Skip to main content
Announcements
Global Transformation Awards! Applications are now open. Submit Entry
cancel
Showing results for 
Search instead for 
Did you mean: 
annatrn1
Partner - Contributor III
Partner - Contributor III

Qlik Sense Proxy node in DMZ - Hub doesn't open

Hi all!

We're trying to deploy QlikSense (June2017) in a 2-node environment.

  • Central node (installed on a virtual server within the companies domain)
  • Proxy node (installed on a server in the DMZ, outside the companies domain)

The proxy node has an external IP address. Our aim is to give access to anonymous users from outside the companies domain via the proxy node.

There were no problems/errors during the installation. Opening the hub from internal (via the internal Hostname) is working fine. But when we try to open the hub from outside the companies network via the external IP address we receive an error message

("The proxy awaits a new session")

proxy fehler.PNG

Our QMC settings for the new proxy node:

     Node Service activation: Repository & Proxy

     Both proxies allow HTTP

     Virtual proxy (external): anonymous accessmode: always anonymous users

    Load balancing nodes: both nodes added in both virtual proxies

     Host white list on both virtual proxies: Hostnames & IP addresses of both servers added

The proxy Logfile on the external node gives us an error message (see attached file)

Error connecting to capability service: The remote name could not be resolved

Does anyone have an idea what could cause this problem?

Thank you!

1 Solution

Accepted Solutions
Anonymous
Not applicable

Hi Anna - The log file you had attached mentions something about the fact that your external DNS (trnb...-bi.com) cannot be resolved and there was an issue opening a web socket connection. I am assuming that's your external DNS.  Do you guys have some external IP address assigned to that DNS?  Also, is the external IP and the DNS whitelisted in the proxy settings?  I am not sure if port 4949 is an issue at this stage as it is used for data profiling task or something.  You should have an issue with that port once you are in the application.  But the fact that you cannot even get a session to start, shows that there are issues at the network layer. 

Pranav

View solution in original post

4 Replies
Anonymous
Not applicable

Hi Anna - I am guessing the external IP traffic comes via some network device like F5?  Do you know if all the necessary ports are allowed access through such firewall?  Qlik usually needs to communicate via ports 80/443 and 4244.  It sounds like the external traffic is blocked somewhere down the line.

Pranav

annatrn1
Partner - Contributor III
Partner - Contributor III
Author

Hi Pranav,

Thanks for your input. I've checked the ports on the external node. 80/443 and 4244 are listening.

According to the help.qlik.com there is a list of other ports that allow communication between the central and the proxy node.

Port 4949 doesn't appear in the list of ports on the external node (using the cmd command netstat -ano|more)

Usually this port is used by the dispatcher service - do you think it could have something to do with that?

ports trnqv02.PNGportoverview.PNG

Anonymous
Not applicable

Hi Anna - The log file you had attached mentions something about the fact that your external DNS (trnb...-bi.com) cannot be resolved and there was an issue opening a web socket connection. I am assuming that's your external DNS.  Do you guys have some external IP address assigned to that DNS?  Also, is the external IP and the DNS whitelisted in the proxy settings?  I am not sure if port 4949 is an issue at this stage as it is used for data profiling task or something.  You should have an issue with that port once you are in the application.  But the fact that you cannot even get a session to start, shows that there are issues at the network layer. 

Pranav

annatrn1
Partner - Contributor III
Partner - Contributor III
Author

Hi Pranav,

Thank you! We were using the wrong DNS, so the external node could not contact our internal Server using the Hostname. We changed it (the internal & the external Node are now using the same DNS) and now it's working perfectly.

Thanks for your help!

Anna