Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019

Problem:

User can not login to CA11, they get a blank page or spinning icon.

Possible Solution:

Ensure the user URL they enter in the web browser end with / and not only /bi

Valid URL for Cognos:

http://servername.domain.com/ibmcognos/bi/

http://servername.domain.com/ibmcognos/bi/v1/disp/

NOT valid URL:

http://servername.domain.com/ibmcognos/bi

The last word in the URL is considered a file, that need to exist, in that folder (D:\Program Files\ibm\cognos\analytics\webcontent) – if the URL does not end with /.

 

 

Clear the cache in the users web browser or try a different web browser like chrome.

If it does not help, check the cognos server log file for more information: D:\Program Files\ibm\cognos\analytics\logs\cognosserver.log

More Information:

https://www.ibm.com/support/pages/how-set-sample-custom-login-page-ca-112x 

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=settings-defining-authentication-parameters-login-urls 

https://pmsquare.com/analytics-blog/2023/6/13/the-ultimate-guide-to-cognos

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=gateway-configure-cognos-analytics-your-web-server

https://www.ibm.com/support/pages/blank-screen-when-logging-https-enabled-cognos-analytics-1117-environment

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=services-configuring-iis-in-cognos-analytics

Product:

Cognos Analytics 11

Issue:

During installation of a fix pack on top of a existing installation of CA11 you get a error.

Solution:

Close all instance of file explorer – if you have a window open of the folder where you are going to install Cognos product, you will get a error like this.

You also need write access to the drive where you read the installation media from.

More Information:

https://www.ibm.com/support/pages/how-upgrade-your-version-cognos-analytics

https://www.ibm.com/docs/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/inst_cr_winux.pdf

Product:
Cognos Analytics 11.1.7 if9
kit_version=11.1.7-2204120500
Manifest=casrv-manifest-11.1.7-2204120500-winx64h.json
Microsoft Windows 2016 Server

Issue:
You have downloaded the interim fix of CA11 and put it on a file share to install from.

The user you install with have only READ-ONLY access to the file share shared folder.

When run the installation you get strange errors, like:

The installation is unable to continue. Please make sure all product services have been stopped and applications have been closed.

Solution:

Ensure the user that you install with have full rights to the windows share where the cognos media files are.

Connect to \\servername\d$ if needed, to get the correct rights.

The installation program need write access to the folder where the media is stored.

More Information:

https://www.ibm.com/support/pages/node/6525664

https://www.ibm.com/support/pages/ibm-cognos-analytics-1117-fix-pack-4

https://www.ibm.com/support/pages/ibm-cognos-analytics-11x-fix-lists

https://www.ibm.com/support/pages/how-upgrade-your-version-cognos-analytics

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019 server

Issue:

I have installed all of cognos on the windows server, but only want it to act as Content Manager, in a multi server setup. What service should be running?

Solution:

Go into Cognos Configuration on your CM server.

Set all to False, except this services:

Content Manager service enabled?
Event management service enabled?
Job service enabled?
Metadata service enabled?
Monitor service enabled?

Save the configuration and restart all your CA11 servers.

More information:

https://www.ibm.com/docs/en/cognos-analytics/11.2.0?topic=architecture-cognos-analytics-services

Schedule jobs in CA11 is handled by the Monitor service.

Product:

Cognos Analytics 11.1.7
Microsoft Windows 2016 server

Issue:
When try to change a old data source, in Cognos Analytics, the icon to change setting is missing.

Go to IBM Cognos Administration from the Manage menu by click on Administration console.
Click on Configuration tab.
Select the data source connection you want to change. For example Audit.

Then click on the more link for that data source.

Now click on Set Properties.

Click on the connections tab.

Here is now the pencil icon missing. This can be because the data source type is Other.

Solution:

Then you need to edit the data source direct in the string field.
Here you can change to other database server.

^User ID:^?Password:;LOCAL;OL;DBInfo_Type=MS;Provider=SQLOLEDB;User ID=%s;Password=%s;Data Source=SeRvErNaMe;Provider_String=Initial Catalog=AUDIT_PRD;@COLSEQ=

After you changed the Data Source value to your database server, click on OK.
This can be because the new version of CA11 does not support SQLOLEDB anymore.

Click on the link to test the data source again.

Click TEST button.

You should get a “Succeeded” Status if it works right.

More Information:

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=rt-data-servers-no-longer-supported-in-cognos-analytics

https://www.ibm.com/support/pages/equivalent-oledb-cognos-analytics

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019 Server

Issue:
After change to use HTTPS in Cognos Configuration, you get a error when you save.

[Populate authentication settings] [ WARNING ] Failed to populate the authentication settings to server

Solution:
When change values in Cognos Configuration that have with certificates, you need to first stop the “IBM Cognos” windows service.
Then you can save the configuration without warnings.

 

More Information:

To active Cognos internal certificate, you need to inside Cognos Configuration on your Content Manager server change HTTP to HTTPS under environment – group properties.
Check that server FQDN is at Cognos – Cryptography ;DNS names and Server common name.
Save will create the certificate files.

Start CMD, and move to folder C:\Program Files\ibm\cognos\analytics\bin
Run this to export the Cognos certificate
ThirdPartyCertificateTool.bat -E -T -p NoPassWordSet -r ca.cer

Start MMC on your Windows server where Cognos Gateway is installed, and certificates and go to “Trusted Root Certification Authority”. Right click to Import certs.
Select the ca.cer file and import it.

Inside IIS manager, go to \ibmcognos\bi folder and click on URL Rewrite icon.
Click on Reverse proxy Rules to edit.
At action properties – Rewrite URL: change the http to https

https://servername.domain.com:9300/bi/{R:0}
Click apply in the right corner.
Exit IIS manager.

On PA server open Command Prompt as an Administrator and navigate to the \bin64\ directory.

Execute the following command to import/trust the certificate for Tm1 admin:
gsk8capicmd_64 -cert -add -db “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\ibmtm1.kdb” -stashed -label caRoot -file “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\ca.cer” -format ascii -trust enable

Go to \bin64\jre\bin\ to import it to PMPSVC java keystore.
keytool.exe -import -trustcacerts -file “C:\Program
Files\ibm\cognos\tm1_64\bin64\ssl\ca.cer” -keystore “C:\Program
Files\ibm\cognos\tm1_64\bin64\ssl\tm1store” -alias caRoot -storepass applix

You need also to add the ca.cer file to the correct keystore for TM1WEB.

 

https://www.ibm.com/support/pages/node/879929

Configure Planning Analytics 2.0 TM1 Server with SSL Cognos BI Dispatcher (ibm.com)

How to Configure Planning Analytics to Connect to an SSL Secured Cognos Dispatcher (ibm.com)

Configuring TM1 Server to trust the SSL certificate on CA Side (ibm.com)

https://www.ibm.com/support/pages/configuring-ibm-cognos-analyticsbi-https-enabled-web-server

https://www.ibm.com/docs/en/cognos-analytics/11.0.0?topic=components-configuring-ssl-cognos

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019 Server

Problem:
The selection of non-production environment is missing from the installation of CA11, why?

Solution:
New Cognos BI version have that you set the production or non-production from inside the Cognos Connection portal.

After you have done the installation, go into the production environment – go to Manage – Licenses and select Production. Click Apply.

This will make the files in folder C:\Program Files\ibm\cognos\analytics\iso-swid to change names.

You have both a production and non-production file here, CA11 will switch the ending .sample to the file that is not used. It will also keep the file date, so you will not easy notice the switch.

The content of the file does not change, only a smart switch of the file name ending. The ILMT program will pick up this file to report on what type of installation you have.

 

More information:

https://www.ibm.com/support/knowledgecenter/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.ag_manage.doc/c_license_roles.html

What to know before IBM Audits Your IBM Cognos Analytics and Planning Analytics Licenses.

https://www-03.ibm.com/software/sla/sladb.nsf

https://www.softwareone.com/en/blog/all-articles/2020/10/20/ibm-licensing-understanding-the-basics

https://www.middlecon.se/var-nya-ilmt-expert-christer-borg/

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2019 server

Problem:

Error in cognosserver.log file on a new installation.

2021-01-28T09:31:51.384+0100 ERROR Audit.RTUsage.cms.CAM.AAA.SRVC [Thread-51] qjl2C9lhh82hwvqyyvM4MyGG2lldydCyGw49dw4l 0 NA 192.168.1.28 9300 8C38E8DDD4011089DE605BFA04DA4A10EEBABF5DFCA9E0C4BAF46FADC73864A4 qjl2C9lhh82hwvqyyvM4MyGG2lldydCyGw49dw4l_0_ AAA 5964 Logon <parameters><item name=”namespace”><![CDATA[AD]]></item><item name=”username”><![CDATA[admin]]></item><item name=”display name”><![CDATA[admin]]></item><item name=”CAMID”><![CDATA[CAMID(“AD:u:8791a873dc836d499a0fc7f6000540d2″)]]></item><item name=”REMOTE_ADDR”><![CDATA[::1]]></item><item name=”TENANTID”><![CDATA[]]></item></parameters> Success Account /directory/AD/account/admin

Solution:

This is normally not a error, only the basic logging that a user have logged in to the CA11 (ibmcognos) portal. Best would be not to flag it as ERROR, more like INFO.

Only happens when you have BASIC logging activated in Administration.


More information:

https://www.ibm.com/support/pages/apar/PH12785

https://www.ibm.com/support/pages/how-trace-authentication-issues-cognos-bi-cam-trace-aaa-trace

Log files are found in folder C:\Program Files\ibm\cognos\analytics\logs

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2016 Server
Oracle database

Problem:
During a import of a large content store deployment file into a new Content Store database schema – the process take time and there is no new object imported.
After some time, if you browse to the IBMCOGNOS website on the server, you do not get a response either.
Troubleshoot by on the Cognos server start Cognos Configuration and right click on your content store and click Test.

ORA-00257: Archiver error. Connect AS SYSDBA only until resolved.
2021-01-14T INFO startup.Audit.JSM [Thread-56] NA  9300 __ JSM 5836 Run Failure Error connecting to the database, some services may not work properly. Check the logs for further details. ORA-00257: Archiver error. Connect AS SYSDBA only until resolved.

Solution:

Ask the Oracle DBA to check the oracle server and log files.
After Oracle is corrected, then the Cognos Analytics (BI service) will continue to import data.
You do not need to restart Cognos, only adjust the Oracle settings.

More Information:

http://www.dba-oracle.com/sf_ora_00257_archiver_error_connect_internal_only_until_freed.htm

Cause: The archiver process received an error while trying to archive a redo log. If the problem is not resolved soon, the database will stop executing transactions. The most likely cause of this message is the destination device is out of space to store the redo log file

https://www.ibm.com/support/pages/export-large-content-store-database

https://www.ibm.com/support/knowledgecenter/SSEP7J_10.2.2/com.ibm.swg.ba.cognos.crn_arch.10.2.2.doc/c_adgsizethecs.html

Product:
Cognos Analytics 11.1.7  Product_version=11.1 R7 (LTS)
Microsoft Windows 2019 Server
Microsoft SQL server 2016

Problem:
How install CA 11.1.7 on a Windows 2019 server?

Solution:
Follow the IBM Cognos instruction first, then use this as a compliment. Download latest fix pack from https://www.ibm.com/support/pages/node/6335329

https://www.ibm.com/support/pages/ibm-cognos-analytics-11x-fix-lists


Install Web Server with NET framework 4.7 and Windows Authentication and WebSocket Protocol.
https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_single_server.html

Install rewrite_amd64_en-US.msi and the Application Request Routing extension for IIS by going to the following URL: http://www.iis.net/downloads/microsoft/application-request-routing

Run setup of CA11 from file ca_instl_win_2.0.200618.exe
Click Next

Click browse and select the ca_srv_win64_11.1.7.zip file and click Open and Next.
Choose IBM Cognos Analytics and click next.
Mark “I accept the terms of the License Agreement” and click Next.
Mark “Make shortcut visible to all users in the Start menu” and click Next.
Click Yes.
Select Custom and click Next.

If installed on a single server, select all and click Next.
Click Install.
Click Done. (install the latest fix pack on top of your installation of CA11)


Add SQL driver sqljdbc42.jar to CA11 folder C:\Program Files\ibm\cognos\analytics\drivers

Prevent creation of DUMP files in CA11
Open file C:\Program Files\ibm\cognos\analytics\configuration\cclWinSEHConfig.xml in notepad++

Change to <env_var name="CCL_HWE_ABORT" value="0"/>

Save the xml file.

Download the new policy zip file from https://public.dhe.ibm.com/ibmdl/export/pub/systems/cloud/runtimes/java/security/jce_policy/
Unzip the file in a new folder (c:\install), creating folder C:\install\unrestricted.

Copy the two new files (US_export_policy.jar and local_policy.jar)to folder C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security\policy\unlimited

Open Cognos Configuration and go to Cryptography > Cognos. Change Confidentiality Algorithm and PDF Confidentiality Algorithm to Advanced encryption standard with Cipher Block Chaining (CBC) mode 256 bit key.

At subject alternative name for DNS names, enter both the FQDN and the HOSTNAME with a space between. You must use lowercase letters on all server names in Cognos Configuration.
Configure the AD connection to your domain.

Remove the DB2 connection and create a new Microsoft SQL Server connection.
Configure the Content Store connection to your SQL server.

Save the configuration and start Cognos service.


Setup IIS with script found in folder C:\Program Files\ibm\cognos\analytics\cgi-bin\templates\IIS
Edit the file to include your servers name, then run the CA_IIS_Config.bat from a administrator CMD window.

Ensure all is correct and press Y.

Check that you can access cognos on http://servername.domain.com/ibmcognos/
Setup WebDAV for report creators:

  • Go to IIS Manager
  • Under Connections, expand your web server, Sites, and select Default Web Site.
  • Double-click WebDAV Authoring.
  • Click Enable WebDAV.

  • Click WebDAV Settings.

  • If you have anonymous access enabled, select True for Allow Anonymous Property Queries, and click Apply.
  • Select the /bi/samples/images directory
  • Double-click WebDAV Authoring.
  • Click Add Authoring Rule.
    Select All content and All users and Read Permissions and click OK.
  • Right-click the /images you added authoring rules to, and click Edit Permissions.

  • Click Security tab, and click edit. Click add and enter everyone. (or a user group that should have access) and click check names.
  • Click OK.
  • Click OK again.

Install SQL 2012 native client, to make old report connections work (SQLNCLI11).

https://download.microsoft.com/download/B/E/D/BED73AAC-3C8A-43F5-AF4F-EB4FEA6C8F3A/ENU/x64/sqlncli.msi

Open firewall ports 80 and 443 for clients, and ports 9300, 9362, 4300, 5701, 9301 for Cognos servers to be able to talk to each other.

Setup SSO with Kerberos Active Directory is possible (but not covered here)

Set “Allow anonymous access” to False.
Change the log on user for the IBM Cognos service to a domain account, instead of Local System.

Set the server to trust for delegation inside the Active Directory.
You need to do more;

https://techcommunity.microsoft.com/t5/iis-support-blog/setting-up-kerberos-authentication-for-a-website-in-iis/ba-p/347882

https://www.ibm.com/support/pages/enabling-single-signon-use-kerberos-authentication-constrained-delegation-ibm-cognos-business-intelligence

https://www.ibm.com/support/pages/what-does-parameter-singlesignonoption-do

Instead of kerberos can you use old windows login, inside cognos configuration setup (enter below values);

Save and restart Cognos, try to browse to http://caservername.domain.com/ibmcognos/

Show the Legacy Studios in CA11.1.x
Check that they are active in Manage – Configuration – System – Appearance.
Please Note: In order to access the legacy studios, you must be using Internet Explorer or Mozilla Firefox.

Setup the samples
https://www.ibm.com/support/knowledgecenter/SSEP7J_11.1.0/com.ibm.swg.ba.cognos.ig_smples.doc/ig_smples.pdf

Setup the skins
https://quebit.com/askquebit/IBM/creating-and-setting-a-default-theme-for-cognos-analytics-11-0-4/

For CA11 installations with many users, you can increase the Windows TCP ports;

  1. Click on Start menu, run – Enter regedit
  2. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters directory, create a new DWORD-32 value named MaxUserPort.
  3. Set the properties for MaxUserPort to use a value of 65534 and a base of Decimal.
  4. In the same directory, add another DWORD-32 value named TcpTimedWaitDelay.
  5. Set the properties for TcpTimedWaitDelay to use a value of 50 and a base of Decimal.

    The range for value is from 30 seconds to 300 seconds, with a default value of 240 seconds (4 minutes).

    After closing the regedit application, restart your computer.

Data server connections to PA can give below error if TM1 cert is not loaded in the CA keystore.
XTR-ERR-0005 A request to TM1 resulted in error: “[400] javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target”.

Add Planning Analytics cert to the keystore. Copy the file \\paservername\c$\Program Files\ibm\cognos\tm1_64\bin64\ssl\tm1\ibmtm1.arm file to your CA11 server to folder c:\install.
Start C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\bin\ikeyman.exe, run as administrator.

Click on open keystore. Select C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\lib\security\cacerts file and open it with password changeit.


Switch to Signer Certificates and click Add.
Browse for c:\install\ibmtm1.arm and open it and give it the name TM1ServerCert.

Data Server Connections to PA can give below error if the UseSSL=T is not correct in data connections.
XTR-ERR-0005 A request to TM1 resulted in error: “[400] java.net.SocketException: Connection reset”.

Ensure that the Use SSL is marked if the UseSSL=T is in the tm1s.cfg file for the TM1 instance. Planning Analytics have UseSSL=T as default, if the line is missing from tm1s.cfg file.

To be able to connect to old TM1; run installation of PA, on CA server, with issetup.exe from \\servername\fileshare\planninganalytics\tm1_winx64h_2.0.93.28_ml.tar\winx64h and select TM1APIs.

Report performance can be adjusted in different ways to match your hardware
https://senturus.com/resources/cognos-analytics-performance-tuning/

Go to Manage – Administration console.
Click on System at Status tab.

Click on All Servers drop down – go to Service – go to Report (or Batch Report)
Right click on ReportService and select Set Properties
Click on Settings tab – select Tuning in Category drop-down menu.

Set Maximum number of processes for the report service during peak period to a higher value, maybe start with the same number of CPU cores you have on the server. Do the same for Maximum number of processes for the report service during non-peak period, and also for Maximum number of processes for the batch report service during non-peak period.
Check that Number of low affinity connections for the report service during peak period is not below 8.
Values you set, depend on number of users and your hardware.

https://www.ibm.com/support/pages/how-improve-report-performance

More information:

https://www.ibm.com/support/pages/enabling-legacy-studios-cognos-analytics-111x

https://www.ibm.com/support/pages/sites/default/files/inline-files/ibm_fixlist_cognos_analytics_1117fp1_2.pdf

https://www.ibm.com/support/pages/xtr-err-0005-error-when-testing-ibm-planning-analytics-20x-datasource-ibm-cognos-analytics-1112
To show info about the Windows server, go to the command prompt and enter MSINFO32.EXE.

To list installed roles on server enter in powershell this command:

Get-WindowsFeature | Where-Object {$_. installstate -eq “installed”} | Format-List Name,Installstate >  roles.txt

https://redmondmag.com/articles/2018/10/31/powershell-windows-server-roles-features.aspx

https://www.pelegit.co.il/how-to-get-all-roles-and-features-are-installed-on-server/