Product:
Cognos Controller 10.4.2
Cognos Analytics 11.0.13
Microsoft Windows 2012 server

Problem:
When run a standard report you get a error inside Cognos Controller only on a new database.

Error:
RQP-DEF-0177 An error occurred while performing operation
‘sqlPrepareWithOptions’ status=’-56′.
UDA-SQL-0115 inapproproeate SQL request
UDA-SQL-0564
invalid column name ‘lookupwebgrpename’

Possible Solution:
That you have setup the data source manually in Cognos Connection and are missing information.

1 Click Manage and go to the IBM Cognos Analytics Administration Console
2 Click on the Configuration Tab
3 Click on data source name and then on more… icon
4 Click Set properties
5 Click on Connection Tab
6 Click the pencil icon for Edit the connection string
7 Check that the sever name to database is correct.
8 If database name is missing – enter the correct database name.

9 Click OK
10 Click OK
11 Click Test the connection icon, far to the right.
12 Click Test
13 Click Close
14 Click Close
15 Click OK
16 Click OK

More information:
https://www.ibm.com/support/pages/error-rqp-def-0177-sqlpreparewithoptions-status-56-when-running-some-standard-reports
https://www.ibm.com/support/pages/error-rqp-def-0326-user-defined-sql-not-permitted-user-who-has-identity-when-running-controller-standard-reports
https://www.ibm.com/support/pages/how-manually-create-cognos-data-source-use-controller-standard-reports

Product:
Cognos Controller 10.3.1
Microsoft Windows 2016

Problem:
User is stuck inside Excel when using the buttons for the controller add-in.

Solution:
Close excel and cognos controller clients.
Login to Cognos Controller as the user with the problem.

Click “Maintain / User / Personal Defaults > tab Layout (2)”
Untick the box ‘Save Window Size’
Click Save
Logoff from Controller, and re-launch the Controller client.

Go to Company – data entry – and try again.

More Information:
https://www.ibm.com/support/pages/controller-hangs-freezes-crashes-when-click-intercompany-details-button-inside-data-entry-company-journals-caused-save-window-size-setting
https://www.ibm.com/support/pages/troubleshooting-errors-user-xyz-already-logged-database-and-no-licence-available-moment
https://www.ibm.com/support/pages/user-xyz-already-logged-database-triggered-closing-excel-wrong-time-earlier-solved-using-exceleagerload

Product:
Cognos Controller 10.3.1 interim fix 13
Microsoft Windows 2012 server

https://www.ibm.com/support/pages/cognos-controller-builds-ccr-name-and-database-version

Problem:
After update with a interim fix to Cognos Controller, user get a error when start of a JAVA based dialog, like JOBS DEFINE or COMMAND CENTER.

Solution:
On the IIS manager, for the application folder CONTROLLERSERVER set to allow “Anonymous Authentication”, and only have “Windows Authentication” on virtual folder IBMCOGNOS or SSO.

More Information:
https://www.ibm.com/support/pages/node/1119885
https://www.ibm.com/support/pages/how-upgrade-controller-1031x-later-interim-fix-if-fix-pack-patch-level

Product:
Cognos Controller 10.4.2
Microsoft Windows server 2012 R2
Microsoft SQL Server 2016

Problem:
After restore of one old Cognos Controller database backup, you get this error when you try to create a SQL account for the database.

Error:
The server principal ‘fastnet’ already exists

Solution:
Go into Microsoft SQL Server Management Studio as Administrator
Mark your newly restored controller database
Expand the Tables and check the schema name (mostly it is fastnet)
Click on “New Query”
Past in this code (edit the name and update the ‘ to be correct symbol)
EXEC sp_change_users_login ‘Auto_Fix’, ‘fastnet’
Click on Execute.

The row for user ‘fastnet’ will be fixed by updating its login link to a login already in existence.
The number of orphaned users fixed by updating users was 1.
The number of orphaned users fixed by adding new logins and then updating users was 0.

This should create and update the SQL server with the account used for the controller database.

More information:
https://sqlserverbuilds.blogspot.com/
https://www.crestwood.com/2017/05/24/error-creating-new-sql-user-server-principal-already-exists/

Product:
Cognos Controller 10.3.1
Microsoft Windows 2012 server

Problem:
Several controller users are thrown out of the cognos controller client at reporting week.

Error message:

Solution:
Check the firewall between the servers, controller servers and citrix servers.
Is there any new rules that have been implemented?

Does other application that also use citrix servers have issues with connection losses?

Turn off aggressive Aging in your firewall.

Also check if the Windows SQL server demand TLS 1.2, and you need to update the Windows registry to not use TLS 1.2 communication on the cognos servers. Set this values on cognos server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]

“DisabledByDefault”=dword:00000000

“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]

“DisabledByDefault”=dword:00000000

“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

“DisabledByDefault”=dword:00000000

“Enabled”=dword:00000000

If it does not help, then also try to change the DoS attacks settings in Windows;

https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=6859390e-7047-41d2-930e-a1ecd87ba3bb&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

A change in TCP/IP service are going to enable DoS protection.

1. Run regedit.exe
2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name TcpMaxHalfOpen, then press Enter.
5. Double-click the new value, set it to 100, then click OK.
6. Enter the name TcpMaxHalfOpenRetried, then press Enter.
7. Double-click the new value, set it to 80, then click OK.
8. Enter the name SynAttackProtect, then press Enter.
9. Double-click the new value, set it to 1, then click OK.
10. Reboot the machine.

If above is set, try to remove it with SynAttackProtect value set to 0.

When SynAttackProtect value is 0, it offers no protection. Value 1 indicate to delay the response Notification untill three way handshake is complete by the received by the SYN packet. By default, this is not invoke untill it exceeds the TcpMaxHalfOpen and TcpMaxHalfOpenRetried values. The values TcpMaxHalfOpen and TcpMaxHalfOpenRetried could be changed, and I strongly recommend to test with different settings in your environment, then choose the best ones.

https://www.informit.com/articles/article.aspx?p=371702

More Information:
https://sc1.checkpoint.com/documents/R76/CP_R76_IPS_AdminGuide/12857.htm

Understanding Aggressive Aging

To increase gateway stability, aggressive Aging helps manage the capacity of the connection table and gateway memory consumption.

Aggressive Aging introduces a new set of short timeouts called aggressive timeouts. When a connection is idle for more than its aggressive timeout, it is marked as “eligible for deletion”. When the connections table or memory consumption reaches a user defined threshold, Aggressive Aging begins to delete “eligible for deletion” connections until memory consumption or connection capacity falls to the desired level.

Aggressive Aging lets the Security Gateway handle large amounts of unexpected traffic, for example during a Denial of Service attack.

If the defined threshold is exceeded, each incoming connection triggers the deletion of ten connections from the “Eligible for Deletion” list. An additional ten connections are deleted with every new connection until the memory consumption or the connections capacity falls below the enforcement limit. If there are no “Eligible for Deletion” connections, no connections are deleted but the list is checked for each subsequent connection that exceeds the threshold.

Timeout settings are a key factor in memory consumption configuration. When timeout values are low, connections are deleted faster from the table, enabling the firewall to handle more connections concurrently.

Best Practice: When memory consumption exceeds its threshold, work with shorter timeouts that can maintain the connectivity for the majority of the traffic.

In the Aggressive Aging Timeouts are enforced when section, select whether they will be enforced if the Connections table exceeds a limit, if Memory exceeds a limit, or if both exceed their limits.

If you select both, the values in the percentage fields of the other options are applied. Default is 80%, with connections from the “Eligible for Deletion” list being deleted if either the Connections table or Memory consumption passes this limit.

Note – The limits for the Connections table and Memory consumption are set for each profile. The Aggressive Aging timeouts are global. Therefore: different gateways may enforce the same timeouts at different thresholds.

Activate this protection in either Prevent or Detect mode.

Product:
IBM Cognos Controller 10.3.1
Microsoft Windows 2008 R2 server
Microsoft Excel 2008

Problem:
When inside Cognos Controller click on the icon to start excel, you get a error;
APPCRASH. CCR.exe

Error:

Solution:
Install a newer version of Excel.

Cognos Controller 10.3.1 only supports excel version 2010, 2013 and 2016.

https://www.ibm.com/support/pages/ibm-cognos-controller-1031-supported-software-environments

Product:
Cognos Controller 10.4.2
Microsoft Windows 2012 R2 server
Microsoft SQL server

Problem:
How upgrade a new restored database to the latest Cognos Controller version?

Solution:
When a database backup from a previous version is restored on the SQL database server, it needs to be upgrade after it is connected.
You need also to update the data sources in CA11 by click on repair button, in Controller Configuration.

Login to the Controller server (if you have more than one controller server, you need to repeat the first step to configure the new controller database in controller configuration on all servers).
Right click on Controller Configuration and open it as an Administrator.

Go to Database Connections
Click on the icon for a new connection
At database type select SQL Server

Fill in the name of the database, as the users in cognos controller will see it.
Enter the provider to be SQLNCLI11.1
Enter the user id, to the SQL login you have for the database.
Enter the SQL user password.
At Initial catalog, you enter the name of the database as seen on the SQL server.
At data source you enter the name of the windows server that run SQL server.

(if unsure of what to enter, check on the previous database setup parameters)
Click on the test icon, to ensure you got it all right.

Click save.  (Only Above need to be done on the other controller servers too.)

Click on the green arrow to start the DBConv program.

Click on Connect Button to connect to the new database and see what version it have today.

Click on Upgrade Button to upgrade the database to latest Cognos Controller version.

When done, and no errors are shown, click on Close.

Now you have to update the BI database connections, by go to Report Service, in Controller Configuration.
Click on Check icon.

Click on Repair button.
Close Controller Configuration.

Then on the Controller Web server, you need to start a CMD prompt as an administrator.
Inside CMD you need to move to folder C:\Program Files\IBM\cognos\ccr_64\fcmweb

cd C:\Program Files\IBM\cognos\ccr_64\fcmweb

Type the following command to update Controller web:

SyncDBConf.bat    ..\Data   wlp\usr\shared\config\datasources

Now the ControllerWeb application should know about the new Controller Database.

Best is to restart the Windows servers where Cognos Controller is installed, to make the changes noticed. You need to restart the CA11 servers in correct order.

At least you need to restart the IBM Cognos Controller Batch Service.

If you have several controller servers, the Controller Batch Service must only be running on the Controller Master server.

More information:
https://www.ibm.com/support/pages/how-migrate-upgrade-upsize-existing-database-new-later-version-controller
https://www.ibm.com/support/knowledgecenter/SS9S6B_10.4.2/com.ibm.swg.ba.cognos.qrc_ctrl_inst.doc/t_qsg_ctrl_config_controllerdb.html

https://www.ibm.com/support/pages/missing-database-connection-choices-when-using-controller-web

Product:
Cognos Controller 10.4.1 web
Microsoft Windows Server 2016

Problem:
Change to use DNS alias to the cognos controller server, and now can not login to the Controller Web,
“Server is not reachable or still initializing, please refresh the page in a few seconds”
If you surf direct to servername, then controller web works, it is only with dns alias that give the error.

Solution:
You need to change to the DNS alias in the file for Controller Web front end.
Stop the IBM Cognos Controller Web UI service
Start NOTEPAD as administrator
Open file D:\Program Files\ibm\cognos\ccr_64\frontend\config.js
Change the server name at line 25 to be the dns alias

“expressJs”: {
“host”: “dnsalias.domain.com”, //interface used by Controller Web UI Service
“port”: “9080”, //port used by Controller Web UI Service

Save the file.
Start the IBM Cognos Controller Web UI service

Test to surf to http://dnsalias.domain.com:9080/ to see if Controller Web works.

Now to surf to server name, should not work instead.

More Information:
https://www.ibm.com/support/pages/server-not-reachable-or-still-initializing-please-refresh-page-few-seconds-error-launching-controller-web-caused-incorrect-tcp-port-inside-serverxml
https://render-prd-trops.events.ibm.com/support/pages/troubleshooting-server-not-reachable-or-still-initializing-please-refresh-page-few-seconds-error-launching-controller-web
https://www.ibm.com/support/knowledgecenter/en/SS9S6B_10.4.1/com.ibm.swg.ba.cognos.ctrl_inst.doc/t_contrweb_configure.html

In cmplst.txt you will find this version for controller 10.4.1:

LICENSE_CONTROLLER_version=LICENSE_CONTROLLER-AW64-ML-RTM-10.4.1100.1-0
LICENSE_CONTROLLER_name=IBM Cognos 8 License
SWTAG_CONTROLLER_version=SWTAG_CONTROLLER-AW64-ML-RTM-10.4.1.1-0
SWTAG_CONTROLLER_name=SWTAG CONTROLLER
CONTRL_version=CCR-AW64-ML-RTM-10.4.1100.133-0
CONTRL_name=IBM Cognos Controller

Product:
Cognos Controller 10.4.1
Microsoft Windows 2016 server

Problem:
Controller admin try to update users in Maintain – Rights – User dialog, for a installation where CAM security is used. He can not see the connected CAM users in the list.

Solution:
You must be part of Cognos Connection security group Controller Administrators. Only people in this group can change things inside controller security dialog.

When you open the user dialog, you maybe got a message “The user currently logged in is not authorized to use this method”. That means you are not part of the Controller Administrator group.

Add the person to the Controller Administrator group in Cognos. The Controller Administrator group is not the same as the ibm Cognos Controller administrator authorized user license. This is controlled by access to the Maintain menu.

More Information:

https://www.ibm.com/support/pages/controller-licensing-what-difference-between-administrator-and-non-administrator-user

https://www.ibm.com/support/knowledgecenter/en/SS9S6B_10.4.1/com.ibm.swg.ba.cognos.ctrl_ug.doc/t_usurrrigh.html#usurrrigh

Product:
Cognos Controller 10.4.1 FAP service
Planning Analytics 2.0.6
Microsoft Windows 2016 server

Problem:
You get a error when run first IP in a new setup of FAP and TM1 instance.

Error in log file D:\Program Files\ibm\cognos\ccr_64\Server\FAP\error.log
10:00:08,849 | ERROR [fap.service.schedule.Scheduler] [schedulerThread], Could not logon to TM1
javax.naming.ConfigurationException: The TM1Server fap is neither in BASIC or in CAM mode
at com.ibm.cognos.fap.common.persistence.tm1.TM1Context.login(TM1Context.java:110)
at com.ibm.cognos.fap.service.schedule.Scheduler.updateDatamarts(Scheduler.java:567)
at com.ibm.cognos.fap.service.schedule.Scheduler.run(Scheduler.java:257)
at com.ibm.cognos.fap.service.schedule.Scheduler$1.run(Scheduler.java:162)
at java.lang.Thread.run(Thread.java:812)

Solution:
Change to IntegratedSecurityMode=5 from IntegratedSecurityMode=2 in TM1s.cfg file for the TM1 application.

During setup you have been in mode 2 to be able to add the windows service account that is going to be used by the FAP service to login to the TM1 solution. Keep in mind when you setup the DataMart (TM1 server) you need to specify the user login to TM1 with namespaceid\user name as NamespaceID looks in Cognos Configuration (CA11) and user name as you can find it in Cognos Connection. Something like this:

Domain\Lastname Firstname

The field in Edit Data Mart is case sensitive and space sensitive.

More Information:

https://www-01.ibm.com/support/docview.wss?uid=swg21679216

https://www.ibm.com/support/knowledgecenter/en/SS9S6B_10.4.1/com.ibm.swg.ba.cognos.ctrl_inst.doc/t_win_conf_cam.html