Product:
Planning Analytics 2.0.5
Microsoft Windows 2016 server

Problem:
How do i copy files from one server to another server and keep the NTFS security?

Solution:
Check you have a file share on source server.
Create a file share on destination server.
Give everyone full access to the share.
Ensure that the user running the script is local administrator on both servers
Open notepad
Enter below line (modify it for your server names)
robocopy \\serverSource\ShareA \\serverDestination\ShareA /MIR /COPYALL /DCOPY:T /R:1 /W:1 /NP /TEE /LOG:d:\temp\ShareA-RobocopyResults.log
Save file as d:\temp\robocopyfiles.cmd

Open a command prompt as administrator
move to the folder where the script is
run
robocopyfiles.cmd

Check the log files for errors when it is done.

(solution is from this site https://social.technet.microsoft.com/Forums/en-US/3c42061c-d739-4c44-90ec-014b0e08c45c/how-to-copy-file-security-permissions-from-one-server-to-another-one-by-using-robocopy?forum=winserverfiles)
======================
TITLE “Copying ShareA from TestSource to TestDestination”
robocopy \\TestSource\ShareA \\TestDestination\ShareA /MIR /COPYALL /DCOPY:T /R:1 /W:1 /NP /TEE /LOG:C:\Logs\ShareA-RobocopyResults.log
PAUSE
======================

The switch functions are as follows:

/MIR – Creates a mirror copy.

/COPYALL – Copies ALL file attributes

/DCOPY – Copies (ie retains original) Directory Creation/Modified Timestamps. If you don’t include this, all directories will be recreated with NEW timestamps

/R:1 – Retry copy once on failure

/W:1 – Wait 1 second between retries

/NP – No Percentage Completion written to output

/TEE – Output progress to Command Window (I guess TEE = Terminal Emulation)

/LOG – Write out and save to a specified Log File

More information:
https://community.spiceworks.com/topic/278298-move-shared-folders-and-retain-file-and-share-permissions-with-robocopy

Product:
Planning Analytics 2.0.8
Microsoft Windows 2016 server

Problem:
When you click on a TM1 application Web link in Cognos Connection (from Cognos Analytics 11) you get a error. You also noted that the SSO did not work to your Cognos Analytics 11 webpage.
You can also get into pmpsvc page, but with wrong colors.

Error:
error, see logs

Solution:
To make a link from CA work to Planning Analytics Web (PMPSVC) you must login correct to Cognos Analytics (CA11) first.
Ensure you surf to http://servername/ibmcognos and not to http://servername:9300/bi/v1/disp

Please also try to, in Internet Explorer change the Compatibility view settings to be blank.

“Display intranet sites in Compatibility View” should be checked off.

More information:
https://www.ibm.com/support/pages/how-setup-tm1-web-and-tm1-applications-cam-authentication

https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button

Product:
Planning Analytics 2.0.9
Microsoft Windows 2016 server

Problem:
After upgrade to Planning Analytics 2.0.9, user of TM1 Application web (contributor) get a blank page or below error in web browser when they try to open a link.

Error:

Solution:
Clear the web browser cache before you surf to PMPSVC webpage.

You can also try a script to clean the browser cache, please test the script in your lab first.
Below script will clean Chrome browser cache:

REM echo %username% > C:\ProgramData\user.$$$

ECHO       Clearing Chrome cache
taskkill /F /IM “chrome.exe”

REM Set /p uname=< C:\ProgramData\user.$$$
REM set ChromeDataDir=C:\Users\%uname%\AppData\Local\Google\Chrome\User Data\Default

set ChromeDataDir=C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default
set ChromeCache=%ChromeDataDir%\Cache
del /q /s /f “%ChromeCache%\*.*”
del /q /f “%ChromeDataDir%\*Cookies*.*”

set ChromeDataDir=C:\Users\%USERNAME%\Local Settings\Application Data\Google\Chrome\User Data\Default
set ChromeCache=%ChromeDataDir%\Cache
del /q /s /f “%ChromeCache%\*.*
del /q /f “%ChromeDataDir%\*Cookies*.*”
ECHO      Clearing Chrome cache DONE

More Information:
https://community.spiceworks.com/topic/2018333-help-me-complete-batch-file-script-to-clear-google-chrome-cache-only
https://stackoverflow.com/questions/25210330/script-for-clearing-chrome-or-firefox-cache-on-windows

Product:
Planning Analytics 2.0.8
Microsoft Windows 2016 server

Problem:
What is the requirements for the windows service account to run TM1 servers?

Solution (from IBM web):

User accounts for running TM1 services on Windows

https://www.ibm.com/support/knowledgecenter/en/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/c_tm1serviceaccount_n701df.html

The account must have the following privileges on the local computer:

Act as part of the operating system

Bypass traverse checking

Increase quotas (Adjust memory quotas for a process)

Replace a process level token

Log on as a service

Have read and write privileges on the Windows Registry item

If you use “local system” you will not be able to use Kerberos, or have access to read csv files from external file shares.

https://www.ibm.com/support/knowledgecenter/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/c_integratedlogin_nc0007.html#IntegratedLogin_NC0007

In integrated login mode (security mode 3), TM1 authentication compares the user’s domain-qualified Microsoft Windows login name to the contents of the UniqueID element of the }ClientProperties cube.

If there is a match, the user is authenticated to TM1. If Active Directory groups have been imported into the TM1 Server, Active Directory group memberships are honored.

If no match is found, TM1 displays an error message stating that the client name does not exist. TM1 Server does not prompt for login information.

Users who want to access TM1 data in a server that is configured for integrated login must authenticate to Microsoft Windows first and then use TM1 clients to access the TM1 Server.

https://www.ibm.com/support/knowledgecenter/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/t_settingupintegratedloginmanually_nc0644.html

1. Run ETLDAP and import the user and group information from your LDAP server, as described in Running ETLDAP. Or update the }ClientProperties cube with other TI scripts.
   
2. Shut down the TM1 Server.
3. Edit the following parameters in the tm1s.cfg file located in your TM1 Server data directory:
   • Set the IntegratedSecurityMode parameter to 3.
   • Set the SecurityPackageName parameter to the security protocol you use for integrated login.

   In the following example, the server is configured to use Kerberos.

   [TM1S]
   SecurityPackagename=Kerberos
   IntegratedSecurityMode=3
   Servername=myserver
   DatabaseDirectory=datafiles

4. Save and close the tm1s.cfg file.
5. Restart the TM1 Server.
6. Optional: Configure the TM1 clients to use integrated login by setting the Use Integrated Login option in the associated user interface.

Follow the directions from IBM knowledge articles for most accurate information.

https://www.ibm.com/support/knowledgecenter/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/c_parametersinthetm1s.cfgfile_n1503fe.html

More Information:

Enabling Cognos single signon to use Kerberos authentication with constrained delegation

https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.0.0/com.ibm.swg.ba.cognos.inst_cr_winux.doc/t_inst_sso_active_drctry_constrained_del.html

You must configure the constrained delegation in the Active Directory Users and Computers administration tool. On the Delegation tab for all users (IISUser, CognosCMUser, and CognosATCUser), you must select Trust this user for delegation to specified services only and Use Kerberos only to use Kerberos with constrained delegation. Select Trust this user for delegation to specified services only and Use any authentication protocol if you are using the S4U Kerberos extension.

Product:
Planning Analytics 2.0.8  TM1_version=TM1-AW64-ML-RTM-11.0.8.37-0
Microsoft Windows 2016 server

Problem:
During installation of Planning Analytics on a new server, the server reboots.
Further investigation show that if you do not select to install “Performance Modeler” then the installation works. There are no errors in the Windows Event log for this issue.

Solution:
Remove McAfee virus software totally from server.

If you copy out the performance modeler msi file and only run installation of that you get this message from the anti-virus software.

You can create a cmd file with this content to run the installation;
msiexec /i “c:\temp\PerformanceModeler64.msi” /L*V “c:\temp\mypm.log” TARGETDIR=”c:\Program Files\pm” ALLUSERS=1

That will give a log file in folder c:\temp, that you can check for errors.

When you run new Planning Analytics Workspace installation on the same Windows server 2016, it will give this error if McAfee is installed.

The Start.ps1 file uses the file Debug-ContainerHost.ps1 to check for the program. The McAfee program need to be removed, not only stopped for the PAW installation to proceed.
if ($null -ne (Get-Process mcshield -ErrorAction Ignore) -Or (Get-WmiObject -class Win32_SystemDriver -Filter “DisplayName LIKE ‘%McAfee%'” | Where-Object -Property State -eq ‘Running’ | Measure-Object).Count -ne 0) ….

More Information:

https://www.ibm.com/support/knowledgecenter/SSD29G_2.0.0/com.ibm.swg.ba.cognos.tm1_inst.2.0.0.doc/c_paw_install_prereq.html

https://docs.docker.com/engine/security/antivirus/

Product:
Planning Analytics for Excel 2.0.8
Microsoft Excel 365 ProPlus version 1902 (Build 11328.20480 Click-to-Run)
Windows 10

Problem:
New install of PAX to client computer with Excel. After login, some areas is blank, and you can not select the dimensions elements you want.

Suggested Solution:
Inside your excel program go to options.
Change the [General -> User Interface Options] setting in the Excel options to ‘Optimize for Compatibility’
Exit excel and start it again.

More Information:
https://www.ibm.com/mysupport/s/question/0D550000061n93lCAA/planning-analytics-for-excel-options-window-is-completely-blank?language=en_US