RetCode: SQL_ERROR SqlState: 08001 NativeError: -1 Message: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:subject name does not match host name] [1022502] (ar_odbc_conn.c:584)

Starting with ODBC Driver 18 and above, an SSL certificate is needed for the connection. This error indicates that the SQL Server/Azure SQL connection cannot verify the SSL certificate, either because no SSL certificate has been provided or the SSL certificate is invalid.

Resolution

Using the parameter useTrustServerCertificate, you can bypass the need for an SSL certificate. This will skip the SSL Cert validation.

While this parameter is typically added using the SQL connection itself, it can also be configured as an Internal Parameter in Qlik Replicate:

1. Go to the SQL Server/Azure SQL Endpoint connection
2. Switch to the Advanced tab
3. Click Internal Parameters
4. Add the parameter useTrustServerCertificate
5. Check the tickbox to bypass certificate validation
   
   
   
   
6. Stop and resume the task after saving the changes.

Cause

ODBC 18+ requires an SSL certificate to facilitate an extra layer of security. The SSL certificate validation can be bypassed (at your own risk) if no certificate is available.

Environment

• Qlik Replicate

The Linage in Data flow for Talend Data Catalog is broken and cannot be built correctly by missing connection after upgrading Talend Data Catalog from old version like 8.0-20240513 to the latest version (either 8.0-higher or 8.1). 

Resolution

Temporary Workaround

It can be manually restored through Configuration > Talend DI Job model > Connections then Propose Resolutions to manually stitch again then Build 

Final Solution

Fixed by TDC-8.1-20250123 and you need to delete the Talend Data Integration Model version which has the connection problem and re-import the model after installing the patch. 

Cause 

It seems that this issue occurs when Talend Data Integration (Talend Studio) is using global context in Metadata and the name of the connection is changed during re-importing

Related Content

For more information about Propose Resolutions, please refer to Help Documentation:

Stitching-Models-Together-for-Data-Flow-Tracing

Internal Investigation ID(s)

Here is a jira issue raised for MITI: TALMM-5912

Environment

• Qlik Talend Data Catalog V 8.1
• Talend Data Integration 

The import Data Mapping Script was working well in Talend Data Catalog 8.0 but after install latest patches, the import data mapping script (Replication_Mapping.sql ) exported from Talend Data Catalog 8.0 doesn't work in Talend Data Catalog 8.1.

Import failed with error message:

Failed to import the mapping due to the following error: 'Cannot invoke "MITI.server.services.mapping.query.QueryId.getObjectId()" because "<local14>" is null'. 

FailedImport

Resolution

As Talend Data Caralog old version is going to deprecated, please import data mapping script in newly created data mapping script model rather than the one upgraded from old version.

Cause 

The import function works as expected. If import script into a newly created data mapping, it works well. The issue only exist in the data mapping model which was upgraded from the old version, which is not recommended by Qlik.

Environment

• Qlik Talend Data Catalog V 8.1
• Talend Data Integration 

The QlikView Services can be set up to either use the local QlikView Administrators Group, or Digital Certificates. The Service Account has specific requirements. 

The two options during installation are Use digital certificates and Use QlikView Administrators Group.

Use digital certificates: 

Authenticate communication between QlikView servers using digital certificates and SSL. This alternative is recommended in environments where not all servers have access to a common Windows Active Directory or when the security provided by certificate authentication is required. Note that digital certificates are only supported by Windows Server 2008 R2 and later.

Use QlikView Administrators Group: 

Authenticate communication between QlikView services based on membership in the local Windows group QlikViewAdministrators. This alternative can be used in environments where all servers that are part of the QlikView installation can authenticate using a common Windows Active Directory.

Regardless of the option chosen, the service account used to run the services has to be:

• A local administrator on the host operating system
• Be able to run as a network service
• Have access to all the QlikView related folder structure, such as ProgramData, Program Files, and configured application data (.qvw storage, .qvd storage, log files) locations. 

Note:  GMSA (Standalone Managed Service Accounts) are not supported for Qlik products

Environment: 

Related Content:

• How to Change QlikView Service Account
• Is GMSA supported for use with Qlik Products 
   

PostgreSQL has identified a vulnerability (CVE-2025-1094) that allows for SQL injection under certain scenarios. For more information, see CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation.

Resolution

To allow for quick mitigation of PostgreSQL vulnerabilities, Qlik offers the ability to run and manage your own PostgreSQL instance independently of what Qlik Sense Enterprise on Windows is shipped with. This allows for direct control of your PostgreSQL instance and facilitates maintenance without a dependency on Qlik Sense. Further Database upgrades can then be performed independently and in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions.

Recommendations

Upgrade PostgreSQL

If you have already installed a standalone PostgreSQL database, or if you have used the Qlik PostgreSQL Installer (QPI) to upgrade and decouple your previously bundled database, then you can upgrade PostgreSQL at any time. This means you control maintenance and can immediately react to potential PostgreSQL security concerns by upgrading to a later service release or a later major version.

See Qlik Sense Enterprise on Windows: How To Upgrade Standalone PostgreSQL.

Verify your Qlik Sense Enterprise on Windows version's System Requirements before committing to a PostgreSQL version.

Unbundle and upgrade PostgreSQL using QPI

If you have not yet installed a standalone PostgreSQL instance, this is the preferred method to gain direct control to upgrade at your own pace. For instructions, see Upgrading and unbundling the Qlik Sense Repository Database using the Qlik PostgreSQL Installer.

Manually switch to a dedicated PostgreSQL database

An alternative method to migrate to a standalone PostgreSQL instance is available in How to configure Qlik Sense to use a dedicated PostgreSQL database.

Related Content

• System requirements for Qlik Sense Enterprise
• Qlik Sense Enterprise on Windows: How To Upgrade Standalone PostgreSQL 
• Upgrading and unbundling the Qlik Sense Repository Database using the Qlik PostgreSQL Installer 
• How to configure Qlik Sense to use a dedicated PostgreSQL database 

Internal Investigation ID(s)

SUPPORT-896

Environment

• Qlik Sense Enterprise on Windows

This article documents how to deploy a remote harvesting agent for Talend Data Catalog using Docker. For the full installation process, see Installing Talend Data Catalog | Talend Data Catalog Installation and Upgrade Guide Help.

You can deploy a remote harvesting agent using a Docker container.

You run the container based on a Docker image to launch your application with private resources, securely isolated from the rest of your machine.

A Docker image is a private file system for your container. It provides all the files and code your container needs. For more information, see https://docs.docker.com/get-started/.

You can deploy a remote harvesting agent using a command or a docker-compose file.
You can run simultaneously as many remote harvesting agents as necessary.

Deploying a remote harvesting agent running a command

Before you begin

• You have been assigned a global role with the Application Administration capability.
• You have installed and launched Docker Desktop on your machine. For more information, see https://docs.docker.com/get-docker.
• If necessary, you have configured Docker to use a proxy server. For more information, see https://docs.docker.com/network/proxy.
• Note that if you use a proxy server, you need to add an additional environment variable USESYSTEMSPROXIES=true.

Procedure

1. Open a command prompt or a terminal window. For Windows, use PowerShell.
2. Execute the following command to run the container:
   

   docker run -d --restart unless-stopped \
    --name <CONTAINER_NAME> \
    -e CLOUD_URL=<TENANT_NAME>.datacatalog.<REGION>.cloud.talend.com \
    -e AGENT_STRING=<RHA_NAME> \
    -e AGENT_SHARED_SECRET=<RHA_SHARED_SECRET> \
   <DOCKER_IMAGE:TAG>​

   You can define the key parameters as follows:
   

   Parameter	Action
   CONTAINER_NAME	Enter the name of your remote harvesting agent.
   CLOUD_URL	Enter the Talend Cloud Data Catalog tenant endpoint, for example: mytenant123.datacatalog.us.cloud.talend.com.
   AGENT_STRING	Enter the name of the Remote Harvesting Agent.
   AGENT_SHARED_SECRET	Enter a shared secret set to anything as long it is: unique, reasonably descriptive so it can usefully be identified in the UI, hard to guess since it also works as a shared secret string.
   ENABLE_WEBSERVICES (Optional)	The remote harvesting agent allows only local connections by default. Set this to true to allow communication between the remote harvesting agent and the Talend Data Catalog server.
   -p 8080:8080 (Optional)	Expose the remote harvesting agent’s web service on port 8080. Required only if ENABLE_WEBSERVICES=true.
   USESYSTEMSPROXIES (Optional)	If you use a proxy server and want the remote harvesting agent to inherit the system’s proxy settings automatically, set this to true.
   PROXYHOST (Optional)	Specify a manual proxy server IP or hostname, for example, 10.100.1.1
   PROXYPORT (Optional)	Specify a manual proxy server port number, for example: 3128
   MITI_M_JAVA_OPTIONS (Optional)	Specify custom Java parameters, such as increasing the maximum memory used by Java bridges during metadata harvesting of very large DB, DI, or BI tools. Note that this parameter defines the default settings for all Java bridges. However, most memory-intensive Java bridges (for example, JDBC bridges) can define their own maximum memory in their last parameter called Miscellaneous.
   M_BROWSE_PATH (Optional)	Allow browsing local and mapped network drive. <u+200e>All metadata harvesting file and directory parameter references are relative to the agent. The reason is that the server must have access to these resources anytime another event (for example, scheduled harvest) is to occur. On installation, all directly attached drives are included. However, as it is a service, the drive names and paths may vary from what the installer detects, and these drives are not available at installation time, meaning they will not be visible when selecting drives using the UI. Note that this also applies to script-based backup and restore drives.
   DOCKER_IMAGE:TAG	Enter talend/datacatalog-remote-harvesting-agent as the Docker image. Enter the version name of Talend Data Catalog build as the tag, such as 8.1-20250212. For example, you can enter talend/datacatalog-remote-harvesting-agent: 8.1-20250212. You can find the list of Talend Data Catalog versions on https://hub.docker.com/r/talend/datacatalog-remote-harvesting-agent/tags.

    

3. Execute docker ps or go to Docker Desktop and check that the Docker container is running.

Deploying a remote harvesting agent using a docker-compose file

Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your harvesting agent and run a single command to create and start it.

Before you begin

• You have been assigned a global role with the Application Administration capability.
• You have installed and launched Docker Desktop on your machine. For more information, see https://www.docker.com/products/docker-desktop.
• If necessary, you have configured Docker to use a proxy server. For more information, see https://docs.docker.com/network/proxy.

Procedure

1. Create a YAML file as follows:
   
   

   version: '3'
   services:
     harvesting_agent:
       container_name: "<CONTAINER_NAME>"
       image: "<DOCKER_IMAGE:TAG>"
       environment:
         CLOUD_URL: 
         "<TENANT_NAME>.datacatalog.<REGION>.cloud.talend.com"
             AGENT_STRING: "<RHA_NAME>"
             AGENT_SHARED_SECRET: "<RHA_SHARED_SECRET>"
             restart: "unless-stopped"​

   
   You can define the following key parameters:
   
   

   Parameter	Action
   CONTAINER_NAME	Enter the name of your remote harvesting agent.
   DOCKER_IMAGE:TAG	Enter talend/datacatalog-remote-harvesting-agent as the Docker image. Enter the version name of Talend Data Catalog build as the tag, such as  8.1-20250212. For example, you can type in talend/datacatalog-remote-harvesting-agent:8.1-20250212. You can find the Talend Data Catalog versions on https://hub.docker.com/r/talend/datacatalog-remote-harvesting-agent/tags.
   CLOUD_URL	Enter the Talend Cloud Data Catalog tenant endpoint, for example, mytenant123.datacatalog.us.cloud.talend.com.
   AGENT_STRING	Enter the name of the Remote Harvesting Agent.
   AGENT_SHARED_SECRET	Type in a shared secret set to anything as long it is: unique, reasonably descriptive so it can usefully be identified in the UI, hard to guess since it also works as a shared secret string.
   ENABLE_WEBSERVICES (Optional)	The remote harvesting agent allows only local connections by default. Set this to true to allow communication between the remote harvesting agent and the Talend Data Catalog server.
   ports: -"8080:8080"  (Optional)	Expose the remote harvesting agent’s web service on port 8080. Required only if ENABLE_WEBSERVICES is set to true.
   USESYSTEMSPROXIES (Optional)	If you use a proxy server and want the remote harvesting agent to inherit the system’s proxy settings automatically, set this to true.
   PROXYHOST (Optional)	Specify a manual proxy server IP or hostname, for example, 10.100.1.1
   PROXYPORT (Optional)	Specify a manual proxy server port number, for example, 3128
   MITI_M_JAVA_OPTIONS (Optional)	Specify custom Java parameters, such as increasing the maximum memory used by Java bridges during metadata harvesting of very large DB, DI, or BI tools. Note that this parameter defines the default settings for all Java bridges. However, most memory-intensive Java bridges (for example, JDBC bridges) can define their own maximum memory in their last parameter called Miscellaneous.
   M_BROWSE_PATH (Optional)	Allow browsing local and mapped network drive. <u+200e>All metadata harvesting file and directory parameter references are relative to the agent. The reason is that the server must have access to these resources anytime another event (for example, scheduled harvest) is to occur. On installation, all directly attached drives are included. However, as it is a service, the drive names and paths may vary from what the installer detects, and these drives are not available at installation time, meaning they will not be visible when selecting drives using the UI. Note that this also applies to script-based backup and restore drives.

   
   
   
2. Save as a YAML file on your machine.
3. Open a command prompt or a terminal window and execute docker-compose to verify that Docker Compose is installed. For Windows, use PowerShell.
4. Execute the following command to start Compose and run the container:
   docker-compose -f <filename> up -d
5. Execute docker ps or go to Docker Desktop and check that the Docker container is running.

In case of error, check the Compose file.

Results

You are ready to add the remote harvesting agent in Talend Data Catalog.

Environment

• Qlik Talend Data Catalog

When exporting and importing an application from one environment (ex: DEV) to another (ex : PROD), only the Public bookmarks are exported.

Scenario:

• A is an Administrator user
• B is a consumer user
• In a published application, B has personal bookmarks created
• If user A exports the application in QMC, then B's bookmarks will not be exported

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Modification to the Qlik Sense Repository database are done at your own risk. Prior to making changes, backup the database in case of a rollback being necessary. Qlik Support will require the system to be restored to the previous state, should an issue occur after modifications were done.

Option 1:

Find and re-import the App's binary file (an App .qvf file without the file extension ".qvf" in its name) stored in the Qlik Sense share. This file will contain all the bookmarks including the Community and Personal bookmarks. However, there will not be any indication of ownership for them and the administrator that re-imported the App will be the new owner of all bookmarks. Once the app is re-published all bookmarks will become Public Bookmarks, so there should be discretion in determining which ones should be published. 
For information on finding the binary files see How to find App ID of application in QlikSense Server

Note: The file needs to be renamed to include the .qvf extension prior to importing.

Option 2:

1. Install pgadmin 4 and connect it to the QSR database (See Installing and Configuring PGAdmin 4 to access the PostgreSQL database used by Qlik Sense or NPrinting)
2. In the DEV QMC, open the App view and on the top right column selector, add the ID column; now you have the ID of your app (see How to find App ID of application in QlikSense Server)
3. In Pgadmin, once you're connected to the QSR database, open the Tool > QueryTool
4. Run this command (adapt it)
   

   SELECT * FROM public."AppObjects" 
   where "App_ID"='9abc7e1b-b797-4752-8e83-f6b3c987b1f2' 
   AND "ObjectType"='bookmark';

   
   You can see the column Owner_ID with ID of the owner
   
   
5. Return to the Qlik Sense Management Console > Users 
6. With the column selector, add the ID column; and find the ID of the owner of the app. It should match with the ID located in pgadmin.
7. We now change the owner of an appObject bookmark in Pgadmin: 
   

   UPDATE public."AppObjects" 
   set "Owner_ID"='<your new ID>' 
   where "App_ID"='9abc7e1b-b797-4752-8e83-f6b3c987b1f2' 
   AND "ObjectType"='bookmark';

   
   This changes the owner of all bookmarks in this app to a specific user. 
   
   
8. Export from TEST; import into PROD
9. Verify that you have all the bookmarks
10. In PROD install pgadmin and do the same kind of modification.

Related Content:

How to backup / migrate / move / re-import community and personal sheets to Qlik Sense
Restore deleted app in Qlik Sense, Import app in Qlik Sense

The Qlik Sense Desktop or Server installation fails with:

INSTALLATION FAILED
AN ERROR HAS OCCURRED
For detailed information see the log file.
 

The installation logs (How to read the installation logs for Qlik products) will read:

Error 0x80070643: Failed to install MSI package.
Error 0x80070643: Failed to configure per-user MSI package.
Detected failing msi: DemoApps

Error 0x80070643: Failed to install MSI package.
Error 0x80070643: Failed to configure per-user MSI package.
Detected failing msi: SenseDesktop
Applied execute package: SenseDesktop, result: 0x80070643, restart: None
Error 0x80070643: Failed to execute MSI package.
ProgressTypeInstallation
Starting rollback execution of SenseDesktop

CAQuietExec:  Entering CAQuietExec in C:\WINDOWS\Installer\MSIE865.tmp, version 3.10.2103.0
CAQuietExec:  "powershell" -NoLogo -NonInteractive -InputFormat None 
CAQuietExec:  Error 0x80070002: Command failed to execute.
CAQuietExec:  Error 0x80070002: QuietExec Failed
CAQuietExec:  Error 0x80070002: Failed in ExecCommon method
CustomAction CA_ConvertToUTF8 returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (74:54) [10:44:37:941]: Note: 1: 2265 2:  3: -2147287035 
MSI (s) (74:54) [10:44:37:942]: User policy value 'DisableRollback' is 0
MSI (s) (74:54) [10:44:37:942]: Machine policy value 'DisableRollback' is 0
Action ended 10:44:37: InstallFinalize. Return value 3.

The Failed to Install MSI Package can have a number of different root causes.

Install C++ redistributable

Dependencies may be missing. Install the latest C++ redistributable. 

.NET Framework update installation error: "0x80070643" or "0x643".

This issue may occur if the MSI software update registration has become corrupted, or if the .NET Framework installation on the computer has become corrupted (source: Microsoft, KB976982). 

Repair or reinstall .NET framework. 

PowerShell path not set as a system variable

How to troubleshoot:

Option 1

1. Start "Advanced System Settings" ->  "Advanced" tab -> "Environment Variables"
2. Select "Path" from "System variables" and Click Edit
3. Check if the PowerShell path is listed
4. If it is missing, add "%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\" and save the change
   
   Please make sure powershell.exe can be evoked successfully from %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ before adding the path.
   
   

1. Run the batch file in the article Windows Commands To Retrieve Environment Information v2.14
2. Open the result file and find the "Environment Variables" part
   

   ********************************************        
   *********  Environment Variables  **********        
   ********************************************    
   .......
   
   Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\administrator\AppData\Local\Microsoft\WindowsApps;C:\WINDOWS\system32\inetsrv\​

3. If the path of PowerShell is missing, refer to option 1 to add into the system variables. 

Web Platform Installer Extensions required

Install the Web Platform Installer Extension that includes the latest components of the Microsoft Web Platform, including Internet Information Services (IIS), SQL Server Express, .NET Framework and Visual Studio.

More information about the tool on the Microsoft page. 

Windows Updates are pending

Verify if there are pending Windows updates. Complete them and try again.

The Installer is not hosted on a local drive

The installation may fail if the installer is being executed from a network drive. Copy the installer to your local drive.

Environment:

Qlik Sense Desktop 

The index becomes unusable when an index rebuild fails due to ORA-1652 during a full load operation.

Despite the error, the Qlik Replicate task log does not display any errors, making it difficult to detect the unusable index.

Resolution

Uncheck Use Direct Path Full Load in the Oracle target endpoint settings.

This will allow Qlik Replicate to detect the issue and suspend the table accordingly.

Cause

When using direct load, some integrity constraints appear to be automatically disabled, allowing all data to be loaded but causing the index to become unusable.

Since the OCI functions return successfully, no errors are indicated. This is a product limitation when using Oracle as the target.

Environment

• Qlik Replicate all versions

When using Amazon Kinesis as a target endpoint in a Qlik Replicate task, there is a prerequisite to create a stream named attrep_apply_exceptions. This stream allows the Apply Exceptions control table to be written to the target.

Creating a Kinesis stream named attrep_status doesn't mean the attrep_status table is added to the newly created stream. Instead, it is added into the main data stream. 

Is there a way in which the attrep_status table can be put into its own stream?  

Resolution

In the Amazon Kinesis Data Streams target endpoint settings, there are two options for publishing data:

• Specific stream: All data, including user data messages and Qlik Replicate internal control messages (e.g., the attrep_status message), is published to a single stream.
  
  Example: All messages are delivered to the stream APACKinesis
  
  
  
  

• Separate stream for each table: Each table's data is published to a stream with the same name as the table by default. This behavior can be customized using $stream.

   

  The task’s status messages are always published to the attrep_status stream.

Check that Separate stream for each table is set. This is the correct option to route the  attrep_apply_exceptions and attrep_status related messages to dedicated streams.  

Cause

The incorrect use of Specific stream causes the attrep_apply_exceptions and attrep_status routing messages to be added to the same target stream.

Environment

• Qlik Replicate

The following error is logged if the transaction log was encrypted during backup and the Microsoft SQL Server endpoint is set to:

• Backup Logs Only (a)
• Replicate has file-level access to the backup log files toggled on (b)
• Encrypt only the transaction log backup file (.trn) (TDE not enabled)

Resolution

If you want to encrypt transaction logs, enable Transparent Data Encryption (TDE).

Transparent Data Encryption (TDE) is only supported when accessing backup transaction logs through SQL Server’s native functionality.

It is not supported when using the endpoint's file-level access option.

When enabling TDE, do not select the option Replicate has file-level access to the backup log files.

Cause

Encrypted backups are not supported when accessing backup transaction logs, which is a limitation when using the Microsoft SQL Server as a source. See Limitations and considerations for details.

Environment

• Qlik Replicate

There is a difference of the display in the UI after upgrading from Talend Data Catalog version 8.0 to 8.1.

In Talend Data Catalog 8.0, if you add “Defines“ relationship with term and model, and then add it to your custom presentation, the display name is Model Name.

TalendDataCatalog8.0

After upgrading from Talend Data Catalog version 8.0 to 8.1, "Defines" in Talend Data Catalogn 8.1 shows Host Name (hostname:port) instead of Model Name while defining a model.

 TalendDataCatalog8.1

Resolution

This issue is fixed by 20241217 release and please upgrade to it.

Cause

This issue is from the name of objects at the end of relationships in manage repository UI and a related MITI jira issue has been raised.

Internal Investigation ID(s)

Here is a JIRA ticket for MITI: TALMM-5871

Environment

• #Talend Data Catalog v 8.1
• Talend Studio 

The Qlik Sense log files can be easily collected using the Log Collector. 

The Log Collector is embedded in the Qlik Sense Management Console. It is the last item listed in the Configure Systems section.

For instructions on how to use the Log Collector, see Log collector (help.qlik.com).

Content

• Requirements
• Using the Log Collector
• What does the Qlik Sense Log Collector access?
• Manually collecting log files
• Older Qlik Sense Versions (3.1 and earlier)

Requirements

The user must be a root admin and have administrative permissions.

Using the Log Collector

The best way to gather these logs is to use the Qlik Sense Log Collector. If the tool is not included in your install, it can be downloaded from this article. 

1. Login to Windows Server on Qlik Sense node
2. Open Windows File Explorer
3. Navigate to Log Collector folder at C:\Program Files\Qlik\Sense\Tools\QlikSenseLogCollector
4. Press Shift key and right click on QlikSenseLogCollector.exe 
5. Select Run as different user
6. Enter Qlik Sense service account credentials.
7. Configure log collection
   • Date range to collect logs from (minimum of 5 days if possible)
   • Support case number to include in ZIP file name
   • Select options 
   • Include Archive logs
8. Click Collect
9. If Qlik Sense is not automatically accessible on the node, further options are presented.  
   • Qlik Sense is running and on this host
     this option to get more options on automatic log collection
   • Qlik Sense is not running or accessible
     this option allows to define the path to local Qlik Sense log folder
   • Qlik Sense is located elsewhere
     this option allows to enter FQDN of remote Qlik Sense server
10. Wait until collection is finished
11. Click Close
12. Open generated ZIP file in C:\Program Files\Qlik\Sense\Tools\QlikSenseLogCollector
    Note, no need to unzip the file, simple double click on the ZIP file to browse its content
    • Confirm it contains JSON and TXT files, if system info options were enabled in Step 6
    • Confirm there is one folder per node in the deployment, named in same way as the node
    • Confirm there is a Log folder representing Archived Logs from persistent storage
13. If ZIP content is incomplete, repeat steps above or contact support for further guidance
14. If ZIP content is accurate, attach ZIP file to support case for further analysis by Qlik

What does the Qlik Sense Log Collector access?

This list provides an overview of what system information the Qlik Sense Log collector accesses and collects.

• WhoAmI (information)

  C:\Windows\System32\whoami.exe

• Port status (information)

  C:\Windows\System32\netstat.exe -anob

• Process Info (information)

  C:\Windows\System32\tasklist.exe /v

• Firewall Info (information)

  C:\Windows\System32\netsh.exe advfirewall show allprofiles

• Network Info (information)

   C:\Windows\System32\ipconfig.exe /all

• IIS Status (iisreset /STATUS Display the status of all Internet services.)

   C:\Windows\System32\iisreset.exe /status

• Proxy Activated (information)

   C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "ProxyEnable"

• Proxy Server (information)

   C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "proxyserver" 

• Proxy AutoConfig (information)

   C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "AutoConfigURL" 

• Proxy Override (information)

   C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "ProxyOverride" 

• Internet Connection (information)

   C:\Windows\System32\ping.exe google.com

• Drive Mappings (information)

   C:\Windows\System32\net.exe use

• Drive Info (information)

   C:\Windows\System32\wbem\wmic.exe /OUTPUT:STDOUT logicaldisk get size

• Localgroup Administrators (information)

   C:\Windows\System32\net.exe localgroup "Administrators"

• Localgroup Sense Service Users (information)

   C:\Windows\System32\net.exe localgroup "Qlik Sense Service Users"

• Localgroup Performance Monitor Users (information)

   C:\Windows\System32\net.exe localgroup "Performance Monitor users"

• Localgroup Qv Administrators (information)

   C:\Windows\System32\net.exe localgroup "QlikView Administrators"

• Localgroup Qv Api (information)

   C:\Windows\System32\net.exe localgroup "QlikView Management API"

• System Information (information)

   C:\Windows\System32\systeminfo.exe

• Program List (information)

   C:\Windows\System32\wbem\wmic.exe /OUTPUT:STDOUT product get name

• Service List (information)

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "gwmi win32_service | select Started

• Group Policy (information)

  C:\Windows\System32\gpresult.exe /z

• Local Policies - User Rights Assignment (information)

   C:\Windows\System32\secedit.exe /export /areas USER_RIGHTS /cfg

• Local Policies - Security Options (information)

   C:\Windows\System32\secedit.exe /export /areas

• Certificate - Current User(Personal) (information)

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "Get-ChildItem -Recurse Cert:\currentuser\my | Format-list"

• Certificate - Current User(Trusted Root) (information)

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "Get-ChildItem -Recurse Cert:\currentuser\Root | Format-list"

• Certificate - Local Computer(Personal) (information)

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "Get-ChildItem -Recurse Cert:\localmachine\my | Format-list"

• Certificate - Local Computer(Trusted Root) (information)

   C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command "Get-ChildItem -Recurse Cert:\localmachine\Root | Format-list"

• HotFixes (information)

  $FormatEnumerationLimit=-1;$Session = New-Object -ComObject Microsoft.Update.Session;$Searcher = $Session.CreateUpdateSearcher();$historyCount = $Searcher.GetTotalHistoryCount();$Searcher.QueryHistory(0, $historyCount) | Select-Object Title, Description, Date, @{name="Operation"; expression={switch($_.operation){1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}}}} | out-string -Width 1024

• UrlAclList (information)

   C:\Windows\System32\netsh.exe http show urlacl

• PortCertList (information)

   C:\Windows\System32\netsh.exe http show sslcert

Manually collecting log files

Any versions of Qlik Sense Enterprise on Windows prior to May 2021, do not include the Log Collector.

If the Qlik Sense Log collector does not work then you can manually gather the logs.

• Default storage (before archiving): C:\ProgramData\Qlik\Sense\Log
• Default archive storage: C:\ProgramData\Qlik\Sense\Repository\Archived Logs
• Manual retrieval of Reload logs: How to find the Script (Reload) logs in Qlik Sense Enterprise

For information on when logs are archived, see How logging works in Qlik Sense Enterprise on Windows.

Older Qlik Sense Versions (3.1 and earlier)

Persistence Mechanism Current Logs(Active Logs) Archived Logs

Note: Depending on how long the system has been running, this folder can be very large so you will want to include only logs from the time frame relevant to your particular issue; preferably a day before the issue began occurring.

Related Content

How logging works in Qlik Sense Enterprise on Windows 

The Sense System Performance Analyzer app has been deprecated.

The Sense System Performance Analyzer (Sense System Performance Analyzer) does not show data. The reload of the app has finished successfully.

Environment

• Qlik Sense Enterprise on Windows May 2021 and later

This is expected. The app pulls platform and process performance data as well as Windows event data from the logging database. However, since the May 21 release centralized logging has been deprecated.  See Deprecation of Centralized Logging in Qlik Sense Enterprise on Windows.

Internal Investigation ID(s) 

HLP-10692 

In order to access your microservice Job remotely, this article briefly introduces How to set up the Microservice Job Deployment for Remote Access.

Please follow the steps below:

1. Open the Project Settings dialog box from File > Edit Project Properties.
2. Open the Default Configuration Setting from Build > Microservices. MicrosoftServicesConfiguration
3. In #server section, please specify server.host as 0.0.0.0. Also, notice that the server.servlet.context-path parameter is set as "/services". This will be included in the path to connect to the server.

   server.host = 0.0.0.0

4. Deploy the Microservice job.
5. Connect to the Microservice job via using the following URL:
   http://<IP address of the engine server you deployed the microservice on>:<port><server.servlet.context-path parameter>/<endpoint specified for the microservice job>
   For example: http://IP.Address.Of.Server:8065/services/test

Related Content

For further information regarding Microservices, please check: Building a Data Service Job as a Microservice.

Environment

Talend Studio 

This article aims to demonstrate how to connect AD users to a Qlik Replicate instance installed on Linux.

Prerequisites

• The Linux Qlik Replicate server IP (obtained through, for example, ifconfig)
• The server password of the Linux box
• Qlik Replicate installed as per: How to install Qlik Replicate on Linux and set up browser access 

Preparation Steps:

1. Install Qlik Replicate on a Microsoft Windows machine.
2. When prompted to Select the Replicate Server that the Qlik Replicate Console will work with select 
   Connect to a remote Linux Replicate Server
   
   
   
   
3. Add the Linux machine IP and change the port if not using the default one
   
   
   
   
4. Review the data:
   
   
   
   
5. Finish the installation process.
6. Once completed, open the Windows Services app
7. Verify that the installation only installed Qlik Replicate Ui server
   
   
   
   
8. Open a command prompt (CMD) as administrator and run:
   
   cd C:\Program Files\Attunity\Replicate\bin
   
9. In this directory, run:
   
   repctl SETSERVERPASSWORD <same Linux server password>
   
   
10. Restart the Qlik Replicate UI server
11. Open the Qlik Replicate console
12. License the product
13. Log in with your windows credentials. You are now connected to the Linux Qlik replicate server as a local admin
    
    
    
    

Adding AD users

We suggest handling user roles in Activity Directory on the security group level rather than individual roles. This allows for better governance and is generally considered a good practice. 

For instance, you can add four groups:

• Admins
• Operators
• Viewers
• Designers

And then add your desired users to these specific groups. 

1. In the Qlik Replicate Console, switch to the Server view and open the User permission tab
   
   
   
   
2. Click + Add
   
   
   
   
3. You can either add a domain user or a domain group (Domain\user or Domain\group) 
4. Click OK
5. The new user/group will be added to the User/Group list.
   
   
   
   
6. To test, open an incognito browser and log in with the required authorized AD user.
   
   
   
   
7. You are connected to the Linux box with AD user.
   
   

Environment:

Qlik Replicate 

A DI task, which includes a tSystem component responsible for executing a PGP encryption command, was deployed to run on a remote Jobserver and encountered an error:

"1001 could not open keyrings, file not found."

Cause

"1001 could not open keyrings, file not found" - this appears to be an error message related to keyring or credential access on a system. This specific error typically occurs in Linux systems when there's an issue with the keyring service. The "1001" likely refers to a user ID, and the system is unable to find or access the keyring file that stores passwords and credentials.

After conducting a thorough examination, it was determined that in comparison to the working environment, the Jobserver utilizes a specific user session to run as a service. However, on the new/updated environment, the Jobserver service was not configured with the appropriate user/logged-on session.

Resolution

Ensure that the appropriate user session is used for the Jobserver service registry in Linux/Windows.

Environment

• Talend Data Integration 8.0.1

This article documents how to delete the data from your Qlik Alerting database. The attached script is set to retain data history for up to a hundred (100) scans. You can modify the script to keep more. We do not recommend reducing the number to below a hundred as that would negatively impact alert conditions and history.

Always backup your Qlik Alerting database before running the script. See How to take Backup and Restore Qlik Alerting MongoDB Database for details.

To configure and execute the script:

1. Verify that NodeJS is installed on your machine
   
   
2. Save the attached scriptRunner.js script in an easily accessible location, then open it
   
   
3. Change the configuration of the script to include your dbURI and dbName:
   

   'recordsToKeep':100, //enter values to keep in the datahistory table this values indicates number of the alert scan values 
   dbURI: 'mongodb://127.0.0.1:27017', //enter the database URL of qlik alerting database 
   dbName:'qlikalerting' // Update the database name if you have changed the default databse name for Qlik Alerting  
   } 

   
   
   
4. Open a Windows Command prompt with elevated (administrator) permissions
   
   
5. Switch to the location of your scriptRunner.js file and run it using the command:

   node scriptRunner.js

   The command creates a folder named alerting-databse-cleaner, creates app.js, installs the required dependencies (mongodb NodeJS drivers), and then runs the app.js file.
   
   
6. The result should be:
   
   
   
   The first message logs the creation of the directory. We then log the installation of the npm package and list the number of records we want to keep in the database. This is followed by the MongoDB connection message and, lastly, shows if there is data that matches the previously set condition.
   
   If there are fewer records than the recordsToKeep, nothing will be deleted, and the message No data available for deleting with given values is shown.

Not keeping the minimum of a hundred (100) scans for an alert will impact the Previous Scanned Conditions set during Alert Creation. (Fig 3)

Fig 3

Alert History Example

Environment

• Qlik Alerting

If the H2 database has been selected as the database to use for Talend Administration Center, you can change the password from web console by following the steps below:

1. Login to Talend Administration Center Portal
2. Select "Configuration" from the panel on the left side
3. Choose "Database" TACConfiguration
4. Click on the URL of the Web Console to access the H2 Database
5. After providing DB Connection Login and Password by default tisadmin and tisadmin, click on "Connect" and access the H2 Database
6. Write in the following SQL statement to change your password in DB
   

   ALTER USER <Name of User> SET PASSWORD '<Password of your choice>';

   For example:

   ALTER USER tisadmin SET PASSWORD 'password';

7. Go to db config page (default protected page password is admin ) for filling in the New Password in db config page after changing it from H2 web Console.

Embedded for development, test, and demo purposes only. H2 is not supported if you migrate from previous versions. To migrate from a previous version, you need to migrate from H2 to MySQL or other supported databases first in the source version, and then trigger the upgrade of Talend Administration Center to the target version.

Related Content

For more information, please check here:

• H2 Database Administration and Maintenance
• compatible-databases

Environment

Talend Administration Center 

Talend Management Console Task cannot run and is blocked on AWS S3 Transferring Artifact step. It is caused by Expiration of Certification 

java.io.IOException: Error resolving artifact actions.Project_xxx.xxx:AZURE_SYNAPSE_CONNECTION_CHECK:zip:0.1.1.20252702044904: [Could not transfer artifact actions.Project_xx.xx:AZURE_SYNAPSE_CONNECTION_CHECK:zip:0.1.1.20252702044904 from/to xx-7914-4a8e-9000-xxx.release (s3://eu-production-minio-artifacts/repositories/xx-7914-4a8e-xxx-xx/): Unable to execute HTTP request: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Resolution

1. Download certificate chains from targeting
   for eu based s3 storage as an example
   

   echo "" | 
      openssl s_client -showcerts -connect s3-eu-west-1.amazonaws.com:443 |
      awk '/BEGIN/ { i++; } /BEGIN/, /END/ { print > "aws-crt-" i ".crt"  }'
   #above command will download several certificates 

2. Import all certificates to JVM used by Remote Engine and Runtime servers
   

   keytool -import -trustcacerts -alias xxxcert-1 -file /tmp/aws-crt-1.cer -keystore  jvm/lib/security/cacerts -storepass changeit
   keytool -import -trustcacerts -alias xxxcert-1 -file /tmp/aws-crt-2cer -keystore  jvm/lib/security/cacerts -storepass changeit
   keytool -import -trustcacerts -alias xxxcert-1 -file /tmp/aws-crt-3.cer -keystore  jvm/lib/security/cacerts -storepass changeit

3. Restart Remote Engine Server to reload s3 certificates 

Cause

Talend Management Console relies on AWS S3 for centralized storage of compiled job designs. To maintain robust cloud security, AWS S3 periodically updates its server certificates. This requires the Java Virtual Machine (JVM) on the Remote Engine side, where Talend Management Console Tasks are executed, to be configured to recognize and adapt to these certificate changes, as expired certificates will cause connection issues.
 

Environment

Talend Cloud