CogKnowHow – Just another WordPress site

TLS_RSA_WITH_3DES_EDE_CBC_SHA

May 8, 2024 by Roger·Comments Off

Product:
Microsoft Windows 2019 server

Issue:

Your security scan software report that you have a issue on the Windows server with ciphers.

TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
Negotiated with the following insecure cipher suites:
* TLS 1.2 ciphers:
* TLS_RSA_WITH_3DES_EDE_CBC_SHA

Configure the server to disable support for 3DES suite.

Solution:

Check that the application software you use on the server does not need this cipher.

Then run this powershell command to remove the support for the cipher:

Disable-TlsCipherSuite -Name 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'

Reboot the windows server for the change to take affect.

Get list of cipher that is 3DES:

Get-TlsCipherSuite -name “3DES”

Get list of all cipher on server:

Get-TlsCipherSuite | Format-Table Name

Get list of curves:

certutil.exe –displayEccCurve

More Information:

A cipher suite is a set of cryptographic algorithms. The schannel SSP implementation of the TLS/SSL protocols use algorithms from a cipher suite to create keys and encrypt information. A cipher suite specifies one algorithm for each of the following tasks:

Key exchange
Bulk encryption
Message authentication

Key exchange algorithms protect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.

Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data.

Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.

Developers specify these elements by using ALG_ID data types. For more information, see Specifying Schannel Ciphers and Cipher Strengths.

In earlier versions of Windows, TLS cipher suites and elliptical curves were configured by using a single string:

Diagram that shows a single string for a Cipher Suite.

https://learn.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel

https://learn.microsoft.com/en-us/windows-server/security/tls/manage-tls#configuring-tls-cipher-suite-order

https://learn.microsoft.com/en-us/powershell/module/tls/?view=windowsserver2022-ps

https://learn.microsoft.com/en-us/powershell/module/tls/disable-tlsciphersuite?view=windowsserver2022-ps

https://rdr-it.io/en/windows-server-disable-a-cipher-suite/

https://learn.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings?tabs=diffie-hellman

invalid database version

May 8, 2024 by Roger·Comments Off

Product:
Cognos Controller 11.0.12

Microsoft Windows 2022 server

Issue:

User get a error when they try to login to Cognos Controller after you have upgraded the software on the server.

Solution:

Ask the user to install the new Cognos Controller client that match the version you have installed on the windows server.

This is often done by central distribution system, like Software center.

INSTALLATION INFORMATION
IBM Cognos Controller Version 11.0.1200.28
Integration Version 11.0.1200.8
Install/Updater Kit Version 11.0.1200.36

More information:

https://www.ibm.com/docs/en/cognos-controller/11.0.1?topic=icclo-installing-configuring-cognos-controller-one-computer

https://www.ibm.com/support/pages/troubleshooting-error-invalid-database-version-version-controller-requires-database-version-710-when-launching-controller

https://www.ibm.com/support/pages/how-install-controller-local-client

FATAL ERROR: ‘java.io.FileNotFoundException:

May 6, 2024 by Roger·Comments Off

Product:
Cognos Controller 11
Microsoft Windows 2022 server

Issue:

Error when you try to setup the Cognos Controller web, by running bat command to add the databases.

D:\Program Files\ibm\cognos\ccr_64\fcmweb>SyncDBConf.bat ..\data wlp\user\shared\config\datasources
Found 6 udl files in ..\data

FATAL ERROR: ‘java.io.FileNotFoundException: D:\Program Files\ibm\cognos\ccr_64\fcmweb\wlp\user\shared\config\datasources\datasources.xml (The system cannot find the path specified.)’
:D:\Program Files\ibm\cognos\ccr_64\fcmweb\wlp\user\shared\config\datasources\datasources.xml (The system cannot find the path specified.)
Datasources updated.

Solution:

Try to Find the config.js file in C:\Program Files\IBM\cognos\ccr_64\frontend folder
Open the file in a text editor and make the following changes:

/* IBM SOURCE CODE HEADER START

* =====================================================================

* IBM Confidential

*

* IBM Cognos Products: ccr

*

* © Copyright IBM Corp. 2023

*

* The source code for this program is not published or otherwise

* divested of its trade secrets, irrespective of that has been

* deposited with the U.S. Copyright Office.

* =====================================================================

* IBM SOURCE CODE HEADER END */

var fs = require('fs');




module.exports =

{

"proxies": [{

"urlPath": "fcm.web",  //root context for Controller Web backend

"enabled": true,      //forward requests through UI service




"options": {

"ws": true,




// details for Controller web backend connection

"target": {

"host": "controllerservername.domain.com",

"port": 3000,

"protocol": "http:" //set https: for SSL

},

"secure": true  //set this to false if Controller Web Backend is using Self Signed certificates

}

},

{

"urlPath": "ibmcognos",  //root context for Controller Server Backend

"enabled": true,      //forward requests through UI service




"options": {

"ws": true,




//details for Controller Server connection

"target": {

"host": "controllerservername.domain.com",

"port": 80,

"protocol": "http:" //set https: for SSL

},

"secure": true  //set this to false if Controller Server Backend is using Self Signed certificates

}

}],







//Details for Controller UI service 

"expressJs": {

"host": "controllerservername.domain.com", //interface used by Controller Web UI Service

"port": "9080",              //port used by Controller Web UI Service

"adminContext": "admin",

"enableAdminApp": true,

"enableRemoteExcel": false,

"enableClient": false,

"enableFap": true,

"enableFileSettings": true,

"enableIBMIDAuth": false,

"enableEncryption": false,

"allowedOrigin": '{allowedOrigin}',

"oidcProvider": 'IBMid', //IBMid or google or azure

"options": {




//Add ssl object with path to certificates file below for using HTTPS 

//Note: the protocol in proxies section must also be set to HTTPS

                /*

                "ssl": {

// certificates

"key": fs.readFileSync(__dirname+"/keyfile.key"),  //__dirname points to ccr_64\frontend

                    "cert": fs.readFileSync(__dirname+"/cert.crt"),

                    "passphrase":"changeit"

}

*/

},




//false to enable "real time updates" feature for all the users

//true to disable "real time updates" feature for all the users

"disableRealTimeUpdates": false

},

ibmIDConfig: {

"discoveryEndpoint": "{discoveryEndpoint}",

"client_id": "{client_id}",

"client_secret": "{client_secret}",

"redirect_uris": ["{basePath}/auth/sso/callback"]

},

"entryPoints":

{

"paLink": "http://tm1servername.domain.com:9510/tm1web"

},

}

Reboot the Microsoft Windows Server, and then try to run the SyncDBConf.bat command again.

More Information:

https://www.ibm.com/docs/en/cognos-controller/11.0.1?topic=only-configuring-controller-web

Excel shrink when you open it from Cognos Controller

May 6, 2024 by Roger·Comments Off

Product:

Cognos Controller 11

Microsoft Windows 2022 server

Issue:

You click on the excel icon in cognos controller to start Excel program. The excel program starts very small.

Solution:

Remove the ccr.exe properties to adjust screen resolution (change high DPI settings) or

open a excel document first in excel, before you login to cognos controller from excel, and run a report.

You have change the ccr.exe properties to not make cognos controller shrink when you open a java menu inside the cognos controller program. This is done by go to C:\Program Files\IBM\IBM Cognos Controller Local Client folder.
Right click on CCR.exe > Properties > Compatibility > Change high DPI settings > Check Override high DPI scaling behavior. Scaling performed by: System (Enhanced).

https://www.ibm.com/support/pages/controller-screen-shrink-after-opening-java-related-menu-function

If user need to send report to Excel, they need to have an Excel book open first before run send to Excel. Otherwise the Excel will shrink after apply setting.

More Information:

https://www.ibm.com/support/pages/screen-shrinks-after-opening-java-related-menu-function-caused-limitation-apar-pi94499

https://www.ibm.com/support/pages/controller-screen-shrink-after-opening-java-related-menu-function

Files are in use when try to upgrade CA11

May 3, 2024 by Roger·Comments Off

Product:

Cognos Analytics 11.2.4

Issue:

Can not install CA11 as there are file in use.

Solution:

Stop the ibm cognos service and set it to manual in windows services manager.

Stop the IIS ( World Wide Web Publishing Service ) and set it (W3SVC) to manual.

Reboot the Windows server, to clear the memory.

Go to the folder where you have the CA11 media.

Now start the installation from; a file like analytics-installer-3.7.21-win.exe

https://www.ibm.com/support/pages/ibm-cognos-analytics-1124-fix-pack-2

Ensure that you have backed up the content store database, and saved the cognos configuration as a text file, before you start the upgrade of Cognos Analytics.

If the setup fail during installation, you may have files to restore in folder C:\Program Files\ibm\cognos\analytics\install_backup

More Information:

https://www.ibm.com/support/pages/how-upgrade-your-version-cognos-analytics

https://docs.oracle.com/en/industries/health-sciences/inform/cognos1124-install/index.html?toc.htm?227090.htm

https://docs.oracle.com/en/industries/life-sciences/inform/cognos1124fp2-install/index.html?toc.htm?227238.htm

The IBM Cognos Analytics installation consists of two components: the installer executable and a repository zip file.

Download the ca_instl_win_3.6.39.exe and ca_srv_win64_11.2.4.zip files from My Oracle Support (MOS) in Patch 23294044.
Right click on ca_instl_win_3.6.39.exe, and select Run as administrator.
Select the language to use for the installation, and click Next.
The Repository selection page appears.
Click Choose, browse to the server repository where the ca_srv_win64_11.2.4.zip file is located, click Open, and then click Next.
The install getting started page appears.
Select IBM Cognos Analytics, and click Next.
Review and accept the license agreement, and click Next.
In the Installation location field, browse to or type the drive and destination folder for the Cognos Analytics application (for example E:\cognos\c11), and click Next.
If the Folder does not exist message appears, click Yes to create the folder.

Select the appropriate installation type and components depending on your server configuration, and click Next. Do not select the Optional Gateway component.

Server Configuration	To install…	Installation type	Choose components
Single server	Content Manager and Report Server	Custom	Content Tier (mandatory) Application Tier
	Active Content Manager	Custom	Content Tier (mandatory) Application Tier
Distributed environment	Standby Content Manager	Custom	Content Tier (mandatory) Application Tier (mandatory)
	Report Server	Custom	Application Tier (mandatory)

Review the pre-installation summary, and click Install.
The installation program installs the components that you selected. This takes several minutes. When the component installation is complete, the Complete page appears.
Click Done.
On the Complete page, click Done.
Open the cmplst.txt file in the Cognos installation directory.
Look for the line Manifest=casrv-manifest-11.2.4-2212070924-winx64h.json to confirm that Cognos Analytics 11.2.4 is installed successfully.

Upgrade to IBM Cognos Analytics 11.2.4 FP2

Install IBM Cognos Analytics 11.2.4 FP2 software on all the applicable servers:

Download the analytics-installer-3.7.12-win.exe and casrv-11.2.4-2307061628-winx64h.zip files from My Oracle Support (MOS) in patch 23294044.
Stop all IBMCOGNOS and IIS services, set them to manual.
Reboot the Windows server to clear the memory before starting the installation.
Right click on analytics-installer-3.7.12-win.exe, and select Run as administrator.
Select the language to use for the installation, and click Next.
The Repository selection page appears.
Click Choose, browse to the server repository where the casrv-11.2.4-2307061628-winx64h.zip file is located, click Open, and then click Next.
The install getting started page appears.
Select IBM Cognos Analytics, and click Next.
Review and accept the license agreement, and click Next.
In the Installation location field, browse to or type the drive and destination folder for the Cognos Analytics application (for example E:\cognos\c11), and click Next.
A warning appears informing you that you are installing in the same location as a previous location and that files will be overwritten.
Click Yes to agree to choose this location.
Review the pre-installation summary, and click Install.
A warning appears informing you about failure in pre-action installation step. Click OK to continue.
Click Done.
On the Complete page, click Done.
Open the cmplst.txt file in the Cognos installation directory.
Look for the line casrv-manifest-11.2.4-2307061628-winx64h.json to confirm that Cognos Analytics 11.2.4 FP2 is installed successfully.
Go into Cognos Configuration – check that the environment values are correct – click save.
Change the IBMCOGNOS service to automatic, the same for the WWW service.
Reboot the Windows server.
Wait 20 minutes.
Check that you can login to Cognos Analytics.

Problems solved can be found in the Fix List for Cognos Analytics 11.2.4 FP2

Entitled Bundled Customers use this link Cognos Analytics 11.2.4 FP2 to get access to download Cognos Analytics Fix Pack 2.

“Cannot open database “yourdatabasename” requested by the login. The login failed

May 2, 2024 by Roger·Comments Off

Product:

Cognos Analytics 11.1.7

Microsoft SQL server 2019

Issue:

Try to connect to content store database from CA11 installation, in Cognos Configuration give you a error message.

Solution:

Error message:

Content Manager failed to connect to the content store. The connection string is “jdbc:sqlserver://192.168.1.77:1433;databaseName=ca11update;applicationName=IBM_C11_CM”. The error encountered is: “Login failed for user ‘cognos’. ClientConnectionId:

Then you have enter the wrong password.

Error message:

Content Manager failed to connect to the content store. The connection string is “jdbc:sqlserver://192.168.1.77:1433;databaseName=ca11update;applicationName=IBM_C11_CM”. The error encountered is: “Cannot open database “ca11update” requested by the login. The login failed. ClientConnectionId

Then you have enter the wrong name of the database.

More information:

https://www.ibm.com/support/pages/content-manager-failed-start-because-it-could-not-load-driver-commicrosoftsqlserverjdbcsqlserverdriver-when-starting-ibm-cognos-service

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Analytics-Cognos-connection-to-SQL-server-fails-when-server-is/ta-p/113351

https://www.ibm.com/support/pages/cm-sys-5003-content-manager-not-configured-listen-tcpip-when-starting-cognos-bi-service

Can i write to a file share in TM1 v12?

May 1, 2024 by Roger·Comments Off

Product:
Planning Analytic in containers (v12)

Issue:

Can i write to a file share from a Tm1 TI process?

Solution:

No, you can not use the old TI command ASCIIOUTPUT

The solution, i guess. is that you need to have a external script (tm1py) that get the data to file by doing HTTP REST API calls to the Planning Analytics installation.

https://github.com/cubewise-code/tm1py

This command only access the tm1 instance data folder in v12 of Planning Analytics.

TurboIntegrator function changes

The following TurboIntegrator file functions now work only with files in the database content directory or its child directories:

AsciiDelete
AsciiOutput
AsciiOutputOpen
FileExists
SetOutputEscapeDoubleQuote
TextOutput
WildcardFileSearch

Going from v11 to v12, you have to rewrite code that access the file system.

How to do things in the new version of Tm1 is mostly found in the community……

https://community.ibm.com/community/user/businessanalytics/discussion/planning-analytics-engine-drill-through-to-asciioutput-file

https://community.ibm.com/community/user/businessanalytics/blogs/edward-stuart/2023/10/13/executehttp?CommunityKey=8fde0600-e22b-4178-acf5-bf4eda43146b&Tab=groupdetails

More Information:

https://www.linkedin.com/pulse/developers-perspective-navigating-transition-tm1-v12-shane-bethea-2fwke

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=engine-changed-features-components-in-planning-analytics

Planning Analytics Engine (v12) does not support the C, Java, .Net, and all internal and experimental versions of the REST API. Only the OData compliant REST API is supported for interaction with the Planning Analytics Engine database.

Because older APIs are no longer supported, clients such as Architect and Perspective, do not work with Planning Analytics Engine.

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=engine-deprecated-features-components-in-planning-analytics

The following TurboIntegrator functions are not supported in Planning Analytics v12 Engine:

AddInfoCubeRestriction
AllowExternalRequests
AssignClientPassword
AssociateCAMIDToGroup
BatchCellIncrement
BatchUpdateFinish
BatchUpdateFinishWait
BatchUpdateStart
CGAddPromptValues
CGPromptGetNextMember
CGPromptSize
CreateHierarchyByAttribute
CubeDataReservationAcquire
CubeDataReservationGet
CubeDataReservationGetConflicts
CubeDataReservationRelease
CubeDataReservationReleaseAll
CubeGetLogChanges
CubeSaveData
CubeSetConnParams
CubeSetLogChanges
DisableBulkLoadMode
EnableBatchCellIncrement
EnableBulkLoadMode
ExecuteJavaN
ExecuteJavaS
LockOff LockOn
RefreshMDXHierarchy
RemoveCAMIDAssociation
RemoveCAMIDAssociationFromGroup
SaveDataAll ServerShutdown
SetChoreVerboseMessages
SetOdbcUnicodeInterface
SwapAliasWithPrincipalName

https://www.ibm.com/docs/en/planning-analytics/2.0.0?topic=attf-asciioutput-1

https://www.ibm.com/support/pages/ibm-planning-analytics-20-fix-lists#anchor5

Example of write to PAL using TM1PY

https://gist.github.com/MariusWirtz/751c153a568d0f029c65f701fc6c03c8

https://succeedium.com/teamone/features.html

Transaction log files can be used for auditing and data recovery

April 24, 2024 by Roger·Comments Off

Product:
Planning Analytics 2.0.9.x
Microsoft Windows 2019 server

Issue:
Can i prevent user from change the transaction log files?

Solution:
That is the default – tm1 admin and users can not change the transactions log file from inside Planning Analytics (Tm1 architect).

You must have direct access to the TM1 server and the logg folder, and you can only change the file when the TM1 instance is stopped.

If you do not allow people access to the windows server disk – then the files can not be tampered with.

The transactions log can be read and search from inside TM1 architect, or PAW.

The following information is recorded in the tm1s.log file:

Date and time the change was made
Name of the client who made the change
Whether the new data is simple data (N) or string data (S)
Value before the change
Value after the change
Name of the cube in which the change was made
Elements that identify the cell that changed

More Information:

Transaction logging can be enabled and disabled for specific cubes by setting the LOGGING column in the }CubeProperties cube. Transaction logging is typically needed on cube transactions only during period of manual user data entry. For more information, see Enabling and disabling transaction logging.
The current transaction log file is named tm1s.log. The tm1s.log file is locked by the TM1 database and cannot be viewed or edited with a text editor. The current transaction log file is renamed to tm1s<timestamp>.log during a SaveDataAll (SaveDataAll happens automatically on shutdown or restart). An empty tm1s.log file is generated when the TM1 database starts and during a SaveDataAll without a database restart. For more information, see SaveDataAll.
The tm1s timestamped files, can be moved to other storage area for secure storage, if they are needed for later analysis.
If the server is intentionally shut down without saving the changes, the log file is saved with a timestamp and the extension is changed to .rej. You can process the tm1s<timestamp>.log file through TurboIntegrator to recover the transactions.
During an improper server shutdown, the tm1s.log remains as is and is not timestamped during shutdown. When the server restarts, it recognizes the presence of an old tm1s.log file and prompts you to choose between recovering the new log from the old existing log.
By default, TM1 logs transactions to all cubes loaded on the server. As the system administrator, you have the option to turn off logging for particular cubes. When you disable logging, TM1 accelerates updating the data but you cannot recover the updates in the event of a system failure.

https://exploringtm1.com/using-tm1-log-files/

The transactions log – IBM Documentation

How add a step in Power BI

April 24, 2024 by Roger·Comments Off

Product:

Microsoft Power BI desktop

Issue:

Would like to add a step inside a existing step list in Power BI desktop.

Solution:

Go to Transform Data. Select that Query you want to change steps for.

In the right “applied steps” column, mark the row where you want to insert a blank step below.

Click on FX icon to add a step.

Now you can paste code from other step into the = #”Replaced Value” field, or do the transforms you need.

Save the report.

More Information:

https://learn.microsoft.com/en-us/power-query/applied-steps

https://learn.microsoft.com/en-us/power-bi/

https://learn.microsoft.com/en-us/power-bi/transform-model/dataflows/dataflows-configure-consume

https://learn.microsoft.com/en-us/power-bi/create-reports/desktop-buttons?tabs=powerbi-desktop

https://learn.microsoft.com/en-us/power-bi/transform-model/desktop-common-query-tasks

What is Include In Report Refresh

April 18, 2024 by Roger·Comments Off

Product:
Microsoft Power BI

Issue:

What is Enable Load and Include In Report Refresh in the power bi transform data for each query?

Solution:

“Include In Report Refresh” means query is automatically refreshed when you press “Refresh” button on the ribbon. “Enable Load” means query results are available for report builder. Otherwise you may use it in your other queries (for example to merge data), but it is not shown in the report builder.

If you have a query that use a other query, that is unchecked “Include In Report Refresh”, then both query’s are updated when you update the first query.

This works in Power BI Desktop but not in Power BI service at 2022, but can have changed. If you unchecked Include in report refresh – The functionality works only in Power BI Desktop and it will not have any impact in Power BI Service i.e. if you refresh report in Power BI service, this will still refresh all the queries even through Include in report refresh is unchecked.

More Information:

https://www.purplefrogsystems.com/2021/04/power-bi-enable-load/

Keep The Existing Data In Your Power BI Dataset And Add New Data To It Using Incremental Refresh