13 Replies Latest reply: Jun 4, 2013 6:06 AM by Baldwin Baldwin RSS

QVWS separate server

Ricardo Gerhard

We have a  client that we are configuring your servers. Both QW 11 IR

The server in internal network are working fine. But we want to configure a QVWS in other server.

After the authentication page, the file doesn´t open .QVW´s, only message "No Server".

 

We want to know how file have the configuration about Qlikview Server, because we configured the server and servername/qlikview is presented and when username and password is verified.

I believe that one file have this string to make this config, but i don´t find.

 

Anyone have a idea?

  • QVWS separate server
    Brett Bleess

    You did not say whether you are using the QV Web Server or IIS here, and that would be good to know.  Basically, you have to ensure you have installed the QlikView Settings Service or the QlikView Web Server service along with the Client files components and web pages on the web server machine.  Then you must create the QVWS resource in the QMC to connect to the web server machine, so you can complete the configuration and be sure the web server knows how to get back to the QVServer machine.  Based upon your second paragraph in your post, it seems you may not have configured the QVWS resource in QMC in System\Setup, and once you do that, believe that may get you up and running correctly.  Be sure the service account you used on the QVServer machine is the same one you use on web server machine as well, or you may run into some further issues.  On the web server it would only be running the Settings or Web Server service.  If this does not quite get you there, please provide some further details about your configuration, and I may be able to help you further.

    • QVWS separate server
      Ricardo Gerhard

      Hi Brett,

       

      I´m using QVWS, not IIS.

      So, if I configured the QVWS in QMC, it will discover the another server with Qlikview Server installed?

      Did you do this configuration before? Do you have a checklist used by you? To compare configurations

      • Re: QVWS separate server
        Brett Bleess

        Sorry, I have been having major issues getting replies to post.  It sounds like you are close, but you need to be sure in QMC\System\Setup and the QlikView Web Servers you have a QVWS@server resource which points to the actual web server box, and the other important configuration note here is that you need to be sure on the AccessPoint tab settings for the QVWS resource and the Server Connections sub menu, that the 'Name' dropdown is correctly set to your QVS@server resource and not 'LOCAL', as that will not work very well in distributed configuration. 

        • Re: QVWS separate server
          Ricardo Gerhard

          Is this two servers want to be in Active Directory or can be isolate servers with local users like DMZ and Intranet?

          • Re: QVWS separate server
            Brett Bleess

            If you are doing DMZ, I would recommend you look into using Certificates instead of Accounts, but you can try local accounts, they will have to be the same name and have the same password, and you will have to supply the login on the QVWS resource since it is actually the local account on the other server.  The login tab on the QVWS resource is where you enter things, and it will be MACHINE\USER for the ID from what I recall.  If you decide to do Certificate option, I would wait for SR1 to come out for that.  Oh, you will need to be sure TCP port 4747 is open between DMZ and web server as well, as this is how the web server communicates back to the QVServer using QvsNetRemote dll.  I think that is everything of which I can think, hopefully this helps.

            • Re: QVWS separate server
              Ricardo Gerhard

              Thanks,

               

                              This configuration I didn´t saw. You´re correct.

               

              Att,

              Ricardo Gerhard

            • QVWS separate server
              Ricardo Gerhard

              Brett, other question about scenarios.

              I´ve 1 server with QVS in my internal network, with Active Directory Integration. I´ve another server in DMZ with QVWS. Both servers are communicating without problems with firewall.

              The Qlikview Internal Netword Server have DMS config and Active Directory Integration working fine.

              How I config QVWS DMZ Server authentication to use  Active Directory integration and open the documents ?

              • Re: QVWS separate server
                Brett Bleess

                Ricardo, without knowing the full configuration details, I cannot say if my answer is going to make complete sense, but just let me know if my assumptions are incorrect, and I will try to reply again with a further update. So basically, your web server figures out which DSC to use by the QVWS resource settings in the QMC System - Setup - QlikView Web Servers and your QVWS@server resources, you should have two I believe, one for your internal users and the one in the DMZ, so if you go to the DMZ resource and on the right side click on the General tab, you will see a drop-down box there that allows you to select which DSC resource you wish to have the web server use to request lookups etc. In this case, the DMZ web server likely needs to use the DSC on the QVServer machine, as I don't know if the DMZ machine has access to your Active Directory or not, am assuming not. In order for the calls to work, you will need to be sure the DSC TCP port 4730 is open from the DMZ to the internal network as well I believe. Hopefully this is what you needed to know.

                • Re: QVWS separate server
                  Fabrizio Audisio

                  Hi Brett.

                   

                  We have QV v.11 and the exact configuration you describe:

                   

                  a) QVS and DSC on a machine A in the intranet (DSC capable to access the Active Directory)

                  b) QVWS on a machine B in the DMZ and configured to use the above metioned DSC

                   

                  When I try to log to the Access Point via the QVWS in the DMZ the system prompts 3-4 times for username and password, I enter my domain account (in the form DOMAIN\USER), but in the end I get a Login Failed page.

                   

                  To be sure port 4730 has been opened I tried two things:

                   

                  1) telnet to machineA port 4730 > works fine

                  2) link machineA:4730/DSC/Service in Internet Explorer > get an XML page, ie works fine

                   

                  Any idea what could be wrong? Have you a suggestion of a log that can give some more info?

                   

                  Thank yuo very much

                  Fabrizio

                  • Re: QVWS separate server
                    Baldwin Baldwin

                    Hi,

                     

                    I'm having exactly the same issue as you. Did you find the solution to this?

                    • Re: QVWS separate server
                      Fabrizio Audisio

                      Hi.

                       

                      No, the problem is on hold.

                       

                      What Brett wrote suggests that the QVWS in the DMZ can use the selected DSC to "request lookups etc." and indirectly have the Actice Directory to verify the user credentials.

                       

                      That would be the ideal solution:

                       

                      - the QVWS (in the DMZ) gets the credentials from the user

                      - the QVWS passes the credentials to the DSC (in the intranet)

                      - the DSC lookups in the Active Directory

                      - the DSC sends back a response to the QVWS

                       

                      Unfortunately it does not seem to work this way.

                       

                      From the documentation it seems that the DSC is not used for the Authentication.

                       

                      it is only used for:

                       

                      - when using NTFS Authorization: to control the file access for all users

                      - when using DMS Authorization: for lookups to verify group membership

                       

                      I also got a reply from the Support team:

                       

                      "The authentication is handled on the QlikView Webserver.

                      Going forward I would suggest that you look at the attached files regarding how to implement Single Sign-On (SSO) in an Extranet.

                       

                      When it comes to using Intranet Active Directory as authentication, certificates could be a way forward to enable the trust between the extranet (DMZ) and the intranet. Please see chapter "Certificate Trust" (page 135) in QlikView Server Reference Manual as reference to how the certification could be setup"

                       

                      Unfortunately I have not had the time to explore these solutions.

                       

                      I will try to append the files the Support Team sent me.

                       

                      Regards

                      Fabrizio