by ·Comments Off on How backup PAW

Product:
Planning Analytics Workspace version 96
Microsoft Windows 2019 server

Issue:

How do I schedule backup of the PAW to disk?

Solution:

Try to use the scheduler inside Windows server.

Go to control panel.

Go to Task Scheduler.

Click on create a basic task

Click Next

Select weekly (if you want that) and click next

Set a time and day of week, and click next

Select “start a program” and click next

Enter “powershell.exe” as the program, and in arguments dialog enter the script you want to run; after -file parameter.

-file   D:\PAW96\scripts\backup.ps1

Above path can be different in your Environment. Click next.

Click finish.

Now this should restart the PAW services and make a backup for you, in folder D:\PAW96\backup\backup_2024_10_18_23_30_00

To get it to work, you may have to go back into “properties” and change the task to run for a systemaccount.

Also you should limit the task, to not run to long.

 

 

More Information:

https://blog.netwrix.com/how-to-automate-powershell-scripts-with-task-scheduler 

https://exploringtm1.com/how-to-upgrade-planning-analytics-workspace/ 

https://blog.atwork.at/medium.aspx?id=9a0dc8a0-5b51-40d4-8dd7-c0cab4e5564c&date=/post/2020/06/25/ 

https://blog.danskingdom.com/Run-PowerShell-as-another-user/

by ·Comments Off on PAW Synchronization

Product:
Planning Analytics Workspace 96
Microsoft Windows 2019 Server

Issue:
How sync two objects in PAW?

Solution:

Go into PAW, and create a new Book.
Expand the cube view you want to show.
Add the view to the book.

If you want the plan_report dimension (budget) to be selectable, click on the dots, and go to add widget as – selector list.

Put the box above the view, in a nice format.

Select the Open Set editor, to select what element should be possible to select.

After you select the element they should be able to select, click apply.

Now you need to set up the Synchronization. First when no item selected, go to the Properties and Synchronize and check that the group is Sheet.

Then click on the budget widget and go to Properties and Synchronize

Ensure that synchronize set is on, as shown above.

Then click on the view and go to Properties and Synchronize

Ensure the dimension plan_report is selected, and none of the others. Then active the Synchronize hierachies.

 

Save the book with a good name, and now it should work to select “budget” to get a display of that numbers.

 

More Information:

https://revelwood.com/ibm-planning-analytics-tips-tricks-how-to-set-up-synchronizations-in-ibm-planning-analytics-workspace/ 

Quick Tips – Selection Widget Synchronization

by ·Comments Off on The user must enroll their device with an approved MDM provider like Intune

Product:

Microsoft Power BI portal

Issue:

When refresh a powerbi report ( e.g. Semantic model ) we got a error – this report worked before in the Power BI portal workspace. Error is like:

Data source error{“error”:{“code”:”DMTS_OAuthTokenRefreshFailedError”,”pbi.error”:{“code”:”DMTS_OAuthTokenRefreshFailedError”,”details”:[{“code”:”DM_ErrorDetailNameCode_UnderlyingErrorMessage”,”detail”:{“type”:1,”value”:” Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune…

 

Solution:

You must be in Microsoft Edge web browser to do this change, if you do the change in Chrome, it will not work.

On your reports Semantic model – click on the 3 dots and select “settings”.

Go to data source credentials and click on edit credntials that is marked as not working.

And enter your windows account credentials again.

Now it should be green, and this login is affecting all your reports – if the access point is the same.

Now click the “refresh” icon to update you PowerBi report semantic model in the portal.

 

 

If above does not work, try below.

Download the Semantic model to you computer.

Restart your computer.

Login to your company windows account.

Open the PowerBI pbix file, and refresh the report.

You will be prompted to login to the datasource.

Enter your credintials for windows account.

When the report is refreshed and working in PowerBI on your computer.

Save the report.

Publish the report to the powerbi portal – overwrite the previus report.

 

More Information:

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions

Blood, Sweat, and built-in compliance policy

There is a known issue with the Chrome browser that can cause this error to occur. If there is no device information sent in the sign-in logs, this might be the problem. Device information is sent when there is a PRT and the user is logged onto the browser. If the user is using Chrome, the Windows 10 accounts extension is needed.

If this is the case, you can test by asking the user to logon to the Edge browser or install the Windows 10 accounts extension to see if the issue is resolved.

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions

If they are signing in using Edge, they cannot use an incognito window because it will not pass the device state.

Is Microsoft Authenticator App is installed on the device? As Microsoft Authenticator is an broker app for iOS and would be needed to pass MFA and Device claims to Azure AD.

Sign-ins from legacy authentication clients also do not pass device state information to Azure AD.

 

Some years ago Microsoft stated that the in-app browser must be using a supported browser such as Edge, however, the Windows store uses Edge, and it also does not pass the device ID, so the conditional access policy can’t be compliant.

Many 3rd party applications use in-app browsers that are “not supported,” and it appears that Microsoft doesn’t offer the appropriate developer documentation that would allow 3rd parties to include this conditional access device information in their in-app browsers, even if they used Edge.

These are the links that were provided as dev resources:

https://www.graber.cloud/en/aadsts50131-device-not-required-state/ 

https://cloudbrothers.info/entra-id-azure-ad-signin-errors/ 

You may need to do below in chrome to get it to work…

this is the exact requirements (Chome-side, your Azure AD setup has its own stuff) you needed:

Latest “Chrome Enterprise Policy List”: https://support.google.com/chrome/a/answer/187202?hl=en

GPO Settings
User Configuration\Policies\Administrative Templates\Google\Google Chrome\HTTP Authentication
-Kerberos delegation server whitelist
autologon.microsoftazuread-sso.com,aadg.windows.net.nsatc.net
-Authentication server Whitelist
autologon.microsoftazuread-sso.com,aadg.windows.net.nsatc.net
# Needed if you’re blocking extensions from being installed to whitelist this one
User Configuration\Policies\Administrative Templates\Google\Google Chrome\Extensions
-Configure the list of force-installed apps and extensions (Enabled)
ppnbnpeolgkicgegkbkbjmhlideopiji
-Configure extension installation allow list (Enabled)
ppnbnpeolgkicgegkbkbjmhlideopiji

Note: That extension ID I pulled from https://chrome.google.com/webstore/detail/windows-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji (Windows Accounts)