You may get the errors, "A call to SSPI failed, see inner exception" and "The certificate chain was issued by an authority that is not trusted". While they should have no impact on your end-users, you'd still like to clean them up from the logs.
Qlik Sense otherwise functions without issues.
Example error:
System.Proxy.Qlik.Sense.Communication.Communication.Tcp.StreamFactory 16 c2972806-6ae3-4559-8ebf-c7c2201335f3 xx\xxx Failed to authenticate stream as Server The client and server cannot communicate, because they do not possess a common algorithm↵↓A call to SSPI failed, see inner exception. NO-STACKTRACE↵↓ at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
These, unfortunately, are not Qlik Sense errors, but rather errors from Windows that Qlik Sense reports. You should also be able to see them in your Windows Application logs. For more information, please search out Windows Support.
See Security Support Provider Interface Architecture for additional details.
Possible root causes:
- A possible root cause for Windows reporting these errors is a missing or wrong certificate thumbprint.
If a third party certificate is being used in the environment, verify that the correct thumbprint is added to the Qlik Sense Proxy.
- It may also be related to the load balancer.
A common behaviour for a load balancer is a quite constant interval between two SSPI failures on Sense, generally because the basic load balances HTTPS health check doesn't complete the HTTPS handshake. The error "because they do not possess a common algorithm" is for this reason. The fast check can be done by changing the frequency of HTTP health check on the load balancer and seeing the corresponding interval change on the Qlik Sense side pay attention if multiple LB nodes are present.
