Product:
Cognos Analytics 11.1.4
Microsoft Windows 2019 server

Issue:
How request and use external certificate for CA11 internal communication, e.g. port 9300?

If both internal and external connections use HTTPS, then you can use port 9300 for HTTPS. Otherwise you need to set a separate port number for the HTTPS services, suggestion 9334 or 9443.

Solution:

The IKEYMAN tool allows you to include more fields for your certificate request. This instruction is hard to find, so a copy is provided here.

You need to do the steps on all your CA11 servers, but you start with the Content Manager server first.

1. Ensure that all IBM Cognos component services in the environment are shut down. Close any IBM Cognos Configuration that is open.
2. Copy the complete <cognos>\configuration directory to a safe place and name it configuration_original. At any point, this backup configuration directory can be restored to bring the state of the cryptographic keys for this component back to the original state.
3. Run iKeyman.exe as administrator (or ./ikeyman for linux/unix users) from C:\Program Files\ibm\cognos\analytics\ibm-jre\jre\bin (for IBM Cognos 11.1.X+). For IBM Cognos 11.0.13 and lower versions, the path is <cognos>\jre\bin.

4. Click the folder with the curved arrow icon at the top of the window. In the open dialog panel, select PCKS12 as the Key Database Type, then browse to the <cognos>\configuration\certs directory and select CAMKeystore. Click OK. The default password is NoPassWordSet.

 

Generating a Certificate Signing Request (CSR):
5. Once the CAMKeystore loads, there are two certificates under the Personal Certificates drop down: ca and encryption.

 

 

6. Select the encryption certificate and rename it to encryption_old.
7. Select Create at the top of the iKeyman window, then click New Certificate Request. Make sure that Key Label is called “encryption“. The recommended Key Size is 2048 and the recommended Signature Algorithm is SHA256WithRSA.
The rest of the details can be completed as necessary. Multiple DNS names separated by a comma or a space can be used as well.
8. The CSR is called certreq.arm and it is located in <cognos>\configuration\certs. Give the certreq.arm to the certificate authority to generate the signed certificates.
9. Take another backup of the <cognos>\configuration directory and store it in a safe place. Name it “configuration_with_CSR“.
10. If the certificate authority returns two or three separate certificate files (root, intermediate (optional), and server certificates), in iKeyman, ensure that the Personal Certificates dropdown is set, then select Receive. Select only the server certificate.
If there is a dialog box that mentions that the CA (root certificate) is missing, click OK, and the encryption certificate is highlighted in yellow or the encryption certificate will be listed alongside the ca and encryption_old certificate.
Change the Personal Certificates drop down to Signer Certificates, then select Add and import the root certificate and intermediate certificate if the certificate authority returned one. The labels can be named root and intermediate.
If the certificate authority returns one file containing the certificates (.pem or .p12), click Receive or Add in either the Personal or Signer Certificates drop down, and select “Import all” at the prompt. All of the certificates are placed in their correct section.
11. Open Cognos Configuration. Under Environment, change these URIs to https:
  • Gateway URI
  • Dispatcher URIs for gateway
  • Controller URI for gateway
  • External and Internal dispatcher URI
  • Dispatcher URI for external applications
  • Content Manager URI
12. Under Cryptography > Cognos, switch “Use third-party CA?” to True.
Also, change the following to match the values used for the CSR in step 7:
  • Server common name (CN)
  • Organization name (O)
  • Country or region code (C)
Change the DNS Names field under Subject Alternative Name to match the DNS name(s) that were used during the generation of the CSR in Step 7.
13. Save the configuration and start the IBM Cognos services.

Important Note: During this process, IBM Cognos Configuration cannot be opened and the IBM Cognos Services cannot be started until these steps are completed. If the certificate authority takes some time to send the signed certificates, consider using the Third-Party Certificate Tool method instead.

More information:

The DOS program supports 3 values in the request;

ThirdPartyCertificateTool.(bat|sh) -c -e

[-p keystore_password] -a key_pair_algorithm

-r path_to_cert_or_csr

-d dn

[-H subject_alternative_nameDns_name_dn]

[-I subject_alternative_ip_addresses]

[-M subject_alternative_email_addresses]

 

 

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2016 server
Microsoft SQL server

Issue:
New installation of CA11. At start the IBM cognos service take long time to start. But the JAVA.EXE spins up to 6 GB ram and then crash and start over.

Errors like this are found log cbs_run_WebSphereLiberty.log:

Fri Aug 27 11:28:08 2021  INFO  t[e20] CBSBootstrapService attempt to load config from “D:\Program Files\ibm\cognos\analytics\.\bin64\./bootstrap_wlp_winx64.xml”

Fri Aug 27 11:28:11 2021  ERROR t[e20] CBSSocketCommand failed to connect, CAM error: <errorDetail><errorCode>-12</errorCode><errorMessage>CAM-CRP-0026 The underlying socket: ‘10.123.123.65:9300’ returned an error.</errorMessage><errorStack><errorCode>10061</errorCode><errorMessage>Could not connect the socket, errno: 0x274d(10061)</errorMessage>

Error found in windows event log:

Faulting application name: cogbootstrapservice.exe, version: 11.1.5.2, time stamp: 0x5daf2515

Faulting module name: ntdll.dll, version: 10.0.14393.4530, time stamp: 0x60e33cac

Exception code: 0xc0000374

Fault offset: 0x00000000000f7153

Faulting process id: 0x960

Faulting application start time: 0x01d79b1621caeb73

Faulting application path: D:\Program Files\ibm\cognos\analytics\bin64\cogbootstrapservice.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

 

Thu Aug 26 20:59:12 2021  WARN  t[1908] CBSSockSendAction did not detect success string in response.

Thu Aug 26 21:00:14 2021  ERROR t[1908] PingChildProcess ping loop: process “wlp” is not active, so restarting it.

Thu Aug 26 21:00:52 2021  ERROR t[1908] CBSSocketCommand failed to connect, CAM error: <errorDetail><errorCode>-12</errorCode><errorMessage>CAM-CRP-0026 The underlying socket: ‘172.10.10.123:9300’ returned an error.</errorMessage><errorStack><errorCode>10061</errorCode><errorMessage>Could not connect the socket, errno: 0x274d(10061)

Error in Cognos Configuration at start:

[ ERROR ] CFG-ERR-0106 IBM Cognos Configuration did not receive a response from the IBM Cognos service in the time allotted.

Check that IBM Cognos service is available and properly configured.

16:31:03, ‘LogService’, ‘StartService’, ‘Success’.

Suggested solution:

Ensure DEP is only for needed processes.

Check that the if the server have two network cards, they are correct configured.

Check that the IP address and interface metric is not the same as other cards on the server.

Test to change to IBM cognos instead of NIST SP 800-131A.

Check that the IP addresses in cognos configuration is then one of your server.

Check for ports in use with DOS command:  netstat -a | find “9300”

Export the configuration, and recreate the crypto keys; like this

 

1. Stop the running of your service in Cognos Configuration.

2. On the Content Manager computer, click ‘File > Export As’.

3. Choose ‘Yes’ at the prompt and save the file. For example, name it ‘backup.xml’ which will be stored in the c11\configuration folder.

4. Close Cognos Configuration.

5. On the Content Manager computer
5.1 Create a backup of the following files before moving them to a different, secure location (as during the cryptographic keys regeneration process they will be re-created):

The files are:

· c11/configuration/cogstartup.xml

· c11/configuration/caSerial

· c11/configuration/certs/CAMCrypto.status

· c11/configuration/certs/CAMKeystore

· c11/configuration/certs/CAMKeystore.lock

· c11/temp/cam/freshness

5.2 Create a backup of the following directories before moving it to a different, secure location (as during the cryptographic keys regeneration process they will be re-created). Alternatively you can also rename the directories.

The directory is

· c11/configuration/csk

6. In the c11\configuration folder, rename ‘backup.xml’ to ‘cogstartup.xml’.

7. Open Cognos Configuration, save the configuration and start the services.

 

Restart windows server and see if that helps.

More information:

https://www.ibm.com/support/pages/node/286475

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=problems-starting-cognos-analytics

https://www.ibm.com/support/pages/faulting-application-name-cogbootstrapserviceexe-0xc0000374-error-event-viewer-when-starting-ibm-cognos-service

https://www.ibm.com/support/pages/error-starting-cognos-service-cogbootstrapserviceexe-application-error

https://www.ibm.com/support/pages/node/6379144

https://www.cognoise.com/index.php?topic=14377.0

https://www.ibm.com/support/pages/cognos-service-will-not-start-process-wlp-not-active

https://www.ibm.com/support/pages/dpr-err-2109-dispatcher-cannot-service-request-time-dispatcher-still-initializing-cognos-analytics

https://www.ibm.com/support/pages/node/6386326

https://www.ibm.com/support/pages/cognos-analytics-11-flipper-diagnostic

Product:

Cognos Analytics 11.1.7

Microsoft Windows 2016 server

Issue:
Only one user get a error when running a report in CA11, after he have logged in with SSO, if he do not use SSO with IIS, and instead enter name and password at Cognos dialog, then the report works.

A check of the users – showed he belongs to a lot of domain groups.

net user  donaldduck  /DOMAIN   >  c:\temp\userlist.txt

Error message:

HTTP Error 400. The size of the request headers is too long.

Solution:

Increase the allowed header size on the Cognos Gateway server

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]

"MaxFieldLength"=dword:00032768

"MaxRequestBytes"=dword:01000000

Login to the server, and start REGEDIT program.

Expand to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]

Add the DWORD values.

You must restart the Windows server, for the registry changes to take affect.

You may also need to update the TCPIP values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"MaxUserPort"=dword:0000fffe
"TcpTimedWaitDelay"=dword:00000032

or change the IIS \ibmcognos\bi folders Request Filtering to a higher value, to get the report to work.

 

More information:

https://stackoverflow.com/questions/1097651/is-there-a-practical-http-header-length-limit

Although each web server software has some limitations, there is a difference whether there’s a limit for the HTTP request line plus header fields or for each header field.

Here’s a summary:

  • Apache 1.3, 2.0, 2.2, 2.3: 8190 Bytes (for each header field)
  • IIS:
    • 4.0: 2097152 Bytes (for the request line plus header fields)
    • 5.0: 131072 Bytes, 16384 Bytes with Windows 2000 Service Pack 4 (for the request line plus header fields)
    • 6.0: 16384 Bytes (for each header fields)
  • Tomcat:
    • 5.5.x/6.0.x: 49152 Bytes (for the request line plus header fields)
    • 7.0.x: 8190 Bytes (for the request line plus header fields)

So to conclude: To be accepted by all web servers above, a request’s request line plus header fields should not exceed 8190 Bytes. This is also the limit for each header fields (effectively even less).

You can edit tomcat/conf/server.xml’s HTTP/1.1 Connector entry, and add a maxHttpHeaderSize=”65536″ to increase from the default maximum of 8K or so, to 64K

https://docs.microsoft.com/en-US/troubleshoot/iis/httpsys-registry-windows

https://stackoverflow.com/questions/42862828/how-to-increase-size-limit-for-http-header-value-in-request-for-azure-iis

https://docs.microsoft.com/en-us/troubleshoot/iis/http-bad-request-response-kerberos

https://www.leansentry.com/guide

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/headerlimits/

https://www.leansentry.com/guide/reset-restart-recycle-iis

https://www.ibm.com/support/pages/kerberos-based-single-sign-fails-some-not-all-users

 

Product:
Cognos Analytics Extended Audit 11
Microsoft Windows 2019 server

Issue:

Setup AuditExt as of this page, https://developer.ibm.com/technologies/analytics/tutorials/ibm-cognos-11-audit-extension/

but when run, it fails, check of log file (D:\Program Files\ibm\cognos\analytics\logs\c11AuditExtension.log) show a error message:

Violation of PRIMARY KEY constraint ‘PK_AE_CA_SEC_MEM’. Cannot insert duplicate key in object ‘dbo.AE_SECURITY_MEMBERS’

Solution:

The issue can be that you reach max.items limit, and get above error in the log file.

Stop the Cognos BI service.
Go to folder D:\Program Files\ibm\cognos\analytics\wlpdropins\AuditExt.war\WEB-INF\classes

Open c11AuditExtension.properties in Notepad++

Change this lines:

false — will not save the report xml in the audit database. option.ca.include.specifications: A Content Audit option that determines if the audit should record the specification XML of any reports/queries/analyses that it finds. Possible values are true and false. The default value is true. If this parameter is set to false, less database space will be used.
0 option.ca.max.duration: A Content Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.aa.max.duration: An Account Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.aa.max.items: An Account Audit option that limits the maximum number of items that will be processed by the audit. If the number is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no limit will be applied. The default value is 10000.
0 option.ra.max.duration: A Role Audit option that limits the maximum length of time, in seconds, that the audit should be run for. If this time is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no time limit will be applied. The default value is 1800 (30 minutes).
0 option.ra.max.items: A Role Audit option that limits the maximum number of items that will be processed by the audit. If the number is exceeded, the audit is terminated and recorded as a failure. If it is set to a value of zero, no limit will be applied. The default value is 30000.
false — will not check my folders option.aa.include.content: An Account Audit option that determines if the audit should process the content of users’ My Folders. If set, this will cause a mini-Content Audit to be run for each user’s content where it exists. Possible values are true and false. The default value is true.

Save the file.
Start IBM Cognos windows service.
Browse to http://servername.domain.com:9300/AuditExt/ to run the “collection event” again.

After you have loaded the Audit Extension report package (AuditExt_deployment_c11_20181003), you can can run a report called “Audit Run Report” to see if the collection of audit data was successful.

Of course you need to create a data source called “audit_extension” to your database where you store the audit data.

Under the teams folder – Cognos Audit Extension – Role Audit – Capabilites available to Users report, can be the one that give you a detail view of the license possibility for each user. You need to test your way forward.

 

More information:
https://www.ironsidegroup.com/video/bi-expert/cognos-audit-extension-your-secret-weapon/

https://www.envisn.com/envisn-cognos-blog/bid/102863/Using-IBM-Cognos-10-Audit-Extensions

https://www.wisdomjobs.com/e-university/ibm-cognos-tutorial-196/auditing-4398.html

https://www.bspsoftware.com/knowledgebase/how-does-license-auditor-work/

Product:
Cognos Analytics 11

Microsoft Windows 2019 server

Issue:
Faster way to check license, than use Audit extensions?

https://developer.ibm.com/technologies/analytics/tutorials/ibm-cognos-11-audit-extension/

Suggested solution:
Download and install MetaManager.
https://www.bspsoftware.com/products/metamanager/Download/

Unzip the 64bit file to a folder. You can install MetaManager on your laptop. (You only need port 80 and 9300 open in the firewall to be able to access the cognos servers from your laptop).

Run installation by click on the MetaManagerWixSetup.msi file

Click Next

Accept the license and click Next

Click Next

Click Install

Request a trail licenses from https://www.bspsoftware.com/products/metamanager/freestuff/

You need a trail license for each computer.

Activate the license, from inside the program by click on Enter license key;
Enter the information you got in mail from techdata:

“Thank you for your interest in MetaManager.

This license key will unlock free functionality in MetaManager including the BSP License Auditor module”

Setup the Cognos Connection, by go to tools – options. Click on IBM Cognos and add:

Enter a name, and the FQDN for the cognos server, and expand and enter your Cognos Admin account.

Namespace ID must be same as you have set as namespace in cognos configuration.

Click Test and OK.

You can access all your CA11 environment from one installation of Meta Manager. (you only need port 80 and 9300 to be open in firewall between your computer and the cognos servers).

Run the license scan:

Go to License Auditor – select your site from drop-down – click on Run.

Click OK and Close, to go to the result.

To see the administrators, click on the number or click on Accounts.

By select “Analytics Administrator” in drop down, you see what yellow capabilities that trigger that this user is Administrator.  The astrix* before a name indicate that the user is in the System Administrator group. Yellow lines tell that this user is consider as a Cognos Administrator, if he should not be it, you must go to Cognos Administration, Security tab, and Capabilities. Then click on “set properties” to find the users in that area.

Check you Cognos Security tabs Capabilities, to remove users and groups that should not be in the one capability; that will be triggered as administrator license.

Under permissions, remove the user or group that should not be there. If a user has Grant Execute rights he is consider to have this capability.

This list show the values that trigger different license roles (all values in the link):

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=licenses-default-permissions-based

Meta-manager calculate license this way;

https://www.bspsoftware.com/knowledgebase/how-does-license-auditor-work/

More information:

Avnet BSP Software

https://www.bspsoftware.com/products/metamanager/pricing/

https://www.pmsquare.asia/pmsquare/

https://www-03.ibm.com/software/sla/sladb.nsf/lilookup/441D74E2925A72EA8525828300720001?OpenDocument

https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=licenses-license-roles

https://www.bspsoftware.com/knowledgebase/installing-metamanager/
Contact your IBM partner for help with the license audit:

http://www.middlecon.se/licensoversyner-behovs/

Product:
Planning Analytics 2.0.9.7
Microsoft Windows 2019 server

Problem:
What java keystore should i use for PA?

Follow official documentation in the first place, as the solution change with different versions of Cognos.

Suggested solution:

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=itw-configure-ssl-planning-analytics-tm1-webspreadsheet-services-existing-keystore

Make a backup of the ssl folder before you change anything.

The JAVA Keystore used by PMPSVC.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\tm1store” -alias caRoot -storepass applix

The JAVA Keystore used by TM1WEB.  Open Command Prompt as an Administrator and navigate to the <tm1 install dir>\bin64\jre\bin\ directory.

Execute the following command to import/trust the certificate:

keytool.exe -import -trustcacerts -file “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\caRoot.cer” -keystore “C:\Program Files\ibm\cognos\tm1web\bin64\ssl\tm1store” -alias caRoot -storepass applix

 

More information:

https://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

Java Keytool Commands for Creating and Importing

These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. Any root or intermediate certificates will need to be imported before importing the primary certificate for your domain.

  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks  -keysize 2048
  • Generate a certificate signing request (CSR) for an existing Java keystore
    keytool -certreq -alias mydomain -keystore keystore.jks -file mydomain.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomain -file mydomain.crt -keystore keystore.jks
  • Generate a keystore and self-signed certificate (see How to Create a Self Signed Certificate using Java Keytoolfor more info)
    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048

Java Keytool Commands for Checking

If you need to check the information within a certificate, or Java keystore, use these commands.

  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain

Other Java Keytool Commands

  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/secur

https://www.ibm.com/support/pages/how-configure-custom-ssl-certificates-planning-analytics-20-and-201

https://www.ibm.com/support/pages/how-configure-planning-analytics-connect-ssl-secured-cognos-dispatcher

https://docs.bmc.com/docs/decisionsupportserverautomation/89/using-third-party-certification-authority-certificates-656916032.html 

 

 

Product:
Cognos Analytics 11.1.7

Microsoft Windows 2016 server

Issue:
When browse to IBMCOGNOS site you get a error message. This after a upgrade of cognos on a old server.

You change the Cognos Application pool to use localsystem as identity, but it did not help.

If you browse to controller test site; http://servername.domain.com/ibmcognos/controllerserver/ccrws.asmx or if you try http://servername.domain.com/ibmcognos/bi/v1/disp , then it works.

Solution:
Check the folder C:\inetpub\wwwroot for any web.config file.

This can be like this:

Rename the web.config file and restart iis with dos command : iisreset.

More Information:
https://www.ibm.com/support/pages/http-403-forbidden-error-message-when-accessing-cognos-anlaytics-1104-or-higher-gateway-url-iis-server

https://docs.microsoft.com/en-us/troubleshoot/iis/http-status-code

Product:
Cognos Analytics 11.0.13

kit_version=11.0.13.18102214
kit_name=IBM Cognos Analytics

Microsoft Windows 2012 server

Issue:
What is Director Administrator counted as kind of license?

Guessed Solution:
Director Administrator is classified as a administrator license.

Inside Cognos Analytics you can get a list of the users that have access to the system.
Go to Manage – Licenses – Export to get a list of user.

The view show only users who have logged into Cognos.
If you change a user from Administrator to User, that person must login to Cognos, before above list is updated with his correct license status.

The exported csv file, list all people that have somehow connected to cognos security.

The level 3 is a Analytic Administrator and level 1 is a Analytic User.
-1 in level show the user have not logged into Cognos, but he is listed in the security groups.

https://www.ibm.com/docs/en/cognos-analytics/11.0.0?topic=managing-licenses

To be sure about license talk to a IBM partner or read the license documents:

https://www-03.ibm.com/software/sla/sladb.nsf/lilookup/F7DA13804AF37FA3852586D8005820E1?OpenDocument

More information:

https://senturus.com/blog/cognos-analytics-using-license-roles-specify-permissions/

https://www.ibm.com/docs/en/cognos-analytics/11.0.0?topic=licenses-default-permissions-based

https://www.bspsoftware.com/products/metamanager/

To get a detailed report of users capabilities, you can install and use Cognos 11 audit extensions;

https://developer.ibm.com/technologies/analytics/tutorials/ibm-cognos-11-audit-extension/

http://www.middlecon.se/vara-omraden/licensoptimering/

Product:
Cognos Analytics 11.1.x
Microsoft Windows 2016 server

Problem:
When you enter url http://servername/ibmcognos then you do not get logged into Cognos Analytics, instead you get a blank screen.

Solution:

Add a rule to allow Cognos Analytics pages to load without a trailing slash in URL. Start IIS Manager and go to IBMCOGNOS.

  1. Click the ibmcognos alias.
  2. Double-click URL Rewrite
  3. Click Add Rules > Inbound Rules > Blank Rule
    • Name is Add Trailing Slash
    • Pattern is ^bi$
    • Action type is Redirect
    • Redirect URL is {R:0}/
    • Check Append query string.
    • Redirect type is Permanent (301)
    • Click Apply and Back to Rules.

 

More information:
https://www.ibm.com/docs/en/cognos-analytics/11.1.0?topic=services-configuring-iis-in-cognos-analytics

 

Product:
Cognos Analytics 11.1.7
Microsoft Windows 2016 server
Problem:
Can i store the Native SQL query the users send to the database for later troubleshooting?

Solution:
Activate logging of the SQL query to the AUDIT database.
Setup the AUDIT database logging in Cognos Configuration.
https://www.ibm.com/support/pages/how-configure-audit-reporting-cognos-analytics

Browse to Cognos Analytics (ibmcognos) and go to Manage > Administrative Console > Configuration > Dispatchers and Services. Click on the Set Properties – Configuration icon.
Click the Settings tab, choose logging as category.

Go down to Generate comments in native SQL and mark it.
Click OK.
Run some reports to test the system.
Open SQL Developer and go to your AUDIT database and check the

COGIPF_NATIVEQUERY table.

 

 

More Information:

https://www.ibm.com/support/pages/how-see-which-user-generating-query-cognos-analytics

https://www.envisn.com/envisn-cognos-blog/bid/102418/What-s-Wrong-with-IBM-Cognos-Audit-Data

https://www.ibm.com/support/pages/cognos-ipf-audit-table-descriptions

https://cognoshub.blogspot.com/2015/02/cognos-sql-native-sql-and-pass-through.html

https://www.wisdomjobs.com/e-university/ibm-cognos-tutorial-196/auditing-4398.html