping is in error: 503

Browse to   to check if the content manager is running.

Cognos Controller 10.4.2

Microsoft Windows 2019 server

You try to unlock a company in Cognos Controller. You get a error message:

“Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression”



Delete the entire contents of the temporary table ‘sactrlinfo’.

Delete FROM [CCR_UKFPM].[fastnet].[sactrlinfo]

Disable the system audit log functionality entirely.

Go to Maintain – System Audit Log – Configuration and deselect:

“Enable tracking of structure change details for System Audit Log > Structures”

“Enable tracking of data change details for Audit Trail”

More information:

Cognos Controller 10.4.2
Microsoft Windows 10

How install Cognos Controller client on my laptop?


Find your CCRLocalClient64.msi file from a file share on the server. Recommended to copy the msi file first to your hard-disk and place it in a folder e.g. c:\temp.

Right click on msi file and select Install.

Click Next

Enter the name of your controller server, instead of localhost and press Next.

You should only update the WSS URL line, to something like this:

Press next

Press install

If you get a question about allow Cognos Controller to make changes to your computer, click Yes.

Click Finish.

Click on the IBM Cognos Controller icon on the Windows start menu, to start the program.

Select your database to login.

Click on the Excel icon to start your excel session. Can be good, to do this before you go to Data Entry.

Under Help – System Info – menu, can you see the version you have installed.

If you go to Control Panel – Programs and Features, you will see the program installed.

From the control panel you can uninstall Cognos Controller, this you need to do before upgrade to a new version.

You need to have NET Framework 4.7.2 on your laptop for best performance;

More Information:

Inside Microsoft Excel, go to File – Options – Add-ins and check that Controller add ins are active.

Cognos Controller 10.4.2
Microsoft Windows 2019 server

One user can not login to the new Cognos Controller setup with CA11, after selecting the database he get a error that he can not reach the CA11 website.

It worked in old version of Cognos Controller (where a different version of Cognos Analytics is used).


On the CA11 servers, add the following registry value:

Windows Registry Editor Version 5.00


Reboot the windows servers, in correct order, with Cognos Content Manger first.

If a user is member of a lot of AD groups, here login call may be to big for the HTTP settings, therefor a adjustment like this is needed.

More information:

Other causes can be;

1. Logon to the Controller application server as an administrator
2. From the Start menu, launch “Controller Configuration”
3. Open section “Web Services Server”
4. Open subsection “Report Server”
5. Ensure that the setting for “Report Server” is correct, and can be resolved by the end user’s PC.
Example (when using Cognos Analytics without SSO):
Example (when using Cognos Analytics with SSO):
6. Click “Save”
7. Test.


  1. Logon to Report Server (Cognos Analytics server) as an administrator
  2. From the Start Menu, launch “Cognos Configuration
  3. Expand section “Local Configuration – Security – Authentication
  4. Ensure that the setting “Restrict access to members of the built-in namespace” is set to “True
  5. After making changes, restart the Cognos service (for example restart the ‘IBM Cognos’ Windows service).



  1. Logon to Report Server (BI server) as an administrator
  2. From the Start Menu, launch “Cognos Configuration
  3. Expand section “Local Configuration – Security – Authentication – Cognos
  4. Ensure that the setting “Allow anonymous access” is set to “False
  5. After making changes, restart the Cognos reporting service.


Modify all IIS/SSO settings (for example the ‘Rewrite rules’) to use the lowercase value for the URLs.
All server references in Cognos and IIS must be lowercase.

but all above will give, that all users have the same issue.

Cognos Analytics 11.1.4
Microsoft Windows 2019 server

How request and use external certificate for CA11 internal communication, e.g. port 9300?

If both internal and external connections use HTTPS, then you can use port 9300 for HTTPS. Otherwise you need to set a separate port number for the HTTPS services, suggestion 9334 or 9443.


The IKEYMAN tool allows you to include more fields for your certificate request. This instruction is hard to find, so a copy is provided here.

You need to do the steps on all your CA11 servers, but you start with the Content Manager server first.

1. Ensure that all IBM Cognos component services in the environment are shut down. Close any IBM Cognos Configuration that is open.
2. Copy the complete <cognos>\configuration directory to a safe place and name it configuration_original. At any point, this backup configuration directory can be restored to bring the state of the cryptographic keys for this component back to the original state.
3. Run iKeyman.exe as administrator (or ./ikeyman for linux/unix users) from C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\bin (for IBM Cognos 11.1.X+). For IBM Cognos 11.0.13 and lower versions, the path is <cognos>\jre\bin.

4. Click the folder with the curved arrow icon at the top of the window. In the open dialog panel, select PCKS12 as the Key Database Type, then browse to the <cognos>\configuration\certs directory and select CAMKeystore. Click OK. The default password is NoPassWordSet.


Generating a Certificate Signing Request (CSR):
5. Once the CAMKeystore loads, there are two certificates under the Personal Certificates drop down: ca and encryption.



6. Select the encryption certificate and rename it to encryption_old.
7. Select Create at the top of the iKeyman window, then click New Certificate Request. Make sure that Key Label is called “encryption“. The recommended Key Size is 2048 and the recommended Signature Algorithm is SHA256WithRSA.
The rest of the details can be completed as necessary. Multiple DNS names separated by a comma or a space can be used as well.
8. The CSR is called certreq.arm and it is located in <cognos>\configuration\certs. Give the certreq.arm to the certificate authority to generate the signed certificates.
9. Take another backup of the <cognos>\configuration directory and store it in a safe place. Name it “configuration_with_CSR“.
10. If the certificate authority returns two or three separate certificate files (root, intermediate (optional), and server certificates), in iKeyman, ensure that the Personal Certificates dropdown is set, then select Receive. Select only the server certificate.
If there is a dialog box that mentions that the CA (root certificate) is missing, click OK, and the encryption certificate is highlighted in yellow or the encryption certificate will be listed alongside the ca and encryption_old certificate.
Change the Personal Certificates drop down to Signer Certificates, then select Add and import the root certificate and intermediate certificate if the certificate authority returned one. The labels can be named root and intermediate.
If the certificate authority returns one file containing the certificates (.pem or .p12), click Receive or Add in either the Personal or Signer Certificates drop down, and select “Import all” at the prompt. All of the certificates are placed in their correct section.
11. Open Cognos Configuration. Under Environment, change these URIs to https:
  • Gateway URI
  • Dispatcher URIs for gateway
  • Controller URI for gateway
  • External and Internal dispatcher URI
  • Dispatcher URI for external applications
  • Content Manager URI
12. Under Cryptography > Cognos, switch “Use third-party CA?” to True.
Also, change the following to match the values used for the CSR in step 7:
  • Server common name (CN)
  • Organization name (O)
  • Country or region code (C)
Change the DNS Names field under Subject Alternative Name to match the DNS name(s) that were used during the generation of the CSR in Step 7.
13. Save the configuration and start the IBM Cognos services.

Important Note: During this process, IBM Cognos Configuration cannot be opened and the IBM Cognos Services cannot be started until these steps are completed. If the certificate authority takes some time to send the signed certificates, consider using the Third-Party Certificate Tool method instead.

More information:

The DOS program supports 3 values in the request;

ThirdPartyCertificateTool.(bat|sh) -c -e

[-p keystore_password] -a key_pair_algorithm

-r path_to_cert_or_csr

-d dn

[-H subject_alternative_nameDns_name_dn]

[-I subject_alternative_ip_addresses]

[-M subject_alternative_email_addresses]



Cognos Analytics 11.1.7
Microsoft Windows 2016 server
Microsoft SQL server

New installation of CA11. At start the IBM cognos service take long time to start. But the JAVA.EXE spins up to 6 GB ram and then crash and start over.

Errors like this are found log cbs_run_WebSphereLiberty.log:

Fri Aug 27 11:28:08 2021  INFO  t[e20] CBSBootstrapService attempt to load config from “D:\Program Files\ibm\cognos\analytics\.\bin64\./bootstrap_wlp_winx64.xml”

Fri Aug 27 11:28:11 2021  ERROR t[e20] CBSSocketCommand failed to connect, CAM error: <errorDetail><errorCode>-12</errorCode><errorMessage>CAM-CRP-0026 The underlying socket: ‘’ returned an error.</errorMessage><errorStack><errorCode>10061</errorCode><errorMessage>Could not connect the socket, errno: 0x274d(10061)</errorMessage>

Error found in windows event log:

Faulting application name: cogbootstrapservice.exe, version:, time stamp: 0x5daf2515

Faulting module name: ntdll.dll, version: 10.0.14393.4530, time stamp: 0x60e33cac

Exception code: 0xc0000374

Fault offset: 0x00000000000f7153

Faulting process id: 0x960

Faulting application start time: 0x01d79b1621caeb73

Faulting application path: D:\Program Files\ibm\cognos\analytics\bin64\cogbootstrapservice.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll


Thu Aug 26 20:59:12 2021  WARN  t[1908] CBSSockSendAction did not detect success string in response.

Thu Aug 26 21:00:14 2021  ERROR t[1908] PingChildProcess ping loop: process “wlp” is not active, so restarting it.

Thu Aug 26 21:00:52 2021  ERROR t[1908] CBSSocketCommand failed to connect, CAM error: <errorDetail><errorCode>-12</errorCode><errorMessage>CAM-CRP-0026 The underlying socket: ‘’ returned an error.</errorMessage><errorStack><errorCode>10061</errorCode><errorMessage>Could not connect the socket, errno: 0x274d(10061)

Error in Cognos Configuration at start:

[ ERROR ] CFG-ERR-0106 IBM Cognos Configuration did not receive a response from the IBM Cognos service in the time allotted.

Check that IBM Cognos service is available and properly configured.

16:31:03, ‘LogService’, ‘StartService’, ‘Success’.

Suggested solution:

Ensure DEP is only for needed processes.

Check that the if the server have two network cards, they are correct configured.

Check that the IP address and interface metric is not the same as other cards on the server.

Test to change to IBM cognos instead of NIST SP 800-131A.

Check that the IP addresses in cognos configuration is then one of your server.

Check for ports in use with DOS command:  netstat -a | find “9300”

Export the configuration, and recreate the crypto keys; like this


1. Stop the running of your service in Cognos Configuration.

2. On the Content Manager computer, click ‘File > Export As’.

3. Choose ‘Yes’ at the prompt and save the file. For example, name it ‘backup.xml’ which will be stored in the c11\configuration folder.

4. Close Cognos Configuration.

5. On the Content Manager computer
5.1 Create a backup of the following files before moving them to a different, secure location (as during the cryptographic keys regeneration process they will be re-created):

The files are:

· c11/configuration/cogstartup.xml

· c11/configuration/caSerial

· c11/configuration/certs/CAMCrypto.status

· c11/configuration/certs/CAMKeystore

· c11/configuration/certs/CAMKeystore.lock

· c11/temp/cam/freshness

5.2 Create a backup of the following directories before moving it to a different, secure location (as during the cryptographic keys regeneration process they will be re-created). Alternatively you can also rename the directories.

The directory is

· c11/configuration/csk

6. In the c11\configuration folder, rename ‘backup.xml’ to ‘cogstartup.xml’.

7. Open Cognos Configuration, save the configuration and start the services.


Restart windows server and see if that helps.

More information: