When you run a Job from Talend Studio (any version) to a remote engine (all versions), the metric (flow) information, like n Row(s), does not transfer back to Talend Studio.

Cause

The remote run/debug from Studio feature uses direct TCP communication on JobServer ports. If you do not open port 8558, the information will not transfer back to Talend Studio.

To check whether port 8558 is open, look in the <RemoteEngineInstallationDirectory>/etc/org.talend.remote.jobserver.server.cfg configuration file.

# used to launch talend commands
org.talend.remote.jobserver.server.TalendJobServer.COMMAND_SERVER_PORT=8003

# used for the file transfer
org.talend.remote.jobserver.server.TalendJobServer.FILE_SERVER_PORT=8004

# used for monitoring the servers state
org.talend.remote.jobserver.server.TalendJobServer.MONITORING_PORT=8891

# used for the execution of process messages publisher, 8558 by default
org.talend.remote.jobserver.server.TalendJobServer.PROCESS_MESSAGE_PORT=8558

Resolution

Ensure port 8558 is open. This transfers the state and trace of the run from the Talend Remote Engine for Jobs being executed remotely.

Security of Qlik Sense Enterprise on Windows can be approached in the below discrete areas. All these areas provide different options for increasing security in a deployment, and thereby mitigating vulnerabilities and protecting against attackers. 

Content:

• 1. Authentication
• 2. Authorization
• Security Rules
• Section Access
• 3. Operating System Hardening
• Step 1: Disabling protocols and ciphers
• Step 2: Firewalls
• Step 3: Service Account Permission
• Step 4: Anti-Virus
• Step 5 (Optional): FIPS
• 4. PostgreSQL Hardening
• 5. Generalized Web Server best practices
• Apply a trusted certificate
• Optional: Additional HTTP Response Headers

Be aware that a high level of server hardening can lead to failure in your deployment. Be mindful of always having a backup to restore to in case your configuration leads to irreversible failure.

1. Authentication

Qlik Sense Enterprise on Windows supports multiple different Authentication Solutions;

• Windows (NTLM)
• Kerberos 
• Ticketing
• SAML
• JWT
• Header
• Anonymous

Qlik can not specify which authentication method is appropriate for each deployment. It is advisable to review currently supported alternatives within your organization and/or Identity Provider (IdP) to implement the most suitable solution for your use case.

2. Authorization 

Qlik Sense Enterprise on Windows provides two levels of native authorization in the product.

Security Rules

Attribute based access control (ABAC), which is configured through Qlik Sense security rules. This article will not go in depth on how to best implement security rules for your requirements, but it is highly recommended to think of your users based on the capabilities that you intend to provide them. For example different roles and capabilities as shown in image below, allows for a security rule framework to be designed and implemented. This can be done either by yourself by referencing Qlik Sense Help for Administrators and available assets or by engaging with a Qlik Consultant or Qlik Partner.

Section Access

Row level data reduction, which is configured through Section Access at Qlik Sense app level. This article will not go in depth on Section Access implementation, but with this reduction a single file can be used to hold the data for a number of users or user groups. Qlik Sense uses the information in the section access for authentication and authorization, and dynamically reduces the data, so that users only see their own data. 

3. Operating System Hardening

Qlik Sense Enterprise on Windows inherits the available protocols, cipher suites, key exchanges and other security hardening which are enabled on the Windows Server operating Qlik Sense.

Step 1: Disabling protocols and ciphers

Windows Server has a lot of protocols enabled by default; however protocols, ciphers, hashes and key exchanges that are considered deprecated or not secure enough should be disabled. There are many ways of doing this, and the Windows administrator and security experts should be consulted so that local policies are accurately applied. For simplicity, understanding and a good overview IIS Crypto 3.0 can be a good tool for evaluating current Windows configuration and applying changes. 
Keep in mind that "Best Practice" today might not be recommended in the near future, what was considered "safe" a while ago is not necessarily considered so today. For this reason, it is also important to regularly scan servers for potential vulnerabilities and revisit configurations as required. 

The Windows Server needs to be restarted for these settings changes to take effect. It is also important to ensure that all components running on the server still operate as expected after hardening is applied, for example, older non-Qlik software might not be compliant with the latest options and standards. 

Step 2: Firewalls

Firewalls typically should be closed, with required ports only opened for intended purposes.
See Qlik Sense Enterprise on Windows ports overview for details on required port based on the deployed architecture.

Step 3: Service Account Permission

For most organizations, local administrator rights allow for an easier deployment, but Qlik Sense Enterprise on Windows does not require local administrator rights in order to function. This can be an attractive option inside some organizations. This will require additional configuration of boot strap mode as described in Qlik Sense Enterprise on Windows Services.
For a brief overview of the rights needed by a Qlik Sense Enterprise service account:

• Full control over the share used by Qlik Sense Enterprise
• Full control over the installation directory (default: C:\Program Files\Qlik)
• Full control over %ProgramData%\Qlik
• Full control over any folders used as data connections

Qlik Sense Enterprise for Windows does not officially support Group Managed Service Accounts (gMSA), but it can operate using one. The initial barrier is that the installer requires a service account and password to be entered during installation. A domain or local account could be substituted for the install stages only to be swapped out in the Windows Services applet (services.msc) after installation. Some functionality may require workarounds (e.g. A User Directory Connection to Active Directory).

Step 4: Anti-Virus

Qlik Sense Enterprise on Windows does require exceptions from anti-virus scan to avoid potential disk I/O conflicts. Refer to Qlik Sense Folder And Files To Exclude From AntiVirus Scanning for more details. 

Step 5 (Optional): FIPS

Qlik Sense Enterprise on Windows can run with Federal Information Processing Standards (FIPS) enabled on the Windows Server. This does require a few adjustments of configuration files due to Qlik using non-FIPS compliant algorithms for minor tasks like hash checks. See Running Qlik Sense on Windows systems with FIPS compliance enabled for more details on Qlik Sense and FIPS.

4. PostgreSQL Hardening

Qlik Sense Enterprise on Windows uses PostgreSQL to store meta-data relating to a Qlik Sense site. In multi-node sites or sites where PostgreSQL is isolated from Qlik Sense Enterprise for Windows additional security can be applied;

• Database Traffic Encryption
• Hardening what endpoints are allowed to connect to PostgreSQL as described in PostgreSQL: postgresql.conf and pg_hba.conf explained

5. Generalized Web Server best practices

Qlik Sense Proxy service bundled with Qlik Sense Enterprise on Windows is simply a web-service. This means applying general practice guidance but in the context of Qlik Sense as described below.

Apply a trusted certificate

Qlik Sense Enterprise on Windows acts as a Certificate Authority (CA) during initial installation and signs a certificate that is applied on all encrypted traffic between Qlik Sense services. The same Qlik Sense signed certificate is applied as default certificate also for incoming connections from users accessing Qlik Sense Hub and QMC. This default certificate is not intended for production use, unless user access to Qlik Sense comes through a network load balancer or reverse proxy that trusts the Qlik Sense certificate. For direct user access to Qlik Sense Proxy, a fully trusted certificate can typically be acquired from your local IT and then applied on the Qlik Sense Proxy service. 

As of July 2019, Qlik Sense Enterprise on Windows support SHA1 and SHA2 certificates. If SHA384 or SHA512 certificates are needed, then a network load balancer or reverse proxy can be configured in front of Qlik Sense which offloads to Qlik Sense.

Optional: Additional HTTP Response Headers

There are numerous HTTP response headers that can be used in attempting to secure a server. Below are a couple of the most common ones, but as always it is recommended to consult local IT and web security expert on what the recommendations are. 

Any additional HTTP response header values can be configured in Qlik Sense Virtual Proxy settings under Additional response headers as shown in the below image and described in Qlik Sense for Administrators: Virtual Proxies. It is recommended to trial any header changes in a new virtual proxy, as poor configuration may accidentally lock you out from Qlik Sense access. 

• HTTP Strict Transport Security (HSTS) HTTP Strict Transport Security (HSTS) is an opt-in security enhancement which any web application can support through the use of a special response header. When a supported browser receives this header that browser will prevent any communication sent over HTTP in the future and will redirect all traffic over HTTPS instead. Caution is advised when implementing HSTS, as it might block HTTP access to certain pages that actually requires it or needs to be excluded from HSTS. See MDN Web Docs: Strict-Transport-Security for more details on configuration options. 
• Optional: X-Content-Type-Options X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing. 
• X-Frame-Options will prevent the site to be embedded in an iFrame, which can effective mitigate against ClickJacking attacks
• Content-Security-Policy: policy (old: X-XSS-Protection) improves security against some types of XSS (cross-site scripting) attacks.

  Policy is a placeholder for your policy of choice and cannot be used as a value. See Writing a Policy (Mozilla) for examples.

  

The following error (C) is shown after successfully creating a Jira Connection string and selecting a Project/key (B) from select data to load (A) :

Failed on attempt 1 to GET. (The remote server returned an error; (404).)

The error occurs when connecting to JIRA server, but not to JIRA Cloud.

Resolution

Qlik Cloud Analytics

Tick the Use legacy search API checkbox. This is switched off by default.

Qlik Sense Enterprise on Windows

This option is available since:

• Qlik Sense Enterprise on Windows May 2025 patch 3 and above,
• Qlik Sense Enterprise on Windows November 2025 IR (Initial Release) and above.

This is required when using both Issues and CustomFieldsForIssues tables.

Cause

Connections to JIRA Server use the legacy API.

Internal Investigation ID(s)

SUPPORT-3600 and SUPPORT-7241

Environment

• Qlik Cloud Analytics
• Qlik Sense Enterprise on Windows

If you want to submit a new idea or improvement request for Qlik's products, our Ideas section in the Qlik Community is open to all registered customers. The Ideation portal covers ideas and suggestions for all Qlik Products, such as Qlik Cloud Analytics, Qlik Sense Enterprise on Windows, Qlik Talend, Qlik Stitch, and more.

Content:

• Where to find Qlik Ideation
• How to submit an Idea on the Ideation

Ideas are qualified and prioritized based on their value to improving and enhancing the Qlik product. For a successful request, please consider including a strong business case on why you think the change would be beneficial, including:

• Functionality: How does the product work now? How would you like it to work in the future? 
• Motivation: Why is the change important for your business?
• Importance: What is the impact if the feature request is not approved?
• Benefits: What is the impact if the feature request is implemented?

Where to find Qlik Ideation

1. Go to the Qlik Community
2. Log in!
3. After logging in, navigate to Ideation

   A valid Qlik ID (log in to the Community) is required.

   1. You can navigate there manually from (a) Ideation
   2. And (b) Browse and Suggest
      
      
      
      
4. Scroll down to locate the Ideation Landing Page / App
   
   
   
   For more information on the Ideation Dashboard and its functionalities, see About Ideation.
   
   
   

How to submit an Idea on the Ideation

Before you get started, review Ideation Guidelines: How to Submit an Idea for submission guidelines and eligibility information.

1. Go to the Ideas Site  

   A valid Qlik ID (log in to the Community) is required.

2. Click the Suggest Features card
    
   
   
   
3. Provide us with as much detail as possible, including a descriptive subject and description.
4. Choose the appropriate Product Area.
5. And click Submit request.
   
   

Ideas and Improvement requests are reviewed by our product teams. While we strive to provide answers, we cannot guarantee a specific response time.  

Related Content:

Ideation on Community  
Ideation Platform Updates
Ideation Guidelines: How to Submit an Idea

GOAWAY is received regularly in the karaf.log. 

Full error example:

| WARN | pool-31-thread-1 | PhaseInterceptorChain | 165 - org.apache.cxf.cxf-core - 3.6.2 | | Interceptor for {http://pairing.rt.ipaas.talend.org/}PairingService has thrown exception, unwinding now
Caused by: javax.ws.rs.ProcessingException: Problem with writing the data, class org.talend.ipaas.rt.engine.model.HeartbeatInfo, ContentType: application/json
   at org.apache.cxf.jaxrs.client.AbstractClient.reportMessageHandlerProblem(AbstractClient.java:853) ~[bundleFile:3.6.2]
   ... 17 more
Caused by: java.io.IOException: IOException invoking https://pair.eu.cloud.talend.com/v2/engine/3787d7b2-2da7-43be-b6fc-39adab83d51a/heartbeat: GOAWAY receive

Resolution

The issue has been mitigated in version 2.13.11 of the Remote Engine. See Talend Remote Engine v2.13.11:

To mitigate the issue, use Java 17 Update 17, released on the 21st of October 2025.
This update includes the fix for the bug JDK-8301255.

For example: https://www.azul.com/downloads/?version=java-17-lts&package=jdk#zulu 

Cause

This is caused by a defect in JDK 17 (JDK-8301255). See Http2Connection may send too many GOAWAY frames.

Environment

• Qlik Talend Cloud

This article outlines all features available in the Qlik Customer Portal's My Account section, where you can view your personal information, team members, trials, and contacts at Qlik.

How to access My Account on the Qlik Customer Portal

1. Log in to Customer Portal: customerportal.qlik.com
2. Click your profile icon
3. Open My Account 
   
   

   

    

Available User Roles and access control

The Customer Support Portal comes with four roles:

• Customer Admin: has full access and the ability to change team member roles
• Business Admin: has full access to view all features
• Support Admin: has full access to view all current features
• Default User: can view Personal Information, Trials, and the My Team section

Overview of the My Account features

The Qlik Customer Portal Account section lets you access your Personal Information, your Trials, Team members, and Qlik Contacts.

Personal Information

Head there to view your personal profile details and to review your assigned roles.

The Role field determines access to other features in the Customer Portal. To change your role, find a colleague with the role Customer Admin in the My Team section. They can change your role if needed.

Trials

See active trials linked to your account and track evaluation periods.

My Team

This is where you can view and manage your colleagues registered in the Qlik Customer Portal, including their assigned roles. 

A Customer Admin can update role assignments:

1. Go to My Team and search for the team member you want to edit
2. Click the pencil icon next to their role
   
   

   

3. Choose the new role from the drop down
   
   
   
   
4. Click Save 
   
   

   

    

Qlik Contacts

This is where you can view all your contacts with Qlik, such as:

• Your Account Manager
• Your Customer Success Manager
• Your assigned Engineer (if applicable)

Troubleshooting

The following error is displayed if you do not have the correct role assigned to access a specific feature:

You are not authorized to view this detail. Please contact a colleague with a Customer Admin "Role" (see "My Team" tab using your company's internal channels. Communication is not possible within the Qlik Customer Portal environment.

Speak to a team member with the Customer Admin role to have your access updated.

After distributing the Consumption Report app from Qlik Cloud Administration > Settings, scheduled reloads of the app fail with the following error: 

Error: $(MUST_INCLUDE= [lib://snowflake_external_share:DataFiles/Capacity_Usage_Script_PROD.txt] cannot access the local file system in current script mode. Try including with LIB path.

Environment

• Qlik Cloud Analytics
• Qlik Talend Cloud

Resolution

The Consumption Report app isn't meant to be reloaded. The app should be distributed from Qlik Cloud Administration > Settings each day. Refer to Distributing detailed consumption reports for details:

Redistribute the app to obtain the most recent data. Apps stored on your tenant exist as separate instances and are not replaced by newer ones.

On the Talend side, refer to Distributing Data Capacity Reporting App for Talend Management Console for details on how to set up capacity reporting.

To automatically redistribute the app, see Automate deployment of the Capacity consumption app with Qlik Automate.

Cause

The Report Consumption app is meant to be distributed from Qlik Cloud Administration > Settings and not updated by a scheduled reload of the app.

This template was updated on December 4th, 2025 to replace the original installer and API key rotator with a new, unified deployer automation. Please disable or delete any existing installers, and create a new automation, picking the Qlik Cloud monitoring app deployer template from the App installers category.

Installing, upgrading, and managing the Qlik Cloud Monitoring Apps has just gotten a whole lot easier! With a single Qlik Automate template, you can now install and update the apps on a schedule with a set-and-forget installer using an out-of-the-box Qlik Automate template. It can also handle API key rotation required for the data connection, ensuring the data connection is always operational.

Some monitoring apps are designed for specific Qlik Cloud subscription types. Refer to the compatibility matrix within the Qlik Cloud Monitoring Apps repository.

'Qlik Cloud Monitoring Apps deployer' template overview

This automation template is a set-and-forget template for managing the Qlik Cloud Monitoring Applications, including but not limited to the App Analyzer, Entitlement Analyzer, Reload Analyzer, and Access Evaluator applications. Leverage this automation template to quickly and easily install and update these or a subset of these applications with all their dependencies. The applications themselves are community-supported; and, they are provided through Qlik's Open-Source Software (OSS) GitHub and thus are subject to Qlik's open-source guidelines and policies.

For more information, refer to the GitHub repository.

Features

• Can install/upgrade all or select apps.
• Can create or leverage existing spaces.
• Programmatically verified prerequisite settings, roles, and entitlements, notifying the user during the process if changes in configuration are required, and why.
• Installs latest versions of specified applications from Qlik’s OSS GitHub.
• Creates required API key.
• Creates required analytics data connection.
• Creates a daily reload schedule.
• Reload applications post-install.
• Tags apps appropriately to track which are installed and their respective versions.
• Supports both user and capacity-based subscriptions.

Configuration:

Update just the configuration area to define how the automation runs, then test run, and set it on a weekly or monthly schedule as desired.

Configure the run mode of the template using 7 variable blocks

Users should review the following variables:

1. configuredMonitoringApps: contains the list of the monitoring applications which will be installed and maintained. Delete any applications not required before running (default: all apps listed).
2. refreshConnectorCredentials: determines whether the monitoring application REST connection and associated API key will be regenerated every run (default: true).
3. reloadNow: determines whether apps are reloaded immediately following updates (default: true).
4. reloadScheduleHour: determines at which hour of the day the apps reload at for the daily schedule in UTC timezone (default: 06)
5. sharedSpaceName: defines the name of the shared space used to import the apps into prior to publishing. If the space doesn't exist, it'll be created. If the space exists, the user will be added to it with the required permissions (default: Monitoring - staging).
6. managedSpaceName: defines the name of the managed space the apps are published into for consumption/ alerts/ subscription use.If the space doesn't exist, it'll be created. If the space exists, the user will be added to it with the required permissions (default: Monitoring).
7. versionsToKeep: determines how many versions of each staged app is kept in the shared space. If set to 0, apps are deleted after publishing. If a positive integer value other than 0, that many apps will be kept for each monitoring app deployed (default: 0).

App management:

If the monitoring applications have been installed manually (i.e., not through this automation), then they will not be detected as existing. The automation will install new copies side-by-side. Any subsequent executions of the automation will detect the newly installed monitoring applications and check their versions, etc. This is due to the fact that the applications are tagged with "QCMA - {appName}" and "QCMA - {version}" during the installation process through the automation. Manually installed applications will not have these tags and therefore will not be detected.

FAQ

Q: Can I re-run the installer to check if any of the monitoring applications are able to be upgraded to a later version?

A: Yes. The automation will update any managed apps that don't match the repository's manifest version.

Q: What if multiple people install monitoring applications in different spaces?

A: The template scopes the application's installation process to a managed space. It will scope the API key name to `QCMA – {spaceId}` of that managed space. This allows the template to install/update the monitoring applications across spaces and across users. If one user installs an application to “Space A” and then another user installs a different monitoring application to “Space A”, the template will see that a data connection and associated API key (in this case from another user) exists for that space already. It will install the application leveraging those pre-existing assets.

Q: What if a new monitoring application is released? Will the template provide the ability to install that application as well?

A: Yes, but an update of the template from the template picker will be required, since the applications are hard coded into the template. The automation will begin to fail with a notification an update is needed once a new version is available.

Q:I have updated my application, but I noticed that it did not preserve the history. Why is that?

A: Each upgrade may generate a new set of QVDs if the data models for the applications have changed due to bug fixes, updates, new features, etc. The history is preserved in the prior versions of the application’s QVDs, so the data is never deleted and can be loaded into the older version. 

SAP Hana used as a source endpoint in Qlik Replicate may encounter errors processing null values for the SAP Hana ‘Application User’ field:

[SOURCE_CAPTURE ]E: Bad event rowid and operation [1020454] (saphana_trigger_based_cdc_log.c:534)
[SOURCE_CAPTURE ]E: Error handling events for db table id 525063, in the interval (552426485 - 552426767) [1020454] (saphana_trigger_based_cdc_log.c:1725)

Resolution

This behavior will be fixed in the Qlik Replicate May 2025 SP04 release. If you need access to a patch before the expected release, contact Qlik Support.

Once fixed, the endpoint identifies the ‘null’ values and handles the data records with a missing “Application User” value.

Cause

Functionality added to Qlik Replicate 2025.5.0 captures the ‘Application User' to populate the USER_ID information in the data records. In particular situations, SAP HANA does not provide an ‘Application User’ value and instead provides a 'null’ value, which causes inconsistency in the fetch data parsing and therefore throws an error as a result of the missing value.

Internal Investigation ID(s)

SUPPORT-5926

Environment

• Qlik Replicate

Executing tasks or modifying tasks (changing owner, renaming an app) in the Qlik Sense Management Console and refreshing the page does not update the correct task status. Issue affects Content Admin and Deployment Admin roles.

The behaviour began after an upgrade of Qlik Sense Enterprise on Windows. 

Fix version:

This issue can be mitigated beginning with August 2021 by enabling the QMCCachingSupport Security Rule.

Solution for August 2023 and above:

Enable QmcTaskTableCacheDisabled.

To do so:

1. Navigate to C:\Program Files\Qlik\Sense\CapabilityService\
2. Locate and open the capabilities.json
3. Modify or add the QmcTaskTableCacheDisabled flag for these values to true
   
   {"contentHash":"CONTENTHASHHERE","originalClassName":"FeatureToggle","flag":"QmcTaskTableCacheDisabled","enabled":true}
   
   Where CONTENTHASHHERE matches the number in all other features listed in the capabilities.json.
   
   Example:
   
   
   
   This will disable the caching on the tasks table only, leaving the overall QMC Cache intact to gain performance. If you had previously set QmcCacheEnabled, QmcDirtyChecking, QmcExtendedCaching to false, please set it to true again.
   
   
4. Restart the Qlik Sense services

Workaround for earlier versions:

Upgrade to the latest Service Release and disable the caching functionality: 

To do so:

1. Navigate to C:\Program Files\Qlik\Sense\CapabilityService\
2. Locate and open the capabilities.json
3. Modify the flag for these values to false
   • QmcCacheEnabled
   • QmcDirtyChecking
   • QmcExtendedCaching
4. Restart the Qlik Sense services
   
   

NOTE: Make sure to use lower case when setting values to true or false as capabilities.json file is case sensitive.

Should the issue persist after applying the workaround/fix, contact Qlik Support.

Internal Investigation ID(s): 

QB-2096
QB-5168
QB-7655
QB-17238

Environment

Qlik Sense Enterprise on Windows 

Qlik Talend Data Integration task was unable to resume with the following error:

[SORTER_STORAGE ]E: The Transaction Storage Swap cannot write Event (transaction_storage.c:3321) [DATA_STRUCTURE ]E: SQLite general error. Code <14>, Message <unable to open database file>. [1000505] (at_sqlite.c:525) [DATA_STRUCTURE ]E: SQLite general error. Code <14>, Message <unable to open database file>. [1000506] (at_sqlite.c:475)

Resolution

Freeing up disk space or increase the data directory size usually solves the issue.

Cause

It indicates that Qlik Talend Data Integration was no longer able to access its internal SQLite database (used for the sorter, metadata, and task state management).

When the disk space in the Sorter directory becomes full, SQLite can no longer write to the database, which invariably results in Code 14.

After checking the disk space on the Linux server, it was found that it had indeed reached 100% usage, leaving no free space available which caused the issue.

Environment

• Qlik Cloud 
• Talend Data Integration 

In this article, we detail the 12 steps necessary to successfully configure Qlik Sense Enterprise on Windows after an Active Directory Domain name change or moving Qlik Sense to a new domain.

Depending on how you have configured your platform, not all the steps might be applicable. Before updating any hostname in Qlik Sense, make sure that the original value is using the old domain name. In some case, you may have configured “localhost” or the server name without any reference to the domain so there is no need in these cases to perform any update.

Environment

• Qlik Sense Enterprise on Windows 

Scenario

In this scenario we are updating a three-node environment running Qlik Sense February 2021:

The domain has been changed from DOMAIN.local to DOMAIN2.local

The servers mentioned below are already part of the new domain name DOMAIN2.local and their Fully Qualified Domain Name (FQDN) is already updated as followed:

• QlikServer1.domain.local to QlikServer1.domain2.local: Central node
• QlikServer2.domain.local to QlikServer2.domain2.local: Rim node
• QlikServer3.domain.local to QlikServer3.domain2.local:  Dedicated Postgres and hosting the Qlik shared folder

All Qlik Sense services have been stopped on every node.

Step 1: Update the Postgres Configuration File

The first step is to update the postgres.conf file to listen on the correct hostname

1. Open the postgres.conf (make sure to make a copy) under
   • C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\<version> (for an environment running the native Qlik Sense Repository Database)
   • C:\Program Files\PostgreSQL\<version>\data (for an environment running a dedicated PostgreSQL database)
2. Search for the parameter listen_addresses and update the hostname value if required
   
   
   
   
3. Save the file, close it and start the Qlik Sense Repository Database or PosgresSQL service depending if you are using the native PostgreSQL or a dedicated instance

Step 2: Backup your Qlik Sense site

Before doing any further changes, it is important to take a backup of your Qlik Sense Platform

• Backing up a Qlik Sense site

Step 3: Rename Server Node in QSR database

Now we update the node names in the database with the new Fully Qualified Domain Name.

1. Connect to the Qlik Sense Database using Installing and Configuring PGAdmin4 to access the PostgreSQL
2. Open the QSR Database and navigate through Schemas -> public ->Tables
3. Right-click on ServerNodeConfiguration -> View/Edit Data -> All Rows
4. Modify the hostname of each node if required
   
   
   
   
5. Save by clicking on the below icon available in the toolbar
   
   
   
   
6. Close PGAdmin

Step 4: Rename User Directory for existing users

1. Connect to the Qlik Sense Database using Installing and Configuring PGAdmin4 to access the PostgreSQL
2. Right-click on the QSR Database and select “Query Tool”
3. Run the following query
   

   UPDATE public."Users"
   SET "UserDirectory" = 'DOMAIN2'
   WHERE "UserDirectory" = 'DOMAIN';​

4. Validate the change by running the following query
   

   SELECT * FROM public."Users"​

   
   The User Directory should be updated to the new domain:
   
   
   
   
5. Close PGAdmin

Step 5: Update Service Cluster configuration

1. On the central node run the program C:\Program Files\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe and Connect to Database
   
   
   
   
2. Once connected, click on Service cluster and then OK
3. Update the FQDN with the new domain if required and press Save
   
   
   
   
4. Close QlikSenseUtil.exe

Step 6: Update the repository Connection Strings

1. On the central node run the program C:\Program Files\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe
2. Select Connection String Editor and click on Read
3. Update the FQDN with the new domain if required and press Save Value in config file encrypted
   
   
   
   
4. Close QlikSenseUtil.exe
5. Repeat the above steps on every rim node

Step 7: Update the dispatcher services connection strings

Verify if a hostname update is required

1. On the central node, open File Explorer and navigate to C:\Program Files\Qlik\Sense\Licenses and open the appsetting.json
2. Check if the parameter host contains the old domain name. If it does then you need to follow the below steps to update it otherwise you can jump to the next section

Update hostname on all Qlik Sense Dispatcher subservices

1. Search for the file called Configure-Service.ps1
   
   In Qlik Sense February, there are 8 of these files placed in different Qlik Sense Dispatcher sub-services. We need to run each of these files with a specific argument. In the previous or later version of Qlik Sense, the list presented below may need to be adapted.
   
   
2. Run the following command in PowerShell ISE as Administrator
   

   cd "C:\Program Files\Qlik\Sense\NLAppSearch\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\AppDistributionService"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\HybridDeploymentService"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\Licenses"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\NotifierService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\MobilityRegistrarService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\PrecedentsService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>
   
   cd "C:\Program Files\Qlik\Sense\DataPrepService\install"
   .\Configure-Service.ps1 QlikServer3.domain2.local 4432 qliksenserepository <qliksenserepository_password>

3. Repeat the above steps on every node (Including the verification)

Step 8: Update the Qlik Logging Service

If you are using the Qlik Logging Service;

1. Run the following command in Command Prompt:
   

   cd "C:\Program Files\Qlik\Sense\Logging"
   Qlik.Logging.Service.exe validate​

2. If you get something like:
   
   Failed to validate logging database. Database does not exist or is an invalid version.
   
   Then it probably means that the hostname needs to be updated
   
   
3. If so, run the following command in Command Prompt:
   

   cd "C:\Program Files\Qlik\Sense\Logging"
   Qlik.Logging.Service.exe update -h QlikServer3.domain2.local​

4. Once done, run the validate command again to verify that the connectivity is working
   
   
   
   
5. Repeat the above steps on every rim node

Step 9: Update the service account running the Qlik Sense services

1. On the central node, open the Windows Service Console an update each Qlik Sense services with the new domain (DO NOT START THE SERVICE AT THIS POINT)
   
   
   
   
2. Repeat the above step on every rim node

Step 10: Update the host.cfg and remove the certificate

1. On the central node login as the service account
2. Backup the Qlik Sense certificate following Backing up certificates
3. Remove the certificate you have previous backed up from the MMC
4. Make a copy of %ProgramData%\Qlik\Sense\Host.cfg and rename the copy to Host.cfg.old
   • Host.cfg contains the hostname encoded in base64. You can generate this string for the new hostname using a site such as https://www.base64encode.org/ (You may want to decode the original string to see if it contains the old domain name.
5. Open Host.cfg and replace the content with the new encoded hostname.
6. Run Windows Command Prompt as Administrator and execute the following command:
   

   "C:\Program Files\Qlik\Sense\Repository\Repository.exe" -bootstrap -iscentral -restorehostname​

7. In parallel start the Qlik Sense Dispatcher services
8. When the command has completed successfully you should see the following message in command prompt:
   
   Bootstrap mode has terminated. Press ENTER to exit..
   
   
9. Start every Qlik Sense services on the central node and try to access the QMC with https://localhost/qmc

Step 11: Distribute the certificate on the rim node(s)

1. On the rim node(s) login as the service account
2. Backup the Qlik Sense certificate following Backing up certificates
3. Remove the certificate you have previous backed up from the MMC
4. Start the Qlik Sense services
5. On the central node, open the QMC and go to Nodes
6. After a few minutes the rim node should have the status The certificates has not been installed
   
   
   
   
7. Click on Redistribute and follow the instructions to redistribute the certificates on the rim node(s)
8. After a few minutes, the services should be running
   
   

Step 12: Additional updates

User Directory Connector

If you are syncing your users with a User Directory Connector you will need to change the LDAP path to point to the new domain.

1. In the QMC -> User Directory Connector
2. Edit your existing User Directory Connector, check the LDAP Path and update if necessary
   
   

Monitoring Application

You will need to update the monitoring apps and their associated data connection to use the new Fully Qualified Domain Name

• Configuring the Monitoring apps

Data Connections password

• Part of the steps followed earlier, the certificates had to be recreated. As a result, the passwords for the existing data connection needs to be re-typed and saved for all Data Connections and User Directory Connectors that include password information.

Security Rules and Licenses rules

It is possible that you have created rules based on the User Directory. As you have changed the domain name, the user directory has also changed in Qlik Sense so you will need to update those to reflect that. 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

In this article, we walk you through the requirements and process of how to upgrade and unbundle an existing Qlik Sense Repository Database (see supported scenarios) as well as how to install a brand new Repository based on PostgreSQL. We will use the Qlik PostgreSQL Installer (QPI).

For a manual method, see How to manually upgrade the bundled Qlik Sense PostgreSQL version to 12.5 version.

Using the Qlik Postgres Installer not only upgrades PostgreSQL; it also unbundles PostgreSQL from your Qlik Sense Enterprise on Windows install. This allows for direct control of your PostgreSQL instance and facilitates maintenance without a dependency on Qlik Sense. Further Database upgrades can then be performed independently and in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions. See How To Upgrade Standalone PostgreSQL.

Index

• Supported Scenarios
• Upgrades
• New installs
• Requirements
• Known limitations
• Installing anew Qlik Sense Repository Database using PostgreSQL
• Qlik PostgreSQL Installer - Download Link
• Upgrading an existing Qlik Sense Repository Database
• The Upgrade
• Next Steps and Compatibility with PostgreSQL installers
• How do I upgrade PostgreSQL from here on?
• Troubleshooting and FAQ
• Related Content

Video Walkthrough

Video chapters:

• 01:02 - Intro to PostgreSQL Repository
• 02:51 – Prerequisites
• 03:24 - What is the QPI tool?
• 05:09 - Using the QPI tool
• 09:27 - Removing the old Database Service
• 11:27 - Upgrading a stand-alone to the latest release
• 13:39 - How to roll-back to the previous version
• 14:46 - Troubleshooting upgrading a patched version
• 18:25 - Troubleshooting upgrade security error
• 21:15 - Additional config file settings

Supported Scenarios

Upgrades

The following versions have been tested and verified to work with QPI: 

Qlik Sense February 2022 to Qlik Sense November 2024.

If you are on a Qlik Sense version prior to these, upgrade to at least February 2022 before you begin.  

Qlik Sense November 2022 and later do not support 9.6, and a warning will be displayed during the upgrade. From Qlik Sense August 2023 a upgrade with a 9.6 database is blocked.

New installs

The Qlik PostgreSQL Installer supports installing a new standalone PostgreSQL database with the configurations required for connecting to a Qlik Sense server. This allows setting up a new environment or migrating an existing database to a separate host.

Requirements

• Review the QPI Release Notes before you continue

• Using the Qlik PostgreSQL Installer on a patched Qlik Sense version can lead to unexpected results. If you have a patch installed, either:

  • Uninstall all patches before using QPI (see Installing and Uninstalling Qlik Sense Patches) or
  • Upgrade to an IR release of Qlik Sense which supports QPI

• The PostgreSQL Installer can only upgrade bundled PostgreSQL database listening on the default port 4432.
• The user who runs the installer must be an administrator.
• The backup destination must have sufficient free disk space to dump the existing database  
• The backup destination must not be a network path or virtual storage folder. It is recommended the backup is stored on the main drive. 
• There will be downtime during this operation, please plan accordingly
• If upgrading to PostgreSQL 14 and later, the Windows OS must be at least Server 2016

Known limitations

• (Limitation removed in QPI 2.1 | Release Notes) Cannot migrate a 14.17 embedded database to a standalone
• (Limitation removed in QPI 2.1 | Release Notes) Using QPI to upgrade a standalone database or a database previously unbundled with QPI is not supported.
• The installer itself does not provide an automatic rollback feature.

Installing a new Qlik Sense Repository Database using PostgreSQL

1. Run the Qlik PostgreSQL Installer as an administrator 
   
   
2. Click on Install 
   
   
3. Accept the Qlik Customer Agreement 
   
   
4. Set your Local database settings and click Next. You will use these details to connect other nodes to the same cluster. 
   
   
5. Set your Database superuser password and click Next
   
   
6. Set the database installation folder, default: C:\Program Files\PostgreSQL\14

   Do not use the standard Qlik Sense folders, such as C:\Program Files\Qlik\Sense\Repository\PostgreSQL\ and C:\Programdata\Qlik\Sense\Repository\PostgreSQL\.

7. Set the database data folder, default: C:\Program Files\PostgreSQL\14\data

   Do not  use the standard Qlik Sense folders, such as C:\Program Files\Qlik\Sense\Repository\PostgreSQL\ and C:\Programdata\Qlik\Sense\Repository\PostgreSQL\.

8. Review your settings and click Install, then click Finish
   
   
9. Start installing Qlik Sense Enterprise Client Managed. Choose Join Cluster option.
   
   The Qlik PostgreSQL Installer has already seeded the databases for you and has created the users and permissions. No further configuration is needed.
   
   
10. The tool will display information on the actions being performed. Once installation is finished, you can close the installer.  
    
    If you are migrating your existing databases to a new host, please remember to reconfigure your nodes to connect to the correct host. How to configure Qlik Sense to use a dedicated PostgreSQL database 
    

Qlik PostgreSQL Installer - Download Link

Download the installer here.

Qlik PostgreSQL installer Release Notes

Upgrading an existing Qlik Sense Repository Database

The following versions have been tested and verified to work with QPI (1.4.0): 

February 2022 to November 2023.

If you are on any version prior to these, upgrade to at least February 2022 before you begin.  

Qlik Sense November 2022 and later do not support 9.6, and a warning will be displayed during the upgrade.  From Qlik Sense August 2023 a 9.6 update is blocked.

The Upgrade

1. Stop all services on rim nodes 
   
   
2. On your Central Node, stop all services except the Qlik Sense Repository Database 
   
   
   
   
3. Run the Qlik PostgreSQL Installer. An existing Database will be detected. 
   
   
   
   
4. Highlight the database and click Upgrade 
   
5. Read and confirm the (a) Installer Instructions as well as the Qlik Customer Agreement, then click (b) Next.
   
   
   
   
6. Provide your existing Database superuser password and click Next.
   
   
7. Define your Database backup path and click Next.
   
   
   
   
8. Define your Install Location (default is prefilled) and click Next.
   
   
   
   
9. Define your database data path (default is prefilled) and click Next.
   
   
    
10. Review all properties and click Upgrade.
    
    The review screen lists the settings which will be migrated. No manual changes are required post-upgrade.
    
    
    
    
11. The upgrade is completed. Click Close.
     
12. Open the Windows Services Console and locate the Qlik Sense Enterprise on Windows services.
    
    You will find that the Qlik Sense Repository Database service has been set to manual. Do not change the startup method. 
    
    
    
    You will also find a new postgresql-x64-14 service. Do not rename this service. 
    
    
    

     

13. Start all services except the Qlik Sense Repository Database service. 
    
    
14. Start all services on your rim nodes.
    
    
15. Validate that all services and nodes are operating as expected. The original database folder in C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\X.X_deprecated
    

     

16. Uninstall the old Qlik Sense Repository Database service.

    This step is required. Failing to remove the old service will lead the upgrade or patching issues.

    1. Open a Windows File Explorer and browse to C:\ProgramData\Package Cache
       
       
    2. From there, search for the appropriate msi file.
       
       
       
       If you were running 9.6 before the upgrade, search PostgreSQL.msi
       If you were running 12.5 before the upgrade, search PostgreSQL125.msi
       
       
    3. The msi will be revealed.
       
       
    4. Right-click the msi file and select uninstall from the menu.
       
       
       
       
    
    
17. Re-install the PostgreSQL binaries. This step is optional if Qlik Sense is immediately upgraded following the use of QPI. The Sense upgrade will install the correct binaries automatically. 
    

    Failing to reinstall the binaries will lead to errors when executing any number of service configuration scripts. 

    If you do not immediately upgrade:
    
    
    1. Open a Windows File Explorer and browse to C:\ProgramData\Package Cache
       
       
    2. From there, search for the .msi file appropriate for your currently installed Qlik Sense version
       
       
       
       For Qlik Sense August 2023 and later: PostgreSQL14.msi
       Qlik Sense February 2022 to May 2023: PostgreSQL125.msi
       
       
    3. Right-click the file
    4. Click Open file location
       
       
       
       
    5. Highlight the file path, right-click on the path, and click Copy
       
       
       
       
    6. Open a Windows Command prompt as administrator
       
       
    7. Navigate to the location of the folder you copied
       
       Example command line: 
       
       cd C:\ProgramData\Package Cache\{GUID}
       
       Where GUID is the value of the folder name.
       
       
    8. Run the following command depending on the version you have installed: 
       
       Qlik Sense August 2023 and later
       
       msiexec.exe /qb /i "PostgreSQL14.msi" SKIPINSTALLDBSERVICE="1" INSTALLDIR="C:\Program Files\Qlik\Sense"
       
       Qlik Sense February 2022 to May 2023
       
       msiexec.exe /qb /i "PostgreSQL125.msi" SKIPINSTALLDBSERVICE="1" INSTALLDIR="C:\Program Files\Qlik\Sense"
       
       This will re-install the binaries without installing a database. If you installed with a custom directory adjust the INSTALLDIR parameter accordingly. E.g. you installed in D:\Qlik\Sense then the parameter would be INSTALLDIR="D:\Qlik\Sense".
       
       
18. Finalize the process by updating the references to the PostgreSQL binaries paths in the SetupDatabase.ps1 and Configure-Service.ps1 files. For detailed steps, see Cannot change the qliksenserepository password for microservices of the service dispatcher: The system cannot find the file specified.

If the upgrade was unsuccessful and you are missing data in the Qlik Management Console or elsewhere, contact Qlik Support.  

Next Steps and Compatibility with PostgreSQL installers

Now that your PostgreSQL instance is no longer connected to the Qlik Sense Enterprise on Windows services, all future updates of PostgreSQL are performed independently of Qlik Sense. This allows you to act in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions.

Your PostgreSQL database is fully compatible with the official PostgreSQL installers from https://www.enterprisedb.com/downloads/postgres-postgresql-downloads. 

How do I upgrade PostgreSQL from here on?

See How To Upgrade Standalone PostgreSQL, which documents the upgrade procedure for either a minor version upgrade (example: 14.5 to 14.8) or a major version upgrade (example: 12 to 14). Further information on PostgreSQL upgrades or updates can be obtained from Postgre directly.

Troubleshooting and FAQ

1. If the installation crashes, the server reboots unexpectedly during this process, or there is a power outage, the new database may not be in a serviceable state. Installation/upgrade logs are available in the location of your temporary files, for example:
   
   C:\Users\Username\AppData\Local\Temp\2
   
   A backup of the original database contents is available in your chosen location, or by default in:
   
   C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\backup\X.X
   
   The original database data folder has been renamed to:
   
   C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\X.X_deprecated
   
   
2. Upgrading Qlik Sense after upgrading PostgreSQL with the QPI tool fails with:
   
   This version of Qlik Sense requires a 'SenseServices' database for multi cloud capabilities. Ensure that you have created a 'SenseService' database in your cluster before upgrading. For more information see Installing and configuring PostgreSQL.
   
   See Qlik Sense Upgrade fails with: This version of Qlik Sense requires a _ database for _.
   
   To resolve this, start the postgresql-x64-XX service.

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support. The video in this article was recorded in a earlier version of QPI, some screens might differ a little bit.

Related Content

Qlik PostgreSQL installer version 1.3.0 Release Notes  
Techspert Talks - Upgrading PostgreSQL Repository Troubleshooting
Backup and Restore Qlik Sense Enterprise documentation
Migrating Like a Boss
Optimizing Performance for Qlik Sense Enterprise
Qlik Sense Enterprise on Windows: How To Upgrade Standalone PostgreSQL
How-to reset forgotten PostgreSQL password in Qlik Sense
How to configure Qlik Sense to use a dedicated PostgreSQL database
Troubleshooting Qlik Sense Upgrades 

The "Cloud Engine for Design" is just stopping and goes off rather than running constantly once started.

Resolution

Please confirm if the cloud engine for design is started and try to start the engine explicitly if needed. 

The Cloud Engine for Design is reset on a weekly basis. As such, execution logs and metrics on this type of engine are not persistent from one week to the next.

Cause

It is normal behavior.

Basically, the Engine 'Cloud Engine for Design'( CE4Ds) are getting stopped in case of inactivity after some time, but should be woken up if a new request, such as, Pipelines, reaches the engine. The Cloud engine for design are automatically stopped after 6 hours of inactivity and there is no way to "keep it running" continuously.

Related Content

For more information, please refer to below documentation about: starting-cloud-engine | Qlik Talend Help

Environment

Talend Cloud 

Qlik Show-hide (qlik-show-hide-container) and Tabbed container (qlik-tabbed-container) from the Qlik Bundled extensions are missing from custom objects in the hub since any Qlik Sense Enterprise on Windows February 2020 and later releases. They are still visible in the Qlik Sense Management Console (QMC).

Environment

• Qlik Sense Enterprise on Windows February 2020 and later

Resolution

This is expected. Those 2 extensions have been deprecated since June 2019 and can no longer be created as new object types.

Existing objects will continue to work.

We recommend using the standard container object instead. See Container 

Executive Summary 

In December 2025, the Apache Project announced a vulnerability in Apache Tika (CVE-2025-66516) and provided patches to resolve the issue. Qlik has been reviewing our usage of the Apache Tika product suite and has identified a limited impact as follows.

Affected Software 

Apache Tika is used in several Qlik products. However, the vulnerability is only relevant to the case of a Talend Studio route that uses Apache Tika to parse PDFs.

No other use case or product is impacted by the vulnerability. Qlik Cloud and Talend Cloud are not impacted by this vulnerability.

Nevertheless, we are patching all our products that contain Apache Tika out of an abundance of caution. Be on the lookout for a series of product patches for supported and affected versions.

Resolution 

Recommendation 

The releases listed in the table below contain the updated version of Apache Tika, which addresses CVE-2025-66516.

Always update to the latest version. Before you upgrade, check if a more recent release is available.

Customers with a Qlik Cloud Analytics license cannot create or edit data spaces.

When creating a space, only the options for managed or shared spaces are available:

Resolution

Data Spaces are part of the Qlik Talend Data Integration offering.

Despite the name, “data spaces” are not meant to store Qlik Cloud Analytics data. Qlik Cloud Analytics customers should store their datasets in managed and shared spaces.

To address early misunderstandings and assist customers who had originally stored their datasets there, Qlik has decided to allow analytics customers to keep using data spaces with the following workaround.

IMPORTANT

• The decision to allow this workaround might be reverted at any time, preceded by a timely communication.
• Analytics-only customers who never made use of data spaces should refrain from starting now.
• Analytics-only customers who are already working with data spaces should consider planning to move away from them, migrating their datasets and connections and should not start implementing new workflows involving data spaces.
• Additional Qlik Talend Data Integration-only features, like the possibility to work with pipelines or the Qlik Data Movement Gateway, are not available to Analytics-only customers.

To create and edit spaces:

1. Open the Qlik Cloud main menu
2. Go to Data Integration 
   
   
   
   
3. Open Projects 
   
   You can edit existing datasets or create new data spaces from the Projects Activity Center.
   
   
   
   

Environment

• Qlik Cloud Analytics

For Talend Administration Center configured with Nexus, when attempting to migrate Sonatype Nexus Repository Manager OSS (versions prior to 3.77.0) from the embedded OrientDB database to an external PostgreSQL database, the Database Migrator utility may encounter the following error:

Resolution

To successfully migrate from OrientDB to PostgreSQL, follow the below migration paths recommended by Sonatype:

Migrating from OrientDB to H2 database (temporary step)

Use the Database Migrator utility to move your data from OrientDB into the embedded H2 database.

Documentation: Migrating from OrientDB to H2 database

Upgrade to Nexus Repository Community Edition (≥ 3.77.0)

PostgreSQL support is available only in Community Edition starting with version 3.77.0.

Documentation: Community Edition Onboarding

Migrating from H2 database to PostgreSQL database

Once upgraded, use the Database Migrator utility again to move from H2 into PostgreSQL.

Documentation: Migrating from H2 database to PostgreSQL database

Important Notes:

• Migration is one‑way: once you move to PostgreSQL, you cannot revert back to OrientDB.
• Ensure you have backups before starting any migration.
• The migration process is managed by Sonatype’s Database Migrator utility and Qlik does not maintain or support this tool.

For issues with the migrator or Nexus Repository itself, contact Sonatype Support directly.

Cause

Nexus Repository OSS  (3.70.4-02) does not support migration directly from OrientDB to PostgreSQL.

PostgreSQL support was introduced in the Community Edition starting with version 3.77.0.

Attempting to run the Database Migrator against OSS versions 3.70.4-02 results in the WrongNxrmEditionException.

Related Content

migrating-to-a-new-database | help.sonatype.com

Environment

Talend Administration Center 

The scenario: A Qlik Sense Enterprise on Windows environment is set up to use Azure SAML (AD FS) for authentication.

On the Azure side, the Token Signing Certificate embedded as the X509Certificate in the SAML IdP metadata within the Qlik virtual proxy configuration expired several weeks ago. A new certificate has not yet been issued.

It is still possible to log in to Qlik Sense Enterprise on Windows. 

This behavior may raise the questions of:

• Is this a security concern?
• How long will the expired certificate last?
   

Resolution

In SAML, the IdP (Azure AD/AD FS) signs the assertion with its private key, and Qlik Sense validates it using the public key embedded in the IdP metadata (the X509Certificate).

The expiry date in the certificate is not actively checked by Qlik Sense during assertion validation.

Qlik only verifies that the signature matches the public key it has stored. So even if the certificate is expired, as long as the key pair hasn’t changed and the signature is valid, authentication succeeds. This is a common behavior and not specific to Qlik Sense.

Is this a security concern?

It is not considered a security issue. The expiry matters for trust and compliance, not for the cryptographic check Qlik performs. 

When will the expiry become relevant?

• Azure rotates the signing certificate (such as after expiry or manual rollover). If you haven’t updated Qlik virtual proxy metadata with the new certificate, logins will fail because Qlik can’t validate the signature.
• If your organization enforces certificate validity checks at the proxy or via custom code (rare in standard Qlik deployments).

Do we need to update the certificate?

Even though Qlik doesn’t break immediately, we recommend updating the IdP metadata in Qlik Sense as soon as Azure issues a new signing certificate. This ensures future-proofing and compliance.

Environment

• Qlik Sense Enterprise on Windows

While creating a metadata connection to Salesforce in Talend Studio, the connection test fails with the following error message:

"SOAP API login() is disabled by default in this org.
                  exceptionCode='INVALID_OPERATION'"

INVALID_OPERATION

Resolution

To resolve this issue, a Salesforce administrator must explicitly enable SOAP API login access in the org before it can be used. 

Even when enabled, login() remains unavailable in API version 65.0 and later.

Cause

This error occurs when Talend Studio attempts to authenticate with Salesforce using the SOAP API, but SOAP-based login access is disabled at the Salesforce organization level. As a result, Talend is unable to establish the metadata connection and retrieve Salesforce objects.

The issue is typically related to Salesforce security or API access settings, such as disabled SOAP API access.

Related Content

SOAP API login() Call is Disabled by Default in New Orgs | help.salesforce.com

Environment

Talend Studio