by ·Comments Off on user not allowed to log on to this computer

Product:
Cognos Controller Client 10.4.2
Microsoft Windows 10

Issue:
During manual install of ccrlocalclient64.msi on a users laptop they get a error message.

Installing a program on a workstation demand that you are local administrator on that workstation.
In many cases, this is not allowed at companies, but you can get a temporary different user account that is local administrator.

But even when you use this temporary admin account, during installation, you get above error.

Solution:

First ensure that you account is local admin on the computer.

It should belong to a global Active Directory group that you can find in the list of administrator groups on the laptop.

The command net user adminDonald /DOMAIN will show the groups the account is part of.
Then check that one of these groups is part of the Administrator group on your computer.

Press the Win + R keys on your keyboard to open Run, enter the command compmgmt.msc, and then press Enter or OK.

Go to groups and click on Administrators to see what groups are listed.
If the group is in the list, that account is local admin on the workstation.
If it still does not work, ensure the workstation name is listed as allowed (see below).

If you run the below command for user Donald, you get a result similar to this.

C:\Windows\system32>net user adminDonald /DOMAIN
The request will be processed at a domain controller for domain europe.com.

User name Admindonald
Full Name Donald Duck admin
Comment 
User's comment
Country/region code (null)
Account active Yes
Account expires 2022-08-11 00:00:00

Password last set 2021-08-11 14:12:59
Password expires 2022-08-11 14:12:59
Password changeable 2021-08-12 14:12:59
Password required Yes
User may change password Yes

Workstations allowed myWorkstationName
Logon script
User profile
Home directory
Last logon Never

Logon hours allowed All

Local Group Memberships
Global Group memberships *Computers_local_admins *Domain Users
*other group x

The command completed successfully.

If Workstations allowed is missing, then you get above error.

More Information:

http://woshub.com/restrict-workstation-logon-ad-users/

https://www.digitalcitizen.life/ways-open-computer-management-windows/

by ·Comments Off on System.IndexOutOfRangeException: Index was outside the bounds of the array

Product:

Cognos Controller 10.4.2
Microsoft Windows 2019 server

Issue:
When starting and stopping the Cognos Controller client several times you get this error when you try to login.

System.Web.Services.Protocols.SoapException: Server was unable to process request. —> System.IndexOutOfRangeException: Index was outside the bounds of the array. at
Cognos.Controller.Proxy.ControllerReportNetService.RepNet.GetUserInfo ….

Solution:

There can be many cause of this issue, but first make sure you do not have previous errors that trigger this.

Logoff cognos controller client and restart your laptop, to ensure there are no excel or controller software running in the background.

Then login and try again.

When you get one error in Cognos Controller, it is best to logoff and restart the client completely to not get other errors as an affect of the first error.

More Information:

https://www.ibm.com/support/pages/error-occurred-while-trying-access-server-systemindexoutofrangeexception-index-was-outside-bounds-array-when-launching-controller-client

https://www.ibm.com/support/pages/troubleshooting-index-was-outside-bounds-array-when-launching-controller-client

by ·Comments Off on Date in Cognos Controller report is in wrong format.

Product:
Cognos Controller 10.4.2
Microsoft Windows 2019 server

Issue:
After new installation of Cognos Controller, when for example you check the data format in accusation registry.

It show like 28/02/2020

When it should look like 2020-02-28. This is the expected format for Sweden. Each country have its default format. This is often set inside your local computer, at Region in Control panel.

Solution:

Change the format in region to your country.

Go to Control panel.
Go to Region.

Change in the format drop down to your country, and click apply.
Click OK.
Start Cognos Controller client on your computer and try your report/view again.

On a citrix server, each users, have there own windows profile, and can have different region settings even do they are on the same citrix server.

More information:

https://www.ibm.com/support/pages/time-zone-clock-date-formats-controller-explanation-and-description

https://support.citrix.com/article/CTX103288

by ·Comments Off on No pencil icon to edit the data source connection

Product:

Cognos Analytics 11.1.7
Microsoft Windows 2016 server

Issue:
When try to change a old data source, in Cognos Analytics, the icon to change setting is missing.

Go to IBM Cognos Administration from the Manage menu by click on Administration console.
Click on Configuration tab.
Select the data source connection you want to change. For example Audit.

Then click on the more link for that data source.

Now click on Set Properties.

Click on the connections tab.

Here is now the pencil icon missing. This can be because the data source type is Other.

Solution:

Then you need to edit the data source direct in the string field.
Here you can change to other database server.

^User ID:^?Password:;LOCAL;OL;DBInfo_Type=MS;Provider=SQLOLEDB;User ID=%s;Password=%s;Data Source=SeRvErNaMe;Provider_String=Initial Catalog=AUDIT_PRD;@COLSEQ=

After you changed the Data Source value to your database server, click on OK.
This can be because the new version of CA11 does not support SQLOLEDB anymore.

Click on the link to test the data source again.

Click TEST button.

You should get a “Succeeded” Status if it works right.

More Information:

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=rt-data-servers-no-longer-supported-in-cognos-analytics

https://www.ibm.com/support/pages/equivalent-oledb-cognos-analytics

by ·Comments Off on How connect to grafana cloud?

Product:
Microsoft Windows Server
Issue:
How configure the agent-config.yaml file to work?

Solution:
The new windows agent for Grafana Cloud should make it easy to collect some metrics from your  computers to the dashboard in the cloud.

Sign up for a account at https://grafana.com/auth/sign-up/create-user?pg=dl&plcmt=box-right


Download the agent and install the agent from here https://grafana.com/blog/2021/04/22/weve-added-first-class-windows-support-to-grafana-agent/

If you click “Get Started with Grafana”, from your grafana.net page, you will see a list of local agent you can install to collect metrics (data) from your system. Click on Windows exporter and Next.

After you have configure the windows agent, as below, you can go back to this page and click “Test integration and finish installation”.

There is a default agent-config.yaml file created, where you need to add your url and username to make the agent ship data to the grafana cloud.
You get your Password (API key) on your host page – go to your name under grafana cloud, and then click on prometheus details to get the key and urls.  Click on grafana details to go to your cloud dashboard.

You need to copy the following values, and place in your yaml file.
Remote Write Endpoint (Use this URL to send Prometheus metrics to Grafana Cloud.)
Username / Instance ID (Your Grafana Cloud Prometheus username.)
Password / API Key (Your Grafana Cloud API Key. Be sure to grant the key a role with metrics push privileges.)

Open C:\Program Files\Grafana Agent\agent-config.yaml in notepad++ on your computer.

You need to add the lines remote_write (very important that every line is indent with two spaces)

remote_write:
  - url: https://prometheus-blocks-prod-us-central1.grafana.net/api/prom/push
    basic_auth:
      username: (the user number from your account)
      password: (the long password from your account)

In YAML file is important to indent the text correct, and the order of the lines, have a meaning. Above setup worked for me, to send data to the grafana cloud. You may find other configurations, also work well.

Then go to your grafana.net page, and select “integration – Windows Exporter” dashboard.

Monitoring Windows Services with Grafana, InfluxDB ‎and Telegraf

You will soon fill up your free account, so you must limit the services that is reported up to the cloud.

Add last to your agent-config.yaml file this lines, to limit the information collected:

 # List of collectors to enable
 enabled_collectors: "cpu,system,os,cs,time"

You can copy your text to a YAML checker: https://codebeautify.org/yaml-validator

Here is some information of possible values in the file:

cpu CPU usage
cpu_info CPU Information
cs “Computer System” metrics (system properties, num cpus/total memory)
net Network interface I/O
os OS metrics (memory, processes, users)
process Per-process metrics
remote_fx RemoteFX protocol (RDP) metrics
service Service state metrics
smtp IIS SMTP Server
system System calls

https://github.com/prometheus-community/windows_exporter/blob/master/README.md

https://grafana.com/grafana/dashboards/6593

More Information:

https://github.com/prometheus-community/windows_exporter

https://github.com/grafana/agent/blob/main/docs/configuration/integrations-config.md#windows_exporter_config

For a full description of configuration options, see windows_exporter_config in the Grafana Agent documentation.

After installation, the Agent config is stored in C:\Program Files\Grafana Agent\agent-config.yaml. Anytime the config file is modified, run the following to restart the Windows Agent so it can pick up changes:

sc stop "Grafana Agent" 
sc start "Grafana Agent"

https://grafana.com/blog/2020/07/02/getting-started-with-the-grafana-agent-a-remote_write-focused-prometheus-agent/ 

Windows Server Monitoring using Prometheus and WMI Exporter

https://devconnected.com/how-to-setup-grafana-and-prometheus-on-linux/

https://prometheus.io/download/

https://githubmemory.com/repo/prometheus-community/windows_exporter/issues/757

https://grafana.com/docs/grafana-cloud/how-do-i/control-prometheus-metrics-usage/usage-reduction/

https://grafana.com/docs/grafana-cloud/how-do-i/control-prometheus-metrics-usage/usage-analysis-explore/ 

https://grafana.com/tutorials/grafana-fundamentals/

by ·Comments Off on Violation of PRIMARY KEY constraint ‘PK_AE_CA_SEC_MEM’

Product:
Cognos Analytics Extended Audit 11
Microsoft Windows 2019 server

Issue:

Setup AuditExt as of this page, https://developer.ibm.com/technologies/analytics/tutorials/ibm-cognos-11-audit-extension/

but when run, it fails, check of log file (D:\Program Files\ibm\cognos\analytics\logs\c11AuditExtension.log) show a error message:

Violation of PRIMARY KEY constraint ‘PK_AE_CA_SEC_MEM’. Cannot insert duplicate key in object ‘dbo.AE_SECURITY_MEMBERS’

Solution:

The issue can be that you reach max.items limit, and get above error in the log file.

Stop the Cognos BI service.
Go to folder D:\Program Files\ibm\cognos\analytics\wlpdropins\AuditExt.war\WEB-INF\classes

Open c11AuditExtension.properties in Notepad++

Change this lines:

false — will not save the report xml in the audit database. option.ca.include.specifications: A Content Audit option that determines if the audit should record the specification XML of any reports/queries/analyses that it finds. Possible values are true and false. The default value is true. If this parameter is set to false, less database space will be used.
0 option.ca.max.duration: A Content Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.aa.max.duration: An Account Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.aa.max.items: An Account Audit option that limits the maximum number of items that will be processed by the audit. If the number is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no limit will be applied. The default value is 10000.
0 option.ra.max.duration: A Role Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.ra.max.items: A Role Audit option that limits the maximum number of items that will be processed by the audit. If the number is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no limit will be applied. The default value is 30000.
false — will not check my folders option.aa.include.content: An Account Audit option that determines if the audit should process the content of users’ My Folders. If set, this will cause a mini-Content Audit to be run for each user’s content where it exists. Possible values are true and false. The default value is true.

Save the file.
Start IBM Cognos windows service.
Browse to http://servername.domain.com:9300/AuditExt/ to run the “collection event” again.

After you have loaded the Audit Extension report package (AuditExt_deployment_c11_20181003), you can can run a report called “Audit Run Report” to see if the collection of audit data was successful.

Of course you need to create a data source called “audit_extension” to your database where you store the audit data.

Under the teams folder – Cognos Audit Extension – Role Audit – Capabilites available to Users report, can be the one that give you a detail view of the license possibility for each user. You need to test your way forward.

 

More information:
https://www.ironsidegroup.com/video/bi-expert/cognos-audit-extension-your-secret-weapon/

https://www.envisn.com/envisn-cognos-blog/bid/102863/Using-IBM-Cognos-10-Audit-Extensions

https://www.wisdomjobs.com/e-university/ibm-cognos-tutorial-196/auditing-4398.html

https://www.bspsoftware.com/knowledgebase/how-does-license-auditor-work/

by ·Comments Off on Fast way to check CA11 license

Product:
Cognos Analytics 11

Microsoft Windows 2019 server

Issue:
Faster way to check license, than use Audit extensions?

https://developer.ibm.com/technologies/analytics/tutorials/ibm-cognos-11-audit-extension/

Suggested solution:
Download and install MetaManager.
https://www.bspsoftware.com/products/metamanager/Download/

Unzip the 64bit file to a folder. You can install MetaManager on your laptop. (You only need port 80 and 9300 open in the firewall to be able to access the cognos servers from your laptop).

Run installation by click on the MetaManagerWixSetup.msi file

Click Next

Accept the license and click Next

Click Next

Click Install

Request a trail licenses from https://www.bspsoftware.com/products/metamanager/freestuff/

You need a trail license for each computer.

Activate the license, from inside the program by click on Enter license key;
Enter the information you got in mail from techdata:

“Thank you for your interest in MetaManager.

This license key will unlock free functionality in MetaManager including the BSP License Auditor module”

Setup the Cognos Connection, by go to tools – options. Click on IBM Cognos and add:

Enter a name, and the FQDN for the cognos server, and expand and enter your Cognos Admin account.

Namespace ID must be same as you have set as namespace in cognos configuration.

Click Test and OK.

You can access all your CA11 environment from one installation of Meta Manager. (you only need port 80 and 9300 to be open in firewall between your computer and the cognos servers).

Run the license scan:

Go to License Auditor – select your site from drop-down – click on Run.

Click OK and Close, to go to the result.

To see the administrators, click on the number or click on Accounts.

By select “Analytics Administrator” in drop down, you see what yellow capabilities that trigger that this user is Administrator.  The astrix* before a name indicate that the user is in the System Administrator group. Yellow lines tell that this user is consider as a Cognos Administrator, if he should not be it, you must go to Cognos Administration, Security tab, and Capabilities. Then click on “set properties” to find the users in that area.

Check you Cognos Security tabs Capabilities, to remove users and groups that should not be in the one capability; that will be triggered as administrator license.

Under permissions, remove the user or group that should not be there. If a user has Grant Execute rights he is consider to have this capability.

This list show the values that trigger different license roles (all values in the link):

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=licenses-default-permissions-based

Meta-manager calculate license this way;

https://www.bspsoftware.com/knowledgebase/how-does-license-auditor-work/

More information:

Avnet BSP Software

https://www.bspsoftware.com/products/metamanager/pricing/

https://www.pmsquare.asia/pmsquare/

https://www-03.ibm.com/software/sla/sladb.nsf/lilookup/441D74E2925A72EA8525828300720001?OpenDocument

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=licenses-license-roles

https://www.bspsoftware.com/knowledgebase/installing-metamanager/
Contact your IBM partner for help with the license audit:

http://www.middlecon.se/licensoversyner-behovs/

by ·Comments Off on Where is the java key-store?

Product:
Planning Analytics 2.0.9.7
Microsoft Windows 2019 server

Problem:
What java keystore should i use for PA?

Follow official documentation in the first place, as the solution change with different versions of Cognos.

Suggested solution:

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=itw-configure-ssl-planning-analytics-tm1-webspreadsheet-services-existing-keystore

Make a backup of the ssl folder before you change anything.

The JAVA Keystore used by PMPSVC.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\tm1store” -alias caRoot -storepass applix

The JAVA Keystore used by TM1WEB.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\tm1store” -alias caRoot -storepass applix

 

More information:

https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair 
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks  -keysize 2048
  • Generate a certificate signing request (CSR) for an existing Java keystore 
    keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
  • Import a root or intermediate CA certificate to an existing Java keystore 
    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore 
    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
  • Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info) 
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone certificate 
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore 
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias 
    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

  • Delete a certificate from a Java Keytool keystore 
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password 
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore 
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs 
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs 
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/secur

https://www.ibm.com/support/pages/how-configure-custom-ssl-certificates-planning-analytics-20-and-201

https://www.ibm.com/support/pages/how-configure-planning-analytics-connect-ssl-secured-cognos-dispatcher

https://docs.bmc.com/docs/decisionsupportserverautomation/89/using-third-party-certification-authority-certificates-656916032.html 

 

 

by ·Comments Off on We cannot retrieve the database configuration

Product:
Planning Analytics Workspace 2.0.9.3

PAA Agent Version 2.0.63.1420
Microsoft Windows 2019 server

Issue:
This request cannot be understood by the server. This might be because there is a problem with the syntax. Retry this action.

Above error when you in PAW click on Administration – Databases – Planning Sample – Configuration.

Solution:
The user who login to PAW need to be local Admin inside the TM1 instance, to be able to see and change the configuration (tm1s.cfg) from the PAW administration page.

Go into Tm1 Architect, open the TM1 instance, right click and select security – Clients/Groups:
Find your username, and mark that you are ADMIN.
Click OK.

The user can restart the TM1 instance from PAW, without being ADMIN inside the TM1 application.

More information:

https://www.ibm.com/docs/en/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/tm1_inst.pdf

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=workspace-monitor-administer-databases

 

by ·Comments Off on Http error 403.14 – forbidden

Product:
Cognos Analytics 11.1.7

Microsoft Windows 2016 server

Issue:
When browse to IBMCOGNOS site you get a error message. This after a upgrade of cognos on a old server.

You change the Cognos Application pool to use localsystem as identity, but it did not help.

If you browse to controller test site; http://servername.domain.com/ibmcognos/controllerserver/ccrws.asmx or if you try http://servername.domain.com/ibmcognos/bi/v1/disp , then it works.

Solution:
Check the folder C:\inetpub\wwwroot for any web.config file.

This can be like this:

Rename the web.config file and restart iis with dos command : iisreset.

More Information:
https://www.ibm.com/support/pages/http-403-forbidden-error-message-when-accessing-cognos-anlaytics-1104-or-higher-gateway-url-iis-server

https://docs.microsoft.com/en-us/troubleshoot/iis/http-status-code