This guide provides step-by-step instruction on how to create an UDC that fetches users from AD in the most common way: default Active Directory UDC. The steps use LDAP Admin for testing the LDAP filter string.

For steps that do not require LDAP Admin see Qlik Sense: Configuring and testing LDAP filters for User Directory Connector  

For connecting AD using Generic LDAP connector, follow article How to connect to Active Directory using the Generic LDAP Connector

Detailed steps:

1. Confirm current server is Central Node and Repository Service is running correctly.

2. In order to confirm AD connectivity, download a 3rd party tool called "LDAP Admin" and run it on current server.

3. In LDAP Admin, create a connection.

4. For the detailed information, consult your Domain Administrator.

5. Make sure the connection passes test.

6. Once connected, go to Search > Custom > set "Path" to the top level > Input appropriate LDAP filter. Make sure there are some users fetched successfully.

For any issues happening before this point, please contact Domain Administrator. For any issues happening after this point, please contact Qlik Support.

[VERY IMPORTANT] Before moving forward, confirm if there is any RootAdmin assigned to a domain user in Qlik Sense.

If there is, make sure that user appears in the search result of above filter otherwise it will be marked as inactive and could potentially lock users out from QMC. Also follow How to avoid the RootAdmin(s) from becoming inactive. But this step should not be relied on so please still make sure the filter fetches current RootAdmin.

7. Go to QMC > User directory connector > Create new > Active Directory:

Name: Give this UDC a user-friendly name
Sync user data for existing users: Only uncheck this setting if you know the amount of users is reasonably low -- for instance, less than a thousand. If not sure, always keep it checked.
Path: LDAP://["host" used in step 3]
Username / password: Credentials used in step 3
Under certain conditions, these fields can be left blank.
Additional LDAP filter: Filter used in step 5

9. Hit Apply, go back and do a Sync. Confirm the Sync is successful.

10. Go to QMC > Users > Filter by "User directory". Confirm the users are fetched.

 Note: if "Sync user data for existing users" is checked in step 8, this list might be shorter than expected. That is because UDC would not fetch the users who are not already in the list.
Again, for any issues happening before step 6, please contact Domain Administrator. For any issues happening after step 6, please contact Qlik Support.

Related Content:

• Qlik Sense: Configuring and testing LDAP filters for User Directory Connector  

With content cache-controls, you can modify the cache behavior of the browser. The cache-control is used on endpoints handled by the repository service. This functionality is disabled by default and can be enabled by modifying the files Repository.exe.conf and capabilities.json, followed by a restart of the Qlik Sense Service Dispatcher and the Qlik Sense Repository Service.

Cache-control for endpoints handled by the repository service was introduced in Qlik Sense Enterprise on Windows February 2022 (Patch 1). In the May 2022 release further enhancements were made to extend caching policies for requests specific to the Hub service. Upgrade Qlik Sense to make use of the new features. 

In this article, we walk you through modifying the cache control policy and how to apply it globally across your Qlik Sense Enterprise on Windows environment. 

Before modifying the cache-controls

Please note the following before modifying cache control headers:

• It is generally not recommended to manually alter the cache-control headers.
• Make sure that you understand how the browser caching behavior is affected by the changes.

• Prior to applying any changes in a production environment, evaluate the risks of the changes.

Enable the feature

The feature is disabled by default.  For details, see Configuring content cache-control.

1. Open C:\Program Files\Qlik\Sense\Repository\Repository.exe.conf
   
   
2. Modify the following key and set it to true:
   
   <add key="ContentCacheControl" value="true" />
   
   Save the file.
   
   
3. Open C:\Program Files\Qlik\Sense\CapabilityService\capabilities.json
   
   
4. Add the following flag:
   
   {"contentHash":"2ae4a99c9f17ab76e1eeb27bc4211874","originalClassName":"FeatureToggle","flag":"QMC_CONTENT_CACHE_CONTROL","enabled":true}
   
   Save the file.
   
   
5. Restart the Qlik Sense Repository Service and Qlik Sense Dispatcher Service

Modify cache-controls in the Qlik Sense Management Console

1. After enabling cache-control, open the Qlik Sense Management Console
2. Go to Content Libraries
   
   
   
   
3. Open the Content Library you wish to configure
   
   
   
   
4. In the Associated Items menu, select Content cache-controls
5. Click Link new content cache control
   
   
   
   
6. Configure the cache-controls as per Content cache-controls  and click Add
   
   The cache control will automatically be linked.
   
   
   
   
7. Restart the Qlik Sense Service Dispatcher and Qlik Sense Repository Service

These are the predefined cache-control header values:

"CachePolicyEnum": {
    "values": [
        "0: Normal", -> public, max-age=3600
        "1: MustRevalidate", -> public, must-revalidate, max-age=0
        "2: PrivateNormal", -> private, max-age=3600
        "3: PrivateMustRevalidate", -> private, must-revalidate, max-age=0
        "4: NoStore" -> no-store
    ]
}

To modify the cache-control policy on a global level

You can create a global cache control policy (not tied to a content library) by using either the API or an SQL query against the QRS database. A restart of the Qlik Sense Service Dispatcher and Qlik Sense Repository service is required after.

API example:

POST /qrs/ContentCacheControl

{
    "id": "e07ca071-7d72-417d-93c2-d60687f747a8",
    "name": "api",
    "contentLibrary": null,
    "filter": "api",
    "maxAge": 3600,
    "cachePolicy": 4,
    "privileges": null
}

Database Query example:

INSERT INTO public."ContentCacheControls" ("ID", "CreatedDate", "ModifiedDate", "ModifiedByUserName", "Name", "Filter", "MaxAge", "CachePolicy", "ContentLibrary_ID")
VALUES ('e07ca071-7d72-417d-93c2-d60687f747a8', '2022-08-19 14:28:48.077709', '2022-08-19 14:28:48.077709', 'RDLUND\svc-silver', 'api', 'api', 3600, 4, null);

• Please update the values of "CreatedDate", "ModifiedDate", "ModifiedByUserName" keys and keep the rest of them unchanged. The ID can be any unique quid value.
• Please modify the value of "Filter" to a customised filter by using regex as per Content cache-controls.

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Related Content 

What's new in Qlik Sense February 2022 
What's new in Qlik Sense May 2022 

Environment

Qlik Sense Enterprise on Windows 

Internal Investigation ID(s):

QB-11410

This article describes how to resolve the NPrinting connection verification error:

x Qlik NPrinting webrenderer can reach Qlik Sense hub error

Environment

• NPrinting: all versions
• Qlik Sense: all versions
  • multi-node QS proxy environment
  • NLB (Network Load Balancer or Alias URL) server address used in front of cluster of Qlik Sense proxy nodes (which are linked to a Virtual Proxy. Proxy nodes will not work with NPrinting unless they are linked to a QS virtual proxy)

Resolution

• Although it is possible to use an NLB address in front of your QS proxy nodes that are used by NPrinting, the error generated in the NP connection verification process will appear as described in the article title
• This error can safely be ignored as this does not affect generation of NPrinting connections
• To eliminate the 'error' message, you would need to update your NPrinting connection to use a virtual proxy node address/computer name behind the NLB address . It must be the computer name and not an alias url).
• The proxy node used must be linked to a virtual proxy with the following required attribute
  
  • Microsoft Windows NTML authentication on the Qlik Sense proxy. (SAML and JWT are not supported. If your virtual proxy uses SAML or JWT authentication, you need to add a new virtual proxy with NTLM enabled for Qlik NPrinting connections).
  • A link between the proxy node and virtual proxy.
  • For all NPrinting to Qlik Sense requirements visit https://help.qlik.com/en-US/nprinting/Content/NPrinting/DeployingQVNprinting/NPrinting-with-Sense.htm#anchor-1

Related Content

• https://help.qlik.com/en-US/nprinting/Content/NPrinting/Troubleshooting/Verify-connection-to-Sense-errors.htm
• https://help.qlik.com/en-US/nprinting/Content/NPrinting/DeployingQVNprinting/NPrinting-with-Sense.htm#Requirem

Internal Investigation ID

• QB-2871

The Qlik Sense Repository Service can suddenly come to a situation where the CPU utilization of the central node increases beyond 95%, which causes effects in the Qlik Sense hub (sheets go blank and other unexpected slow behavior). The process that is consuming the maximum CPU can be seen as the Qlik Sense Repository Service. 

Identified in a Problem Investigation with R&D, one of the possible causes is related to large number number of open transactions in the repository database and locks held by large number of sessions impacting on the repository service communication with the repository database. 

Environment:

Qlik Sense Enterprise on Windows November 2017 and later versions 

Resolution: 

Setting the  idle_in_transaction_session_timeout  to 5 minutes would clear the threads the repository database and progresses the new threads in the queue

1. Connect to the QSR database using PGADMIN4
   • Reference: Installing and Configuring PGAdmin 4 to access the PostgreSQL database used by Qlik Sense or NPrinting
   • Qlik Support does not support the direct query and access to the underlying product's database hosted by PostgreSQL. If any issues arise for which direct queries are deemed responsible, Qlik Support will reserve the right to request that a previous working backup is restored to the system in order to bring back full operation or resolve any isolated issue(s). The steps described here in this article are only used by Qlik Support for troubleshooting purposes.
2. Right-click the QSR database and bring up the Query Tool. 
3. Run the following command to look at the default value of the idle_in_transaction_session_timeout. 
   

   SHOW idle_in_transaction_session_timeout;​

4. By default, this is set to 0. 
5. Update the value by running the following command: 
   

   alter system set idle_in_transaction_session_timeout to '5min';​

6. Confirm the value has been updated running the following: 
   

   SHOW idle_in_transaction_session_timeout;  
   # reload the configuration     
   select pg_reload_conf();​

   
   Example:
   
   
   
7. The same setting could be done by editing the following file:
   
   C:\ProgramData\Qlik\Sense\Repository\PostgreSQL\9.6\postgresql.conf
   
   By searching for:
   

   #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled​

   And changing it to:
   

   idle_in_transaction_session_timeout = 300000        # in milliseconds, 0 is disabled​

   Save, and then schedule a restart. 

Cause:

Changing the value, idle_in_transaction_session_timeout  terminates any session with an open transaction that has been idle for longer than the specified duration in milliseconds. This allows any locks held by that session to be released and the connection slot to be reused decreasing over CPU utilization. 

 

This article explains how to change the default locale in QlikSense Server when you create a new app on the hub.

Environment:

Qlik Sense Enterprise on Windows 

When you create a new application on the hub, the default locale is based on the settings on the QlikSense Server.

In order to change this setting, it is required to change the locale settings on the server for the account that is running the services.

If you run services as local system, you will need to use a tool such as Psexec in order to be able to execute the control panel as local system and change this settings. 

1. Open the IIS Manager console and navigate to (a) Default Website, (b) QvAjaxZfc, (c) Application Settings
   
   
   
   
2. Check for the entry: StrictRedirection with a value as false
   
   
   
   
3. If StrictRedirection entry isn't present, click (a) Add under the Actions menu, and then enter (b) StrictRedirection under Name: and False under Value:
   
   
   
   
4. Click the OK button, then test by restarting the browser running the AccessPoint and log in again.

Environment

QlikView Server May 2022 (12.70)
IIS
SAML authentication

A Qlik Compose task may fail during a full load but will run OK after a retry or when started at a different time. 

The task error log shows:

main 2023-10-30 08:39:51.396 [engine ] [ERROR ] [] Failed to create temporary file for /com/sun/jna/win32-x86-64/jnidispatch.dll library: C:\Windows\TEMP\jna--187113817\jna4331371764969383844.dll (The process cannot access the file because it is being used by another process)

Cause

The error indicates that a virus scan or malware scan was active while the Qlik Compose task was run. This locked the files needed. 

Resolution

Option One: Exclude Qlik Compose from virus scans

Exclude the Qlik Compose installation folder from the virus scan. The default path is: C:\Program Files\Qlik\Compose

Option Two: Schedule scans while no tasks run

Do not run any Qlik Compose task to run during scheduled virus scans.

The Qlik NPrinting Engine cannot resolve requests for tasks which include Qlikview Entity reports that output to PDF or is not printing QlikView Entity reports to PDF.

An error is displayed when attempting to edit or print the QlikView Entity report:

Error: QlikView NPrinting PDF Printer not installed or not properly registered

Or the report fails silently while the following is printed in the Qlik NPrinting logs:

resolution aborted with exception System.Runtime.InteropServices.COMException (0x80004005): Error HRESULT E_FAIL has been returned from a call to a COM component.↵↓   at Tracker.PDFXChange.IPXCControlEx.get_Printer(String pServerName, String pPrinterName, String pRegKey, String pDevCode)↵↓   at Qlik.Reporting.Printers.QlikPdfPrinter.Win64PrinterFactory.get_Item(String pServerName, String pPrinterName, String pRegKey, String pDevCode

When you install Qlik NPrinting, the Windows service “Print spooler” must be up and running. If it is disabled, the Qlik NPrinting Printer will not be added during the installation. Similarly, if a separate PDF-XChange driver is installed, the Qlik NPrinting engine install will not install the QlikView NPrinting PDF-Printer. 

Resolution

1. Verify if a separate PDF-XChange printer is listed in the Devices and Printers applet under  \Control Panel\Hardware and Sound\Devices and Printers 
2. If a separate PDF-XChange printer exists, manually uninstall it
3. Ensure the Spooler (Print Spooler) service is running via Windows Task Manager
4. Then re-Install Qlik NPrinting Engine
5. Confirm that the Qlik NPrinting printer driver appears in the Devices and Printers applet under  \Control Panel\Hardware and Sound\Devices and Printers

    

   

Related Content

NPrinting: PDF reports generation fails after disabling the Windows Spooler service

Environment

Qlik NPrinting 

Internal Investigation ID(s):

QB-14941

Description of Property "force-unused-resolvers-closure-policy":

• On the NP Server add a setting to a scheduler.config file that will force closure of the internal connections (qv.exe processes) once they have become idle. 
• Forcing resolver closures may be useful if engine machines have low RAM capability and/or in case of NP connections to Large* Qlik Applications.
• "0" is Default Value/Default NPrinting Behavior: a resolver will be closed only if it is the best option based on current load and what the internal algorithm determines
• "1" force closure of all open resolvers: when the system does not have open execution requests upon them
• "2" force closure of idle connections: if the connection is used occasionally - weekly, monthly, yearly etc. vs connections that a used with reports that run on a schedule trigger daily or hourly.

*NOTE: The term 'Large' is relative to the amount of RAM on your NP server. If low Ram like 64 or 128 GB RAM, then 1 GB QVW is 'large' since it may grow as large as 10 GB in memory. Then if you have 8 cores, it will open 16 processes each potentially with 10 GB each since NPrinting will use every core process by default to generate a single report. (https://help.qlik.com/en-US/nprinting/February2019/Content/NPrinting/DeployingQVNprinting/Performance.htm) 

Environment

Qlik NPrinting June 2018 or higher. Do not apply to previous versions. 

Resolution

NOTE: Please ensure to back up the scheduler.config file before proceeding

1. Stop the NPrinting services on the NPrinting Server. Please stop all NP engines if installed on different server computers.
2. Make a copy of "C:\Program Files\NPrintingServer\NPrinting\Scheduler\scheduler.config"
3. Launch Notepad as an admin and edit "C:\Program Files\NPrintingServer\NPrinting\Scheduler\scheduler.config"
4.  Add the following key:
   <add key="force-unused-resolvers-closure-policy" value="1" /> 
   right before the final  </appSettings> line
5. Save the file and restart all the NP services. 
6. Please restart all NP engines if installed on different server computers.

Note: Config file changes are overwritten upon upgrading NPrinting. Please apply these changes again after upgrading if the issues persist.
We recommend to follow this article in case the problem persists.

NPrinting tasks connecting to QlikView look stuck in Running status. The task manager on the Engine nodes shows some Qv.exe processes running, but the RAM and CPU usage does not change.

Environment

• Qlik NPrinting Nov 2019 SR1 and above 
• QlikView 

Resolution

1. Stop the NPrinting services
2. Open the file: 
   C:\Program Files\NPrintingServer\NPrinting\Scheduler\scheduler.config
3. Look for the line:
   

   <!-- <add key="qlikview-stuck-process-monitor-settings" value="300:10000:15:0.0005" /> -->​

4. Un-comment it as follow:
   

   <add key="qlikview-stuck-process-monitor-settings" value="300:10000:15:0.0005" />​

5. Restart the NPrinting services.

NPrinting Engine needs to open QlikView Desktop in the background to communicate with the source QVWs during the generation of the reports in the tasks. These Qv.exe processes can be seen in the task manager under the Detail tab.

For some reasons that are currently under investigation, it can happen that the QlikView processes stuck and are not able to send the needed information to NPrinting. Therefore the report creation can't proceed and the tasks remain in Running status without progress.

When the option in 'Resolution' is active, NPrinting monitors the status of the Qv.exe processes and close them when they are stuck. A new Qv.exe process will automatically opened to replace the killed one.

This solution (modifying ServiceConfiguration.xml) is only valid for versions 6.6 to 7.0.

SSL Certificates that are imported are being replaced by Replicate’s self-assigning certificate on reboot. 

Resolution

The Service Configuration parameters need to be changed to allow Qlik Replicate to stop testing the HTTP URL and overriding with a self-assigned certificate.

1. Locate the data directory for Qlik Replicate
   
   If the data directory was installed in a different location,  check by going to: 
   
   
   1. Services in the Start Menu
   2. Locating Attunity Replicate Server (May be named Qilk depending on installation)
   3. Right-click and choose Properties
      
      
      
      
   4. Data Directory location will be displayed after -d
      
      
2. Open the data directory
   
   
3. Open ServiceConfiguration.xml found in the Qlik Replicate data directory with any text editor
   
   Add the following to the ending of the service configuration:
   
   

   testHttps = "false"

   
   Full example:
   
   

   <ServiceConfiguration url="https://demo.com:443/attunityreplicate;http://demo.com:80/attunityreplicate" allowUnsafeProtocols="false" testHttps = "false" />

   
   
4. Save the file and reboot the machine
   
   
5. Clean the old SSL certificate and import the new certificate
   
   If the data directory is installed in a different location, add the data directory path to the certificate clean command:
   
   

   RepUiCtl.exe -d f:\data certificate clean​

Environment

Qlik Replicate 6.6 - 7.0

This article will guide you on how to check audit logs to see users' activity on object/sheet/app.

First of all, we would need to enable Audit Logs on Qlik Sense side, to do so, you can follow this guide.

Once done all the steps from the above's guide, then we can check all user activity on object/sheet/level through the Operations Monitor app (from Qlik Sense 2019 release).

In the example below we will see a graphic example of how to check this information from Audit Logs.

User with ID "f9b8183a-bc07-4571-8ccb-94f7a1c5d9db" navigates into app with ID "1e4a22db-7395-46b3-bd43-78bc4cef811f" and then clicks on sheet with ID "1e4a22db-7395-46b3-bd43-78bc4cef811f" and finally selects a dimension:

User performing selections on an app

As we enabled Audit Logs, all traces coming from users selections will be logged on this path location: C:\ProgramData\Qlik\Sense\Log\Engine\Trace\ServerName_Audit_Engine.txt

Now we can check the audit logs directly from Operations Monitor app:

1. Go to Qlik Sense Hub
2. Under streams on the left hand side, click on "Monitoring apps"
3. Then click on "Operations Monitor" app
4. Then we can filter the Audit Logs we enabled before so we can check which actions have been performed on sheet/app level by any user
5. In the example we can see in the gif below, we are performing the following selections to filter:
   1. We first filter by app (where we performed the selections on the bar chart)
   2. Then the gif also shows more filter examples that you could use to filter your data from Audit Logs

Checking logs through the Operations Monitor app

Furthermore, you could also check from logs the object ID and action performed on it on the following columns from C:\ProgramData\Qlik\Sense\Log\Engine\Trace\ServerName_Audit_Engine.txt:

Checking object ID and action performed

Environment

Qlik Sense Enterprise on Windows 

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

Related Content 

How to enable Audit Logging in Qlik Sense Enterprise on Windows

The user that runs the Qlik Sense Enterprise on Windows services is commonly referred to as the Qlik Sense Enterprise service account. The user is defined as the "Log On As" user in Windows service settings. 

In a multi-node deployment it is recommended to use the same domain user for all Qlik Sense services on all nodes the same deployment. 
NOTE: Qlik Sense Repository Database service is an exception, and is expected to always run as Local System.

Confirm the current Qlik Sense Enterprise service account;

1. Login to Windows Server on Qlik Sense node
2. Open Services manager in Windows
3. Sort by Name column
4. Scroll down to show all Qlik Sense related processes in the window
5. Confirm that all services except Qlik Sense Repository Database runs with the same "Log On As" user
6. Repeat above steps on all nodes in the same Qlik Sense site to confirm that the same user is applied 

When exporting data from a Qlik Sense App, the Printing Service creates a temporary file which is stored in a temporary folder. 

Exported XLSX files are stored in: C:\ProgramData\Qlik\Sense\Repository\TempContent.
The folder is in the node where the repository is installed.

The data is automatically deleted after 10 minutes by the Engine. 

This is not currently a configurable property.

Related Content

How to change how long temporary excel files are stored by the QlikView server 

Previewing or publishing a Qlik NPrinting PowerPoint reports fails with the message:

Some of row's cells lay outside column

Resolution

Remove any merged cells from the report.

Cause 

This is caused by the 'Aspose' library Qlik NPrinting uses for generating reports.

Related Content

Exception when deleting table column: class com.aspose.slides.PptxEditException: Some of column’s cells lay outside column | Aspose.com

Environment

• Qlik NPrinting May 2022 and above with PowerPoint reports

There has always been a noticeable gap in Qlik Replicate, where users had no means of importing just an endpoint into Qlik Replicate. This article provides a workaround to that limitation.

1. To start creating an endpoint, it is advisable to prototype something the product generates.
   
   Create a dummy task with a dummy endpoint (source or target) which resembles the endpoint you wish to import. This task or endpoint does not have to be perfectly filled out. See example below: 
   
   
   
   
2. Once the dummy task has been set up, export the task. See Exporting tasks.
   
   
3. Open the resulting JSON file. See Editing an exported (json) file. 
   
   
4. You will only need the following definitions from the task JSON payload:
   
   The "cmd.replication_definition"."databases" group and a "_version" member:
   
   

   {
   	"cmd.replication_definition":	{
   		"databases":	[{
   		...
   			}]
   	},
   	"_version":	{
   		...
   	}
   }

5.  Create the JSON definitions of the endpoint following the example below. This will be the endpoint you import. 
   
   

   Verify that your endpoint name is correct.  
   
   

   You may want to skip entering the password and add it later through the user interface. Inputting the password in the JSON is in plain text.

   {
   	"cmd.replication_definition":	{
   		"databases":	[{
   				"name":	"DB2z_Source",
   				"description":	"",
   				"role":	"SOURCE",
   				"is_licensed":	true,
   				"type_id":	"DB2ZOS_NATIVE_COMPONENT_TYPE",
   				"db_settings":	{
   					"$type":	"Db2zosSettings",
   					"additionalConnectionProperties":	"MaryHad=aLittleLamb",
   					"username":	"dimae",
   					"databaseAlias":	"DBALIAS",
   					"server":	"lpardns.mydomain.com",
   					"port":	5035,
   					"databaseName":	"LOCATION",
   					"CCSIDMapping":	"234,ibm-p100-2345",
   					"ifi306SpName":	"R4Z_UDF_ALL_NEW"
   				},
   				"override_properties":	{
   				}
   			}]
   	},
   	"_version":	{
   		"version":	"2023.5.0.213",
   		"version_major":	2023,
   		"version_minor":	5,
   		"version_revision":	213
   	}
   }

6. Save this content as a .JSON file. We recommend the /data/imports folder to make the import command simpler, but any folder and drive your user has access to can be used.
   
   
7. Import the definitions into the Qlik Replicate server.
   
   You can do so using either:
   • Qlik Enterprise Manager API
   • Qlik Enterprise Manager
   • Qlik Replicate UI, 
   • repctl CLI  command (on Windows):
     

     repctl importrepository json_file=NAMEOFFILE.JSON folder_name=DRIVE:\FOLDER

        

Related Content

Editing an exported (json) file
ImportAll | Enterprise Manager API
Exporting and importing tasks
Importing tasks

Environment

• Qlik Replicate
• Qlik Enterprise Manager

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

After upgrading from Windows 10 to Windows 11, or applying certain patches to Windows Server 2016, Qlik Replicate may not load in the browser.

The following error is displayed:

ERR_SSL_KEY_USAGE_INCOMPATIBLE

Environment

Qlik Replicate 2022.11 (may happen with other versions)
Qlik Compose 2022.5 (may happen with other versions)
Qlik Enterprise Manager 2022.11 (may happen with other versions)
Use of the self-signed SSL certificate
Windows 11
Windows server 2016

Resolution

This issue has to do with the self-signed SSL certificate. Deleting the existing one and allowing Qlik Replicate/Compose/Enterprise Manager to regenerate them resolves the issue.

1. Stop the services for all affected software. Example: AttunityReplicateConsole and QlikReplicateServer as well as Qlik Compose or Qlik Enterprise Manager
2. (This step only applies to Qlik Replicate) Rename the data folder under the SSL folder (\Program Files\Attunity\Replicate\data\ssl\data)
3. Delete self-signed certificates in the management console
   1. Open a command prompt and enter MMC to open the console
   2. Click the File drop-down menu and select Add/Remove snap-in
      

      
      

   3. Select Certificates and click Add
      

      
      

   4. Select Computer account. Click Next, then click Finish.
      
      

      

   5. Click OK to close the Add or Remove Snap-ins window
   6. Open Certificates and navigate to Local Computer, then Personal, then Certificates
      
      

      

   7. In the list of certificates shown, select the certificates where the "Issued To" value and the "Issued By" value equal your computer name and delete them.
   8. Close the Management Console.
      
      
4. Next we will remove the reference to the self-signed certificate in Qlik Replicate:
   
   
   1. Open a command prompt As Administrator
      
      For Qlik Replicate:
      
      Navigate to the ..\Attunity\Replicate\bin directory and then run the following command:
      
      RepUiCtl.exe certificate clean
      

      
      
      
      For Qlik Compose:

      Navigate to the ..\Qlik\Compose\bin directory and then run the following command:
      
      ComposeCtl.exe certificate clean
      
      

      For Qlik Enterprise Manager:

      Navigate to the ..\Attunity\Enterprise Manager\bin directory and then run the following command:
      
      aemctl.exe certificate clean
      
      
   2. Run the command: netsh http delete sslcert ipport=0.0.0.0:443
      
      Note, you may get a message that the command failed in the event there are no certificates bound to the port. This message can be ignored.
      
      
5. Restart the services.
   
   This will create a new data folder underneath the ssl folder for Replicate and generate a new self-signed certificate for all affected applications. You can delete the folder you renamed in step 2 above.

Qlik Replicate will now allow you to open the user interface once again.

If users still cannot log in and are returned to the log in prompt at each attempt, see How to change the Qlik Replicate URL on a Windows host.

Related Content:

How to change the Qlik Replicate URL on a Windows host 

The CPU affinity is not working as expected. The number of CPU affinity for the QVS does not match the cores in the Server.

Environment:

QlikView 
Generation 9 HP servers

 

This issue comes from a new BIOS setting introduced in Generation 9 of HP servers.  A new setting has been added in BIOS that needs to be modified to allow the QlikView services to properly detect all the CPU Cores in the machine.

This can be resolved by changing the BIOS setting "NUMA Group Size" to "Flat". The default setting for "NUMA Group Size" disables QlikView from properly detecting all CPU cores in the hardware.

Accessing the Qlik Sense Enterprise on Windows Hub and Qlik Sense Management Console using the hostname or FQDN, returns the error:

This site can't be reached
ERR_CONNECTION_TIMED_OUT

Accessing either the Management Console or Hub using localhost (localhost/qmc or localhost/hub) works. 

Resolution

The likely root cause is a wrong fixed IPv6 and IPv4 address in the pg_hba.conf file and hosts file. 

• The pg_hba.conf file is located in "C:\Program Files\PostgreSQL\<version>\data" of your PostgreSQL installation path.
  
  

  The paths in the instructions are adapted to a default PostgreSQL installation used as database on a dedicated server. A PostgreSQL database installed by Qlik Sense has the following database path: %ProgramData%\Qlik\Sense\Repository\PostgreSQL\<version>\.

• The hosts file is located in the "C:\Windows\System32\drivers\etc\" folder.

To resolve an IP mismatch:

1. Verify your current IP address using ipconfig in a Windows Command line
   
   
   

   
   fe80::1d08:f195:bee:****** is the IPV6 address

   172.16.16.**** is the IPV4 address

2. Compare the IP addresses to the ones listed in the hosts file and correct them if needed
   
   
   
   
3. Compare the IP addresses to the ones listed in the pg_hba file and correct them if needed
   
   

Cause

When a Windows Machine snapshot restore is performed, the IPs will change, and the network will be routed to old/existing IPs fixed in the above-affected config files (hosts and pg_hba.conf). This needs to be replaced with new IPs.

Environment

Qlik Sense Enterprise on Windows

Related Content

Qlik Sense - How to troubleshoot the issue to access QMC and HUB 

The Qlik Enterprise Manager has two licensed modules:

• Replication Management - Enables design, customization, monitoring, and control of Replicate tasks as well as Replicate Server management.

• Replication Analytics - Provides measurements of server and task metrics over a specific time-period.

To remove the Replication Analytics license:

A sqlite editor and knowledge on how to use it is required for this change, such as the DB Browser for SQLite: https://sqlitebrowser.org/

1. Take a backup of the Qlik Enterprise Manager repository. If the manual removal of the license fails, re-install Qlik Enterprise Manager and restore the backup without applying the Analytics license.
   
   To back up the repository, run the following command from a command line (as administrator)
   
   aemctl repository export -f C:\temp\qem_repo_202205.json -w
   

   The backup step is crucial. Always back up your setup before proceeding with database changes.

2. Stop the Qlik Enterprise Manager service
   
   
3. Using a DB Browser for SQLite, open cfgrepo.sqlite
   
   Default location: C:\Program Files\Attunity\Enterprise Manager\data\cfgrepo.sqlite
   
   
4. Go to Browse Data
   
   
5. Choose objects in the Table drop down
6. Locate the Replication Analytics record
   
   
7. Right-click the Replication Analytics records and click Delete Record
   
   
8. Click Write Changes in the main SQLite menu
   
   
9. Close SQLite 
   
   
   
   
10. Start the Qlik Enterprise Manager Service

To hide the Replication Analytics dashboard:

The main Analytics tab is shown by default, regardless of whether or not you have registered a Replication Analytics license. If you do not intend to use the Replication Analytics module, you can hide the tab by either clicking the Hide Analytics Dashboards link in the Analytics tab or by following the procedure described below.

This option is only available if no Replication Analytics license is registered.

To show/hide the main Analytics tab:

1. In the Qlik Enterprise Manager Console, Click Settings (cogwheel on the right)

2. Select the Licenses tab.

3. Select the Replication Analytics sub-tab.

4. Clear or select the Hide Analytics Dashboards check box as required.

   Information note

   

5. Click Save.

Related Content

Registering and managing licenses