Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Search our knowledge base, curated by global Support, for answers ranging from account questions to troubleshooting error messages.
After installing Qlik Sense Desktop February 2024 or upgrading from a previous version, the display scaling no longer works as expected.
Blank space is shown to the right and bottom of the Qlik Sense client:
This issue is caused by QB-25016. A fix will be deployed with the Qlik Sense Desktop May 2024 release.
Qlik Sense Desktop May 2024
Product Defect ID: QB-25016
The following messages will appear in the engine trace system logs:
QVGeneral: when AAALR(63.312046) is greater than 1.000000, we suggest using new row applicator to improve time and mem effeciency.
QVGeneral: - aggregating on 'RecruiterStats'(%DepartmentID) with Cardinal(87), for Object: in Doc: ffe8a825-b52e-4ceb-aea2-30de0f2c3306
There has also been reports of end users seeing the message "Internal Engine error" when opening apps when the error above is present.
Also for QlikView see article SE_LOG: when AAALR(1072.471418) is greater than 1.000000, we suggest using new row applicator to improve time and mem efficiency.
"AAALR" is a very low level concept deep in the engine. Generally speaking it means the average length of aggregation array. The longer this array is, the more memory and CPU power are to be used by the Engine to get aggregation results for every hypercube node.
When AAALR is greater than 1.0, normally the customer has a large data set and suffers slow responses and high memory usage in their app. In this case, Qlik Sense has a setting called DisableNewRowApplicator (default value is 1).
By setting this parameter to “0”, Qlik Sense will use a new algorithm which is optimized for large data set to do the aggregation, and will use much less memory and CPU power.
Changing this setting when they have AAALR warnings, making this change has resulted in drastic performance increases.
Possible setting values for DisableNewRowApplicator:
[Settings 7]
DisableNewRowApplicator=0
<---- the cursor should be here when saving the file
When executing a Talend Studio job using an SAP Connection, the job may fail with the following error:
Connection failure. You must change the SAP Settings.
java.lang.NoClassDefFoundError: com/sap/conn/jco/ext/DestinationDataProvider
at org.talend.repository.sap.SAPClientManager.init(SAPClientManager.java:121)
at org.talend.repository.sap.SAPClientManager.init(SAPClientManager.java:95)
at org.talend.repository.sap.ui.wizards.SAPConnectionForm$10.run(SAPConnectionForm.java:374)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:122)
Caused by: java.lang.ClassNotFoundException: com.sap.conn.jco.ext.DestinationDataProvider cannot be found by org.talend.libraries.sap_7.3.1.20211105_0234-patch
at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:511)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:422)
at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:414)
at org.eclipse.osgi.internal.loader.ModuleClassLoader.loadClass(ModuleClassLoader.java:153)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 4 more
The root cause is that studio initialised with the wrong version of jar, which needs to be replaced with the official sapjco3.jar file from SAP.
To resolve:
For further investigation on installing external modules to Talend Studio, please refer to Installing external modules
While using Qlik Sense Desktop on windows 10 with high DPI machine specifically screen resolution set to 150%, Sense app won't fit to the full screen resolution.
Environment:
Compatibility issue with Qlik Sense and the resolution of the monitor(s).
(Note: If Qlik Sense Desktop is already running, please close and then follow the steps for changing the compatibility or the DPI scaling)
This article aims to document how to create a customized CSS file to disable individual items in the Ajax toolbar, for example, More or Add Object.
In this approach to hide individual items in the Ajax toolbar we create a custom CSS file (the first step) and then call this custom file in a copy of the opendoc.htm (the second step).
Content:
.ctx-menu-action-FOLDOUTDOWN
{
display: none !important;
}
Do not alter the original opendoc.htm!
<link rel="stylesheet" type="text/css" media="screen" href="/QvAjaxZfc/htc/default.css" />
<link rel="stylesheet" type="text/css" media="screen" href="/QvAjaxZfc/htc/custom.css" />
<link rel="apple-touch-icon" href="/QvAjaxZfc/htc/Images/Touch/touch-icon.png" />
From here on, the customized opendoc_new.htm will be used when opening any document in the Ajax client, and the customized CSS will be applied.
If you want to apply the custom behavior only to specific documents:
These are the available toolbar items:
The information in this article is provided as-is and will be used at your discretion. Depending on the tool(s) used, customization(s), and/or other factors, ongoing support on the solution below may not be provided by Qlik Support.
This article provides a comprehensive guide to efficiently install the PostgreSQL ODBC client on Linux for a PostgreSQL source endpoint.
rpm -ivh postgresql13-libs-13.2-1PGDG.rhel8.x86_64.rpm
rpm -ivh postgresql13-odbc-13.02.0000-1PGDG.rhel8.x86_64.rpm
export LD_LIBRARY_PATH=/usr/pgsql-13/lib:$LD_LIBRARY_PATH
rpm -ivh unixODBC-2.3.7-1.el8.x86_64.rpm
postgresql13-13.2-1PGDG.rhel8.x86_64.rpm
When attempting to create a DataRobot connection in the Qlik Cloud tenant hub, the connection cannot be found
Navigating to Add New > Data connection > and searching for DataRobot does not find the data connection option.
Qlik Cloud
The information in this article is provided as-is and will be used at your discretion. Depending on the tool(s) used, customization(s), and/or other factors, ongoing support on the solution below may not be provided by Qlik Support.
Talend Cloud platform provides computational capabilities that allow organizations to securely run data integration processes natively from cloud to cloud, on-premises to cloud, or cloud to on-premises environments.
These capabilities are powered by compute resources, commonly known as Engines. This article covers the four basic types.
Content:
A Cloud Engine is a compute resource managed by Talend in Talend Cloud that executes Job tasks.
A capability in Talend Cloud platform that allows you to securely run data integration Jobs natively from cloud to cloud, on-premises to cloud, or cloud to on-premises environments completely within your environment for enhanced performance and security, without transferring the data through the Cloud Engines in Talend Cloud platform.
Java-based runtime (similar to a Cloud Engine) to execute Talend Jobs on-premises or on another cloud platform that you control.
A Remote Engine Gen2 is a secure execution engine on which you can safely execute data pipelines (that is, data flows designed using Talend Pipeline Designer). It allows you to have control over your execution environment and resources because you can create and configure the engine in your own environment (Virtual Private Cloud or on-premises). Previously referred to as Remote Engines for Pipelines, this engine was renamed Remote Engine Gen2 during H1/2020. It is a Docker-based runtime to execute data pipelines on-premises or on another cloud platform that you control.
A Remote Engine Gen2 ensures:
Cloud Engine for Design is a built-in runner that allows you to easily design pipelines without setting up any processing engines. With this engine you can run two pipelines in parallel. For advanced processing of data, Talend recommends installing the secure Remote Engine Gen2.
The following table lists a comparative perspective between the two engines:
Cloud Engine (CE) |
Remote Engine (RE) |
Consumes 45,000 engine tokens |
Consumes 9,000 engine tokens |
Runs within Talend Cloud platform – no download required |
Downloadable software from Talend Cloud platform |
Managed by Talend, run on-demand as needed to execute Jobs |
Managed by the customer |
No customer resources required |
Customer can run on Windows, Linux, or OS X |
Set physical specifications (Memory, CPU, Temp Disk Space) |
Unlimited Memory, CPU, and Temp Space |
Require data sources/targets to be visible through the internet to the Cloud Engine |
Hybrid cloud or on-premises data sources |
Restricted to three concurrent Jobs |
Unlimited concurrent Jobs (default three) |
Available within Talend Cloud portal |
Available in AWS and Azure Marketplace |
Runs natively within Talend Cloud iPaaS infrastructure |
Uses HTTPS calls to Talend Cloud service to get configuration information and Job definition and schedules |
Cloud Engine for Design (CE4D) |
Remote Engine Gen 2 (REG2) |
Consumes zero engine tokens |
Consumes 9000 engine tokens |
Build upon a Docker-compose stack |
Build upon a Docker-compose stack |
Available as Cloud Image and Instantiated in Talend Cloud platform on behalf of the customer |
Available as an AMI Cloud Formation Template (for AWS) and Azure Image (for Azure) |
Not available as downloadable software as this type of engine is only suitable for design using Pipeline Designer in Talend Cloud portal |
Available as .zip or .tar.gz (for local deployment) |
A Cloud Engine for Design is included with Talend Cloud platform, to offer a serverless experience during design and testing. However, it is not meant for production (that is, not for running pipelines in non-development environments). It won’t scale for prod-size volumes and long-running pipelines. It should be used for design teams to get a preview working and test execution during development. This engine should not be used for production execution. |
It is used to run artifacts, tasks, preparations, and pipelines in the cloud, as well as creating connections and fetching data samples. |
Static IPs cannot be enabled for CE4D within Talend Management Console |
Not applicable as REG2 runs outside Talend Management Console (that is, in Customer Data Center) |
Additional engines (CE or RE) may be required if you have one or more of the following use cases:
These use cases depend on the deployment architecture in the specific customer environment and layout of the Remote Engine at the environment or workspace level configurations. This would need proper capacity planning and automatic horizontal and vertical scaling of the compute Engines.
Question |
Guideline |
How much data must be transferred per hour? |
Each Cloud Engine can transfer 225 GB per hour. |
How many separate flows can run in parallel? |
Each Cloud Engine can run up to three flows in parallel. |
How much temporary disk space is needed? |
Each Cloud Engine has 200GB of temp space. |
How CPU and memory intensive are the flows? |
Each Cloud Engine provides 8 GB of memory and two vCPU. This is shared among any concurrent flows. |
Are separate execution environments required? |
Many users desire separate execution for QA/Test/Development and Production. If this is needed, additional Cloud Engines should be added as required. |
If a source or target system is not accessible through the internet:
If one of the systems is not accessible using the internet, then a Remote Engine is needed.
When single flow requirements exceed the capacity of a Talend Cloud Engine:
If the Cloud Engine is too small (for example, the maximum memory of 5.25 GB, temporary space of 200 GB, two vCPU, or the maximum of 225 GB per hour) then, a Remote Engine is needed.
If a native driver is required:
If the solution requires a native driver, which is not part of the Talend action or Job generated code, a typical case for this is SAP with the JCO v3 Library, MS SQL Server Windows Authentication, then a Remote Engine is needed.
Data jurisdiction, security, or compliance reasons:
It may be desirable or required to retain data in a particular region or country for data privacy reasons. The data being processed may be subject to regulations such as PCI or HIPAA, or it may be more efficient to process the data within a single data center or public cloud location. These are all valid reasons to use a Remote Engine.
Cloud Engine (CE) |
Remote Engine (RE) |
Remote Engine Gen 2 (REG2) |
Cloud Engines allow you to run batch tasks that use on-premises or cloud applications and datasets (sources, targets) |
Remote Engines allow you to run batch tasks or microservices (APIs or Routes) that use on-premises or cloud applications and datasets (sources, targets) |
The Remote Engine Gen2 is used to run artifacts, tasks, preparations, and pipelines in the cloud, as well as creating connections and fetching data samples |
Consumes 45,000 engine tokens |
Consumes 9,000 engine tokens |
Consumes 9,000 engine tokens |
No download required - Runs within Talend Cloud platform |
Downloadable software from Talend Cloud platform |
Downloadable software from Talend Cloud platform |
Managed by Talend, run on-demand as needed to execute Jobs |
Managed by the customer |
Managed by the customer |
No customer resources required |
Can run on Windows, Linux, or OS X |
Require compatible Docker and Docker compose versions for Linux, Mac, and Windows |
Set physical specifications (Memory, CPU, and Temp Disk Space) |
Unlimited Memory, CPU, and Temp Space |
Unlimited Memory, CPU, and Temp Space |
Require data sources/targets to be visible through the internet to the Cloud Engine |
Hybrid cloud or on-premises data sources |
Hybrid cloud or on-premises data sources |
Restricted to three concurrent Jobs |
Unlimited concurrent Jobs (default three) |
Unlimited concurrent pipelines (configurable) |
Available within Talend Cloud portal |
Available in AWS and Azure Marketplace |
Available as an AMI Cloud Formation Template (for AWS) and Azure Image (for Azure) |
Runs natively within Talend Cloud iPaaS infrastructure |
Uses HTTPS calls to Talend Cloud service to get configuration information and Job definition and schedules |
Uses HTTPS calls to Talend Cloud service to get configuration information and pipeline definition and schedules |
Talend Help Center documentation:
The Qlik Sense Engine allows for a hard max limit to be set on memory consumption.
Environment:
Qlik Sense Enterprise on Windows , all versions
The setting is located in the Qlik Sense Management Console > Engine > Advanced and can be configured as an option in the setting Memory usage mode.
See Editing an engine - Qlik Sense for administrators for details on Engine settings.
Even with the hard limit set, it may still be possible for the host operating system to report memory spikes above the Max memory usage (%).
The reason for that is because the Qlik Sense Engine memory limit will be defined based on the total memory available.
Example:
The memory working setting limit is not a hard limit to set on the engine. This is a setting that set how much we allocate and how far we are allowed to go before we start alarming on the working set beyond parameters
To take advanced of Batch Size provided performance boost on SQLserver, please make sure using sqlserver jdbc version > 9.2
Microsoft JDBC Driver for SQL Server version 9.2 and above supports using the Bulk Copy API for batch insert operations. This feature allows users to enable the driver to do Bulk Copy operations underneath when executing batch insert operations. The driver aims to achieve improvement in performance while inserting the same data as the driver would have with regular batch insert operation. The driver parses the user's SQL Query, using the Bulk Copy API instead of the usual batch insert operation. Below are various ways to enable the Bulk Copy API for batch insert feature and lists its limitations. This page also contains a small sample code that demonstrates a usage and the performance increase as well.
This feature is only applicable to PreparedStatement and CallableStatement's executeBatch()
& executeLargeBatch()
APIs.and our tJDBCOutput "Use Batch" take advantage of executeBatch()
Using bulk copy API for batch insert operation
After upgrading Qlik Enterprise Manager to 2022.11, increased connection errors to the Qlik Replicate server can be observed, with the connection terminating approximately every 30 minutes.
The following error is logged:
3 2023-12-19 06:09:06 [ServerDto ] [ERROR] Failed to get monitoring data for server: 172.29.73.29. Message:'SYS-E-SESS_LOST, The client is not connected to the Server. Please connect and then try again.'''.
This is a known defect. The fix will be included in the next possible Qlik Enterprise Manager release (tentatively 2023.11 SP03).
Fix Description: Added auto-reconnect flag where it was missing to allow QEM to better manage the connection drops and attempt to re-establish the EM<-->QR communication, especially in high-load situations.
The following are test patches that address this issue. Please contact support to obtain the test patch.
Qlik Enterprise Manager 2022.11.0.634
The user is unable to open the remote project. A pop-up error is displayed, reading:
An error occurred (java.langException: Can't find the update properties file at: C:\ProgramFiles (x86)\Talend-Studio\studio\p2\org.eclipse.equinox.p2.repository\cache\-xxxx)
In this example, the password of the proxy was changed and was then not updated synchronously in the Proxy setting of Talend Studio. The issue could be fixed by manually updating the user credentials of the proxy in studio -> preferences -> proxy setting.
Upgrade installation or fresh installation of Qlik Replicate 2023.11 (includes builds GA, PR01 & PR02), Qlik Replicate reports errors for MySQL or MariaDB source endpoints. The task attempts over and over for the source capture process but fail, Resume and Startup from timestamp leads to the same results:
[SOURCE_CAPTURE ]T: Read next binary log event failed; mariadb_rpl_fetch error 0 () [1020403] (mysql_endpoint_capture.c:1060)
[SOURCE_CAPTURE ]T: Error reading binary log. [1020414] (mysql_endpoint_capture.c:3998)
Upgrade to Replicate 2023.11 PR03 (coming soon)
If you are running 2022.11, then keep run it.
No workaround for 2023.11 (GA, or PR01/PR02) .
Jira: RECOB-8090 , Description: MySQL source fails after upgrade from 2022.11 to 2023.11
There is a bug in the MariaDB library version 3.3.5 that we started using in Replicate in 2023.11.
The bug was fixed in the new version of MariaDB library 3.3.8 which be shipped with Qlik Replicate 2023.11 PR03 and upper version(s).
support case #00139940, #00156611
Replicate - MySQL source defect and fix (2022.5 & 2022.11)
HSTS (HTTP Strict-Transport-Security response header) security check failed.
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL), unlike the insecure HTTP used alone.
Before adding HSTS to either the QlikView AccessPoint or the QlikView Management Console (QMC), set both up to use HTTPS. See for QlikView AccessPoint and QMC with HTTPS and a custom SSL certificate instructions.
Custom response headers can be set in both the QlikView WebServer (beginning with 12.30) and Microsoft IIS (all QlikView versions).
The custom header needed for HSTS is: Strict-Transport-Security
<Config>
...
<Web>
...
<CustomHeaders>
<Header>
<Name>Strict-Transport-Security</Name>
<Value>max-age=31536000</Value>
</Header>
</CustomHeaders>
</Web>
</Config>
For information on how to configure custom headers with Microsoft IIS, see Setting Custom HTTP Headers in IIS for QlikView. The site https://https.cio.gov/hsts/ gives information on how to setup the webserver to enable HSTS.
Testing can be achieved using any number of third party sites, such as:
This setting was introduced with QlikView 12.70 (May 2022) SR1.
QVManagementService.exe.Config Changes:
An automation will not automatically rerun or retry if it fails. You can, however, rerun a failed automation by using an additional automation.
Caution should be taken when implementing this solution to prevent running endless loops or reruns.
Before a solution can be implemented you must decide if the rerun should:
The block Retry Automation Run can be used to retry a specific run of the automation using the same, if any, inputs. This block is useful if the monitored automation has its run mode set to Webhook or Triggered. It is also possible to manually re-run these runs using the Retry button in the automations run history.
The block Run Automation can be used to initiate a new run of the automation. This block is useful if the automation that fails has the run mode set to Scheduled, and the inputs of the failed run wouldn’t be unique.
The following example shows how a failed automation can be retried using the Retry Automation Run. Depending on the specifics of the automation you want to rerun, you may want to use the Run Automation block instead.
The value for stopTime must be transformed using the Date formula so that the value may be used for comparisons. The output format must be changed to Unix format (U):
The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.
Talend execution server was stopped and an OutOfMemory error was found in the log file as follows:
2024-02-20 19:52:30,908 ERROR FileDirCleaner - Java heap space java.lang.OutOfMemoryError: Java heap space
This is a known defect and it has been fixed. Qlik Talend provides two solutions to solve this OutOfMemory error.
# Enable the process message publisher or not. true by default
org.talend.remote.jobserver.server.TalendJobServer.ENABLED_PROCESS_MESSAGE=false
TPSVC-16156
Talend Data Integration 7.3.1
This article goes over how to use LDAP filters and common examples when setting up Qlik Sense User Directory Connector (UDC).
Note: Qlik Support has no scope in assisting in composing an LDAP filter that fits the environment needs. If further assistance is needed please see How and When to Contact the Consulting Team? AD and Qlik Sense must be within the same Domain. If different domains refer to this article Users of a different Active Directory, but with membership to a group in the same Domain as the QlikSense server, are not synced
Click here for Video Transcript
Notes:
1. (Optional) Create a group that the filter will be based on. For example, "SenseUsers" group with 4 users is created in AD:
2. Recommended: Mark all RootAdmins as Delete Prohibited to prevent locking oneself out of the QMC, see How to avoid the RootAdmin(s) from becoming inactive
3. In this article, we will use native Windows tools to preview the LDAP query. Third party tools like LDAP Admin or LDAP Browser by Softerra are also valid tools to use.
4. On the Windows Server, open the Server Manager:
5. Click on Manage then Add Roles and Features:
6. If Before You Begin is displayed, click Next
7. On Installation Type, select Role-based or feature-based installation:
8. On Server Selection, select the server that you are working with
9. Next navigate to Features, and select the Active Directory Administrative Center option:
10. Confirm that this is the feature(s) that you want to install and allow the installation to complete
11. After the installation completes, Click Start then select Administrative Tools and open the Active Directory Users and Computers module
12. The main domain that the server is on should automatically be present, so right click on the domain and select Find:
13. In the Find section select Custom Search:
14. Write out your potential LDAP filter and ensure that it selects all the expected users:
15. Once you have an LDAP filter which works correctly outside of Qlik Sense, then navigate in the QMC to User Directory Connectors > edit the pre-existing Active Directory Connector > ensure that the Advanced section is displayed and paste in the LDAP filter. At this step you should unselect the Sync user data for existing users toggle:
16. The rationale for unselecting the Sync user data for existing users toggle is as follows. If you are already filtering the results from AD, then it makes sense to pull in the entire set of the filtered subset of users. This step isn't strictly speaking required but if you opt for the route of using an LDAP filter then it makes logistical sense to pull in all the users in the filtered subset.
17. Save the changes and go back to the root of the User Directory Connectors section and sync the altered Connector:
Qlik Sense: How to connect to AD using "Active Directory" UDC
How to get LDAP filters for Active Directory groups from users already in Qlik Sense
LDAP filter to only include all users in a certain Organizational Unit (OU) into Qlik Sense
Retrieve OU (Organizational Unit) users from Active Directory LDAP Filter
Video: Qlik Sense Platform - Qlik Management Console - User Directory Connector - Part 5
ADSI - Search Filter Syntax - Extended match operator / Nested groups rule
Qlik has identified a compatibility challenge in Qlik Sense Enterprise on Windows November 2023 and later releases, which causes unexpected results when using a NetApp as storage. See QMC Reload Failure Despite Successful Script in Qlik Sense Nov 2023 and above for details.
Qlik Sense Enterprise on Windows is reliant on the availability and performance of its server cluster share, where the Qlik Sense apps are stored.
In some instances, the file storage maybe not be compatible with the requirements of Qlik Sense, and this can lead to app corruption. An example of this may be a Distributed File System (DFS) managed share with replication enabled, which can have side effects such as app corruption, apps being removed from disk, and/or not correctly replicated.
In a Qlik Sense Enterprise on Windows site, a file share is used to store the binary app data including the data models and dashboard sheets. It can be located on one of the nodes in the Sense site or located on a dedicated file server for better resilience and performance.
Note: Each Qlik Sense Enterprise on Windows site requires its own file share with its own set of binaries, archives, extensions, etc. If two mirrored environments are configured to use the same files in only one share, besides potentially experiencing file locking issues, the Qlik Sense database will not have the correct references (metadata) pertaining to the information stored in the share. So you will have two Qlik Sense environments updating files on the shares and which are not aware of updates performed by the other environment(s). Performing such action is highly unsupported and will cause malfunction.
See Qlik Sense for Administrators: Persistence for more details on requirements for a file share.
In the case of DFS managed shares, the replication feature on file level can lead to inconsistency with the Qlik Sense apps stored on disk.
Provided that the requirements detailed in this document are met, Qlik Sense will not know the difference between one and the other, but choosing the wrong storage solution can result in bad performance and instability that can be very difficult to troubleshoot.
When your storage is on-premise, Qlik recommends relying on enterprise SAN solutions that can be managed and configured according to your needs. A NAS is better suited for serving files to client machines, while a SAN can be relied upon by multiple servers to give adequate throughput and latency to large blocks of storage. These are typically set up with a fiber channel backbone that can sustain the demand of a large and busy Qlik Sense environment.
For Virtual Private Cloud (VPC) deployments, be aware of multiple instance types and what type of workloads they are suitable for. A Windows-based File Server will run better in a Storage-Optimised virtual machine than a general purpose instance. Consider using block storage services instead of Windows-based, to take advantage of scaling and resilience offered by those providers.
Performance: For any network storage resource, the network backbone throughput and latency will directly influence performance of all file-based operations performed by the Qlik Sense platform on the configured file shares. Examples: first-time loading of apps from file share into Engine memory; saving and refreshing of app changes; log archiving, etc.
For Windows-hosted file shares, the sizing of the File Server machine will directly influence performance of those file shares. Using Administrative Shares instead of UNC paths can severely impact performance, upwards of 50% and causing other issues, such as File Locking.
BAD path example: \\FILESERVER\C$\QlikSenseServiceCluster
GOOD path examples: \\FILESERVER\QlikSenseServiceCluster or \\FILESERVER\QlikDataFiles
It is recommended to remove / disable Administrative shares to prevent unauthorised access to resource and potentially avoid configuration issues between these shares and Qlik Client Managed products.
Qlik recommends a maximum latency of 4 ms between Qlik Sense servers and any file shares. 10 Gbit networking is recommended, considering many parallel file read/write operations can be requested from multiple file share clients (Qlik Sense servers).
Note: Qlik cannot verify support for all storage vendors and Qlik recommends that customers test their preferred infrastructure. In the event of an issue arising that is attributed to storage, Qlik Support may request that customers attempt to replicate the issue on a Windows hosted file share.
A windows host is used to serve a file share with storage from local disks (NAS) or SAN.
Protocol support:
Qlik periodically runs network file share performance tests on Qlik Sense using WinShare, and FreeNAS with SMB 3.0. For more information on network file share solutions, contact your Qlik representative.
Analyzing endpoints for Qlik Sense Enterprise on Windows, using for example https://www.ssllabs.com/ssltest/analyze.html may indicate:
Qlik Sense Enterprise on Windows
Please review Qlik Sense Enterprise on Windows securityfor information on how to protect the Qlik Sense platform.
The security in Qlik Sense Enterprise does not depend only on the Qlik software. It also relies on the security and hardening of the environment that Qlik Sense operates in. This means that the security of, for example, the operating system and the cryptographic ciphers available have to be set up and configured to provide the security needed for Qlik Sense.
See Qlik Sense: TLS Support on what protocols and ciphers are supported in which version.
To mitigate POODLE attacks, one step is to completely disable SSLv3.0 on the server.
See Microsoft Security Advisory 3009008 for more instructions on how to accomplish this and the impact of doing so.
See Qlik Sense: TLS Support on what protocols and ciphers are supported in which version.
To mitigate POODLE attacks, one step is to completely disable all cipher suites with the string CBC. This needs to be carried out in the Windows OS.
Insecure renegotiation may be mitigated by disabling renegotiation. This can be done at the OS level by adding the following Windows registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"DisableRenegoOnServer"=dword:00000001
However, it is recommended to review all Schannel settings ( Secure Channel ) and that a Windows Administrator should configure it to meet their requirements.
See Qlik Sense: TLS Support on what protocols are supported in which version.
Note: Any changes at the OS level must be thoroughly tested as they may cause other software to no longer function as expected, or clients may be unable to communicate with the server. If any side effects are experienced, the changes should be reverted back to the original settings.
When using "Header authentication" method, after upgrading to latest Qlik Sense Enterprise versions or latest patch, you may encouter error like "400 bad request Invalid header in the request".
From the image above, notice that the request header is “X-Qlik-User-hdr = Domain\administrator" (in this example). Meaning that, in Qlik Sense virtual proxy settings, the "header authentication header name” was set to “X-Qlik-User-hdr".
This is working as designed (WAD).
R&D confirmed that, there was a security fix made back in August-September 2023, which disallow header authentication using header names that include "X-Qlik-User" in "header authentication header name".
Thus, if the "Header Authentication" setting was working before the upgrade and then the error "400 bad request Invalid header in the request" occurs after upgrading to latest version of Qlik Sense Enterprise or after installing a patch, please ensure that in the related virtual proxy, "header authentication header name” is not set to something like "X-Qlik-User-*" (Check for example QS Feb 2024 header name restrictions).
Information provided on this defect is given as is at the time of documenting. For up to date information, please review the most recent Release Notes, or contact support with the ID QB-25945 or QB-21731 for reference.
Product Defect ID: QB-25945, QB-21731 and HLP-15641