Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jun 8, 2022 5:42:29 AM
Jan 15, 2017 8:04:40 AM
You may get the errors, "A call to SSPI failed, see inner exception" and "The certificate chain was issued by an authority that is not trusted". While they should have no impact on your end-users, you'd still like to clean them up from the logs.
Qlik Sense otherwise functions without issues.
Example error:
System.Proxy.Qlik.Sense.Communication.Communication.Tcp.StreamFactory 16 c2972806-6ae3-4559-8ebf-c7c2201335f3 xx\xxx Failed to authenticate stream as Server The client and server cannot communicate, because they do not possess a common algorithm↵↓A call to SSPI failed, see inner exception. NO-STACKTRACE↵↓ at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
These, unfortunately, are not Qlik Sense errors, but rather errors from Windows that Qlik Sense reports. You should also be able to see them in your Windows Application logs. For more information, please search out Windows Support.
See Security Support Provider Interface Architecture for additional details.
Possible root causes:
Hi Chris,
We are also getting these errors in our log and I checked our Thumbprint, it is correct only then we these errors then?
Regards,
Tauceef
Hello @tauceef as this is an error logged by Windows, this might be able to provide you with more information on what the root cause is: https://docs.microsoft.com/en-us/windows/win32/secauthn/sspi-status-codes
Should this not help you locate the problem, I'd recommend posting on our forums to get the input from our larger customer and engineer base!
We are facing this issue on a large number of machines in various locations, various windows-version, Sense-versions and setup.
AFAIK none of them are behind a load balancer. Most of them are single nodes. Some have a valid wildcard cert, with the correct thumbprint, some use the self-signed Sense cert.
All of them "work" but are feel sluggish. All logs are littered with messages that seems to have something with tls.
What do you recommend?
/lars
Hi @Skage ,
Did you find a solution to that issue?
I'm seeing a similar behaviour running the latest QS. I suspected Windows or external factors at this stage in the investigation.
No I have not.
The root cause is afik related to Kerberos but I have no clear picture of how to solve it.
For me it seemed that somehow the existing SSL cert had been changed/removed. We re-added the correct one and updated the Proxy thumbprint, and will monitor the Proxy logs.
Other possible leads were a change to the servers TLS settings, IISCrypto would be best to check that but wasn't needed for me at this stage.