Skip to main content
Announcements
Global Transformation Awards submissions are open! SUBMIT YOUR STORY

Qlik Sense Multi-Cloud - App distribution failing - Qlik Sense API call with PowerShell

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Benoit_C
Support

Qlik Sense Multi-Cloud - App distribution failing - Qlik Sense API call with PowerShell

Last Update:

Sep 27, 2021 6:51:55 AM

Updated By:

Benoit_C

Created date:

Jul 9, 2021 10:09:01 AM

The following steps are helping to troubleshoot App Distrubution issue when failing with the below error (from C:\ProgramData\Qlik\Sense\Log\AppDistributionService\Trace) :

 

Exception thrown: "Response status code does not indicate success: 403 (AuthorizedOnly)

 

This error most likely means the network/proxy/firewall is refusing the access to the Tenant.

 

Environment

  • Qlik Sense multi-cloud (all version)

 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

 

Test the Qlik server connection through API with PowerShell 

In order to check what could be the real reason why the connection is not authorized you might want to test the connection with API.

In this article we will show how to do it with PowerShell.

 

1. Collect the ID of your deployment:

 

 

 

 

#ignore certificate/SSL errors
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {​​​​​
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {​​​​​
        return true;
    }​​​​​
}​​​​​
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

#use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$hdrs.Add("X-Qlik-user","UserDirectory=DOMAIN;UserId=qvservice")
$url = "https://qlikserver1.domain.local:5927/v1.0/deployments?xrfkey=12345678qwertyui"
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -Certificate $cert

 

 

 

 

Where qlikserver1.domain.local = the FQDN of your Qlik server

Where DOMAIN = the User Directory of your Qlik Sense service account

Where qvservice = the username of your Qlik Sense service account



The result will be like below:

powerhsel.png


2. Test an API call (https://YOURTENANT.eu.qlikcloud.com/api/v1/collections) from your server to your Tenant:

 

 

 

 

#ignore certificate/SSL errors
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {​​​​​
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {​​​​​
        return true;
    }​​​​​
}​​​​​
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

#use TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12


$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$hdrs.Add("X-Qlik-user","UserDirectory=DOMAIN;UserId=qvservice")
$url = "https://qlikserver1.domain.local:5927/v1.0/deployments/20078ee9-1478-405c-ac93-6b6f6ec4a919/token?xrfkey=12345678qwertyui"
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$response=Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -Certificate $cert
echo $response.access_token

$hdrs = @{}
$hdrs.Add("Authorization","Bearer "+$response.access_token)
$url = "https://YOURTENANT.eu.qlikcloud.com/api/v1/collections"
$response=Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs
echo $response.data

 

 

 

 

Where qlikserver1.domain.local = the FQDN of your Qlik server

Where DOMAIN = the User Directory of your Qlik Sense service account

Where qvservice = the username of your Qlik Sense service account

Where 20078ee9-1478-405c-ac93-6b6f6ec4a919 = the ID found in Step 1.

Where YOURTENANT.eu.qlikcloud.com = your Tenant hostname

 

If you have no issue with the distribution, the result will be like below:

tenant test.png


But in our case, as we are having the Appdistribution logs error Response status code does not indicate success: 403 (AuthorizedOnly)

Then the above API call should also fail and give us a better explanation about the issue.

In the below example the result show us an issue with the customer firewall:

 

 

 

 

 

McAfee Web Gateway - Notification

  

      Request Blocked

 

      McAfee Web Gateway has blocked your request because you have not been authorized and authorization is required.

   

    

      URL: break_line("https://YOURTENANT.eu.qlikcloud.com/api/v1/collections");

      User Name: qvservice