Qlik Community

Ask a Question

Knowledge Base

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
Our next Qlik Insider session will cover new key capabilities. Join us August 11th REGISTER TODAY

Interactive Logon Rights for Qlik Sense installation

Andre_Sostizzo
Digital Support
Digital Support

Interactive Logon Rights for Qlik Sense installation

This article outlines the requirement for the service account to have interactive logon permission to the Qlik Sense server in order to perform a new installation. This requirement was introduced on the February 2018 release.

The following may be registered in the logs:



Installation failed      An error has occurred     One or more of your shared persistence file share folders has not been configured correctly, or the service user does not have the appropriate access permissions.


If the service account does not have interactive logon rights, then the installer will error with a trace like as follows in the underlying log files (reference How To Collect Qlik Sense Installation Log File for guidance on locating those logs files):

Calling custom action Qlik.QustomActions64!Qlik.QustomActions64.FolderValidation.ValidateSharedFolders
Action 16:27:25 33 SERVICEUSER: domain\svc_qliksense
Action 16:27:25 33 SHAREDROOTFOLDER: \\FILESHARE\SharedFolder
Action 16:27:25 33 STATICCONTENTROOT: \\FILESHARE\SharedFolder\StaticContent
Action 16:27:25 33 CUSTOMDATAROOT: \\FILESHARE\SharedFolder\CustomData
Action 16:27:25 33 ARCHIVEDLOGSROOT: \\FILESHARE\SharedFolder\ArchivedLogs
Action 16:27:25 34 APPSROOT: \\FILESHARE\SharedFolder\Apps
Action 16:27:25 34 Before impersonation: NT AUTHORITY\SYSTEM
Action 16:27:25 39 After finished impersonation: NT AUTHORITY\SYSTEM
Exception thrown by custom action:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Qlik.QustomActions64.FolderValidation.ImpersonatedValidator.ValidateFolder(String folder, Func`2 evaluationCallback)
   at Qlik.QustomActions64.FolderValidation.ImpersonatedValidator.ValidateSharedRootFolder(String folder)
   at Qlik.QustomActions64.FolderValidation.ValidateSharedFolders(Session s)
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture)
   at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)
CustomAction CA_ValidateSharedFolders returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)


 
 

Environment:

  • Qlik Sense Enterprise and version

 

Beginning in Qlik Sense February 2018, additional functionality was added to the Qlik Sense Enterprise installation package. This function checks to ensure that the service account has the appropriate rights on the Service Cluster path that was entered during installation. In order to check the rights on the share, the installer uses Windows APIs which require an interactive logon rights in order to impersonate the service account. This requirement is expected in February 2018, April 2018, and June 2018. For the September 2018 release and newer the Option 3 documented here was added as a workaround.

 

Resolution:

 

For September 2018 and newer:

Option 1:

  • Open the Local Security Policy module
    • Right Click on Run > secpol.msc
  • Navigate to Local Policies > User Rights Assignment:
    • Allow log on locally: Ensure that the Qlik Sense Service account is provisioned this right
    • Deny log on locally: Ensure that the Qlik Sense Service account is not listed there, either directly by name or indirectly by group membership
  • Complete installation of Qlik Sense
  • (Optional): Revert the changes to the rights assignment post installation

Option 2:

  • Install Qlik Sense November 2017 and upgrade to the desired build of Qlik Sense

Option 3:

Install Qlik Sense using its silent installation syntax. See Performing a silent installation with the skipvalidation parameter.

Example:

Qlik_Sense_setup.exe -s userwithdomain=domain\svc_qliksense userpassword=ServiceAccountPassword123! dbpassword=DBPassword123! sharedpersistenceconfig=C:\Temp\spc.cfg skipvalidation=1

 

Option 4:

 

For February 2018 - June 2018 Releases:

Option 1:

  • Open the Local Security Policy module
    • Right Click on Run > secpol.msc
  • Navigate to Local Policies > User Rights Assignment:
    • Allow log on locally: Ensure that the Qlik Sense Service account is provisioned this right
    • Deny log on locally: Ensure that the Qlik Sense Service account is not listed there, either directly by name or indirectly by group membership
  • Complete installation of Qlik Sense
  • (Optional): Revert the changes to the rights assignment post installation

Option 2:

  • Install Qlik Sense November 2017 and upgrade to the desired build of Qlik Sense
Labels (1)
Version history
Revision #:
2 of 2
Last update:
‎2020-10-28 10:52 AM
Updated by:
 
Contributors