This article will outline how to successfully change the service account running Qlik Sense. 

Contents:

• Account Requirements: What the account needs access to.
• Prep work
• Changing Qlik Sense dependencies
• Change the service account
• External Dependencies
• Video Demonstration
• Related Content

Account Requirements: What the account needs access to.

1. Certificates
   • Access to the certificate(s) for the site
2. Files and file shares
   • Access to the installation path for Qlik Sense
   • Access to %ProgramData%
   • Access to C:\Program Files\Qlik
   • Access to the Service Cluster share
3. Access to external systems as data sources, e.g.
   • Databases
   • UNC shares to QVDs, CSVs, etc

Note: Many of the file level permissions would ordinarily be inherited from membership to the Local Administrators group. For information on non-Administrative accounts running Qlik Sense Services see Changing the user account type to run the Qlik Sense services on an existing site.

Prep work

Record the Share Path. Navigate in the Qlik Management Console (QMC) to Service Cluster and record the Root Folder.

 

 

 

Changing Qlik Sense dependencies

1. Stop all Qlik Sense services
2. Ensure permissions on the Program Files path (this should be provided by Local Administrator rights):
   1. Navigate to the installation path (default: C:\Program Files\Qlik)
   2. Select the Sense folder > Right Click > Properties > Security > Edit > Add
      1. Lookup the new service account
      2. Ensure that the account has Full control over this folder
3. Ensure permissions on the %ProgramData% path (this should be provided by Local Administrator rights):
   1. Navigate to the installation path (default: C:\ProgramData\Qlik)
   2. Select the Sense folder > Right Click > Properties > Security > Edit > Add
      1. Lookup the new service account
      2. Ensure that the account has Full control over this folder
4. Ensure access to the certificates used by Qlik Sense
   1. Start > MMC > File > Add/Remove Snap-In > Certificates > Computer Account > Finish
      1. Go into Certificates (Local Computer) > Personal > Certificates
      2. For the Qlik CA server certificate (under Certificates (Local Computer) > Personal > Certificates)
         • Right Click on the Server Certificate > All Tasks > Manage Private Keys > Ensure that the new service account has control
      3. If using a third party certificate, do the same
5. Ensure access to the Service Cluster path used by Qlik Sense
   1. Start > Computer Management > Shared Folders > Shares > Select the Share path
   2. Right click on the Share Path > Properties > Share Permissions > Add the new service account to have full control
   3. Open Windows File Explorer and navigate to the folder (e.g. C:\Share) > Right click on the folder > Security > Edit > Add the new service account to have full control
6. Ensure membership in the Local Groups that Qlik Sense requires:
   1. Start > Computer Management
   2. Navigate to Local Users and Groups > Local Groups
   3. Add the new service account as a member of:
      • Administrators (if using this configuration option)
      • Performance Monitor Users
      • Qlik Sense Service Users

Change the service account

1. Swap the account for all Qlik Services except the Qlik Sense Repository Database Service.
   1. Open the Windows Services Console
   2. Locate the services
   3. One by one open the Properties of the Service and change the accountover by using the Windows services control panel
2. Start all Qlik Sense Services
3. Access the QMC to validate functionality, preferably as a previously configured RootAdmin
4. Access the Data Connections section of the QMC
5. Toggle the User ID field and change the data connections used by the License and Operations Monitor apps to use the new user ID and password:
   
   
   
   
6. Add the RootAdmin role to the new service account*
   1. QMC > Users
   2. Filter on the new UserID > Edit
   3. Add RootAdmin role
      
      *If this account is not existing yet in Qlik Sense, you would need to try to connect to the Hub/QMC with this new account first, in order to be able to see it in QMC>Users.
      
      
7. Execute the License Monitor reload task
8. Inspect the configured User Directory Connectors and change the User ID and password combination if previously configured.

External Dependencies

1. Go into the QMC > Data Connections section and inspect all Folder data connections to determine all network shares that the service account needs access to. Either change them yourself or alert the necessary teams to provide both Share and NT level access to these shares.
2. Inspect all Data Connections and ensure that none use the old Service account and password. Follow up with necessary teams to provide access to data sources that used the old credentials.

Video Demonstration

Related Content

How to change the share path in Qlik Sense (Service Cluster) 

This article provides the steps needed to successfully upgrade Qlik Replicate installed on a Windows Cluster.

Environment:

• Qlik Replicate 2021.5 upgrade to 2021.11
• Qlik Replicate upgrade 2021.11 to 2022.5 or 2022.11

Resolution

1. Stop all tasks. Note that some tasks could take up to 20 minutes or more to stop. Monitor the process before you continue.
2. Assuming we are on Active Node A: from the Cluster Manager, take the Attunity Replicate Server and Attunity Replicate UI server Offline
3. Take a backup of all your task definitions on Node A:Qlik Replicate Command Line Console as Administrator
4. Run:

   repctl -d "YOUR_DATA_DIRECTORY_PATH" exportrepository

   Example: ~Program Files\Attunity\Replicate\bin> repctl -d "S:\Programs\Qlik\Replicate\data" exportrepository
   This example writes the backup to the Replication_Definition.json file.
    
5. Back up your data directory by copying it to a folder location outside the Qlik Replicate directories. You can skip copying the \logs subfolder.
6. On Node A: verify the installed version of Attunity Replicate. This can be done by reviewing the program installed through the Windows Add/Remove programs feature. Note: attempting to “upgrade” with an identical version will lead to Attunity Replicate being uninstalled.
7. Verify what account the Attunity (or Qlik) Windows Services are run with. Note the account credentials (username and password). After the upgrade, the account may have been switched back to Local System and the account credentials will need to be entered again. 
8. On the active node: perform the upgrade by running a newer version of the Qlik Replicate executable.
   • Right-click on the executable and run as administrator.
   • Follow the on-screen instructions.
9. On Node A:
   • Verify that the Qlik Replicate Server and Qlik Replicate UI Server are stopped in the Cluster Manager
   • Verify that the Qlik Replicate Server and Qlik Replicate UI Server are stopped in the Windows Services 
10. Move the Cluster service (this is the role that manages your share drive/Qlik service/and client access point) to another node (Node B in our example). This is going to move the shared drive and service to the other node (Node B).
11. On Node B: run the same upgrade as previously done on Node A, repeating steps 8 to 9.
12. Repeat the upgrade steps on any additional nodes. 
13. Verify the account running the Attunity Replicate Services on all nodes, changing the account back to the account which was used before the upgrade (see step 7).
14. From the Windows Cluster, bring the Attunity Replicate Server and Attunity Replicate UI Server back online.
15. Resume the tasks. Note: resume tasks at a rate of five (maximum) at a time until all have been launched.

Before you can start using Qlik Sense Desktop, you need to authenticate yourself against a Qlik Sense Enterprise server. You need to have a working network connection to enable authentication.

The following requirements need to be met:

• A functioning network connection to the Qlik Sense Enterprise Client-Managed Server or Enterprise SaaS/Business tenant.
• Use of a Professional license. Analyzer licenses do not support Desktop Authentication
  For legacy token license: User and Login Passes allow Desktop Authentication
• No TEST license. Test licenses disallow the use of authentication links 
• Compatibility must be met. See Qlik Sense Desktop patch process and compatibility with on-premise installs and Qlik Cloud .

After you have been authenticated once, internet access is not required to continue using Qlik Sense Desktop. However, you have to re-authenticate yourself if thirty days have passed since you last authenticated.

Environment

Qlik Sense Desktop 
Qlik Cloud 
Qlik Sense Enterprise on Windows 
Qlik Sense Business 

Related Content 

Starting Qlik Sense Desktop | Qlik Sense on Windows Help 
Starting Qlik Sense Desktop | Qlik Cloud Help
Configuring Qlik Sense Desktop authentication link 
How to authenticate Qlik Sense Desktop against SaaS editions 
How to authenticate Qlik Sense Desktop against a Qlik Sense Enterprise on Windows server  

A published artifact fails to deploy on Talend ESB Runtime Server with the following error message:

org.apache.aries.blueprint.ComponentNameAlreadyInUseException: Name 'dataSourceReferenceList' is already in use by a registered component

Resolution

Republishing this artifact from Studio could resolve this issue.

Cause

This issue is caused by improper building. The Blueprint component registry does not allow duplicate component IDs.

This may happen if:

• The same bean or reference ID appears more than once in your blueprint XML files, possibly due to multiple bundles or duplicate blueprint definitions loaded together.
• A bundle is stopped and restarted without the registry being properly cleared, causing lingering definitions.
• Two bundles define a bean/reference with the same ID (e.g., dataSourceReferenceList).

Related Content 

How to publish jobs, Routes, and Data Services (artifacts)created in Talend Studio to Talend Cloud

Environment

• Talend ESB 
• Talend Studio 

This article briefly introduces how to perform a clean-up to restore mistakenly deleted features for a damaged Remote Engine, without reinstalling and pairing the entire engine.

Before you begin

Your Remote Engine version must be v2.12.14 onwards.

How To

Solution 1: Graceful clean-up to repair a damaged Remote Engine

1. Stop the engine and please follow documentation about  running the graceful shutdown process of Remote Engine.
2. Remove the <RE_installation>/data/cache folder and restart the engine.
3. Alternatively, if your engine was installed using an archive delivery and used to be started by one of start-up scripts from <RE>/bin, such as start, karaf, trun, or run, please execute that script with the clean option to restart your engine. For example,

   ./trun clean

   The graceful cleanup process automatically identified the missing features required by a paired engine and re-install them.

Solution 2: Clean Remote Engine Cache

1. Stop remote engine

2. Delete the content in tmp folder <RE_installation>/data/tmp

3. Delete the content in cache <RE_installation>/data/cache

4. Restart remote engine

Related Content 

For more information about graceful cleanup remote engine, please refer to Help Documentation

graceful-cleanup-upon-engine-start-to-clean-up-and-repair-damanged-engine

Environment

Talend Cloud 

This article provides a solution for the Qlik Replicate Endpoint server not starting as expected. Symptoms of this include:

• Endpoints are not listed in the Create new endpoint dialogue
• The message One or more Endpoint Servers cannot be reached is displayed
• The Endpoint Server appears in an "Error" state

About the Endpoint Server

The Endpoint Server is a Qlik Replicate JAVA subcomponent that will only start when an endpoint requiring it is enabled in the Qlik Replicate license. Most endpoints will not need it (as they are written in C). A list of those that do can be found in Endpoint Server | Supported Endpoints.

For more information about the Qlik Replicate Endpoint Server, see Endpoint Servers | help.qlik.com.

Symptoms

Sometimes, when enabling Qlik Replicate endpoints such as SAP, Salesforce, or MongoDB, either explicitly or by importing an all-open license, the Endpoint Server Component may not start up on a Linux Server.

One or more Endpoint Servers cannot be reached

When looking at Endpoint Servers in the Qlik Replicate UI and navigating to Server > Endpoints (A) > Endpoint Servers (B), you may see that it failed and might have even been registered on port 0 (C) : 

Endpoint not available at endpoint creation

The expected endpoint may not be available, even if it has been correctly enabled in the license. 

Resolution

1. Review the parameters with which the /tmp folder is mounted on the server:

   sh-4.4$ cat /proc/mounts | grep /tmp
   tmpfs /tmp tmpfs rw,nosuid,nodev,noexec,seclabel,size=32G,nr_inodes=1048576,mode=1777 0 0

2. Allocate a temporary folder in the Qlik Replicate file system and make sure it’s under the same owner as the rest of the product libraries. Generally, this will be the “attunity” user ID:

   sh-4.4$ mkdir /opt/attunity/tmp
   sh-4.4$ chown attunity:attunity /opt/attunity/tmp
   sh-4.4$ chmod 755 /opt/attunity/tmp

3. Take a backup of your current /opt/attunity/replicate/bin/site_arep_login.sh
4. Update the /opt/attunity/replicate/bin/site_arep_login.sh adding a line:

   export AT_JVM_OPT=-Djava.io.tmpdir=/opt/attunity/tmp

5. Stop the Qlik Replicate server
6. Load the new settings:

   sh-4.4$ cd /opt/attunity/replicate/bin
   sh-4.4$ source arep_ligin.sh

7. Start the Qlik Replicate server

If the endpoint enablement prerequisites have been fully fulfilled, you will now see the new endpoints in the endpoint list, and the endpoint server will appear active and assigned to a non-zero port on the server:

Cause 

This issue is typically caused by the default Linux /tmp file system being mounted with the noexec option, which prevents any executable (.so or .jar) from running from any sub-folder on this mount point.

Related Content 

Endpoint Servers

Internal Investigation ID(s)

SUPPORT-4605 

Environment

• Qlik Replicate

The Feature Manager within Studio 8 is used for applying patches and installing new features that may not have been installed, depending on the Monthly Patch that is applied at that moment. There may be 1 or 2 URL's within the Update Settings itself (Eclipse update system is based on a system named "p2", and one or two P2 URL can define the full update). .

Base URL: Original 8.0.1 content, which contains additional features and dependencies are not included in the default Studio instance (https://update.talend.com/Studio/8/base)

Update URL: Incremental updates which contain new/improved functionalities along with fixes (For example, https://update.talend.com/studio/8/updates/R2025-07v2/).

All Talend Studio Releases before R2024-05 must have the P2 Base URL, which is set by default to: https://update.talend.com/Studio/8/base

If the Studio instance(s) are in an air gapped environment, or a connection to above URLs (or in general) to our update site is not possible from where Studio is installed on, this article briefly introduces how users can work around these network issues in offline mode to update Talend Studio manually.

Offline or Manual Update Process

Updating older Studio 8.0.1 Patch releases to a target Patch Release prior to R2025-05

If the Studio instance(s) are in an air gapped environment, or a connection to above URLs (or in general) to our update site is not possible from where Studio is installed on, this article briefly introduces how users can work around these network issues in offline mode to update Talend Studio manually.

1. Download P2 repo archive
   The P2 Base can be obtained from either the TMC Downloads Page (within the "Continuous Integration (CI) for cloud" section) for cloud customers; For On-Prem Customers, at the bottom of the license email (Providing Download Links for the Modules), there is a section titled "Local update sites for installation without internet:". There is a link to download a zip file that includes the Full P2 Repository, which is called:
   

   Talend_Full_Studio_p2_repository-2021109_1610-V8.0.1.zip

2. To point the settings for the url to the archive file that is on the instance, please use the below format:
   

   jar:file:/<path to archive on disk>/Patch_20240621_R2024-03_v1-8.0.1.zip!/

   The extra / at the beginning and end as well as the !

    

Updating older patch releases of Studio 8.0.1 to target Patch Release R2024-05 or later

If the target Patch release for the Studio in question is R2024-05 or higher, the patch archive will act as both Base_URL and Update_URL; as the P2 base now has shifted to the specific patch being applied.

For all more recent patch releases, Studio will only need to use the above format for the Update_URL; additionally, users can follow alternatives instructions on Qlik's patch release notes, which will translate to the same format by the application:

1. Obtain the patch zip file from Qlik Support

2. Create a folder named "patches" in the Studio installation directory and copy the patch .zip file to this folder.

3. Restart the Studio instance.

4. If the Studio instance supports installing features using the Feature Manager wizard, log in to a project desired, and navigate to the wizard to proceed with the patch installation. Otherwise, click OK when prompted to install the patch.

Environment

Talend Studio 

The following error is found in log when working on a Git project in Talend Studio:

org.talend.commons.exception.CommonExceptionHandler - Branches configuration is out of sync, can't find the specified branch ****, will try to recover it using it's remote branch. 

Resolution

In order to fix this, please modify the remote repository as well.
For example, if you delete the branch on Talend Studio, please delete it from the remote repository as well.
If you are using Github, it would mean deleting the branch on Github from the following link:

https://github.com/[repository name]/branches

or using Git command tools like Git Bash to delete the branch from the remote repository.

Cause

The git branch structure in Talend Studio does not match the repository in the actual Git repository.
This usually occurs when you modify the branch in the local project, but it is not modified the same way in the remote repository.

Environment

Talend Studio 

By default, a Remote Engine uses the Java version of its environment to execute Jobs or Microservices. With Remote Engine v2.13 onwards, Java 17 is mandatory for engine startup, but compatibility with JDK 8 or 11 may still be necessary.
Importantly, although Java 17 is a mandatory requirement for the new engine to start, when it comes to running Jobs or Microservices, you retain the flexibility to either use the default Java 17 version or choose older Java versions, through straightforward configuration of the engine.

This article briefly introduces how to configure different Java versions to run Jobs or Microservices in Talend Remote Engine for compatibility configuration.

How To

1. Adaptive mode: Configuring Remote Engine to dynamically select Java version

   Recommended for engines starting from v2.13.9 (released in R2025-01): from that release, Remote Engine adopts a dynamic JVM selection mode. This mode automatically adapts the engine to the correct Java version to run Jobs or Microservices. See Adaptive mode: Configuring Remote Engine to dynamically select Java version

2. Specifying a Java version to run Jobs or Microservices 

   This approach provides an alternative to the adaptive mode if the Adaptive mode is not available to your engine version. It allows you to run the artifacts designed with Java versions older than Java 17. (a solution is to use Java 8 or Java 11 to execute the job even if the RE is using Java 17).

   JDK compiler compliance level in studio was used when code built and Remote Engine relies on JAVA_HOME. 

   If your engine is v2.13 or later but still older than v2.13.9, you cannot upgrade it to the latest version and follow this procedure to specify the Java version to be used for executions. 

   This approach is not dynamic and only one version can be specified. See Specifying a Java version to run Jobs or Microservices

Related Content

For more information about configuring java version for job execution or microservice execution, please refer to 

configure-java-versions-for-job-execution-or-microservice-execution

Environment

• Talend Cloud 
• Talend Studio 

The PostgreSQL installation kit is included in the Qlik Enterprise Manager (QEM) installation package. However, this version may be outdated or contain known vulnerabilities. Which PostgreSQL versions are supported by Qlik Enterprise Manager?

The Qlik Enterprise Manager supported PostgreSQL version is documented in your version's Software Requirements.

While PostgreSQL is bundled with the QEM installation kit, we recommend installing a later version officially supported by PostgreSQL.

PostgreSQL is not a Qlik product. If your PostgreSQL version requires an upgrade due to the end of its support lifecycle, identified vulnerabilities, or other considerations, please refer to the PostgreSQL website for further instructions on how to upgrade.

Environment

• Qlik Enterprise Manager

After following the Qlik article Configure Qlik Sense to use a dedicated PostgreSQL server and update the connection string to point to the new host, Qlik Sense appears to work fine at first. However, access by the Qlik Sense Service account to the old host is registered or errors are found in the logs similar to what is found in the example below:

In the AppDistributionService trace logs:

307308 20210104T170444.859+01:00 INFO QLIKSERVER 70 DOMAIN\serviceaccountname Retry attempt: 10/10. Previous result: "No such host is known". 304796
307309 20210104T170451.812+01:00 ERROR QLIKSERVER 70 DOMAIN\serviceaccountname Error processing message queue notifications. System.Net.Sockets.SocketException (11001): No such host is known
at System.Net.Dns.HostResolutionEndHelper(IAsyncResult asyncResult)

Resolution

There are a few new services starting on the September 2019 release of Qlik Sense which did not exist in June 2018. Some of them were also removed/replaced on the new release.

Option 1 (recommended): Updating the files using PowerShell:

1. Stop all the Qlik Sense services
2. Open a PowerShell command prompt in administrator mode and then, either run the following:
   
   

   # Set the Installation Directory for Qlik Sense
   $installDir = 'C:\Program Files\Qlik\Sense\'
   #change that to the new database server
   $newdatabasehostname='new database server'
   # Specify the new password for the qliksenserepository account
   $password = 'MyNewPassword'
   # Find all Configure-Service.ps1 scripts in the installation directory and execute them
   $files = Get-ChildItem -Path $installDir -Include Configure-Service.ps1 -Recurse
   foreach ($file in $files) {
       $ScriptToRun=$($file.FullName)
       &$ScriptToRun $newdatabasehostname 4432 qliksenserepository $password -postgresHome 'D:\Qlik\Sense\Repository\PostgreSQL\12.5'
   }​

   
   In case of having a custom path Qlik Sense installation, change the last line to:

&$ScriptToRun $newdatabasehostname 4432 qliksenserepository $password -postgresHome 'D:\Qlik\Sense\Repository\PostgreSQL\12.5'
}

Where "D:\Qlik\Sense" is Qlik Sense installed folder and where "12.5" is the Postgres version installed.

Option 2: Manually update each file

Change to the following directories with the commands below before running the Configure-Service.ps1 command listed further below.

Repeat the step for every subfolder mentioned below.

Note: If you previously upgraded you may find folders in your system which are not listed here. Ignore them. No steps need to be taken.

Qlik Sense February 2021 and later.

Locate Configure-Service.ps1 in C:\program files\Qlik\Sense\.

It lists all services that need to be changed.

Qlik Sense June 2018:

Qlik Sense September 2019:

Example:

For AppDistributionService...

PS C:\> cd 'C:\Program Files\Qlik\Sense\AppDistributionService'
PS C:\Program Files\Qlik\Sense\AppDistributionService> .\Configure-Service.ps1 DatabaseHost Databaseport DatabaseUser DatabasePassword

e.g. .\Configure-Service.ps1 newdatabasehostname 4432 qliksenserepository Password123!

The answer will look similar to this:

AppDistributionService configuration started.
WARNING: Skiping the database initialization. No superuser or password specified.
Reading the settings file.
Saving the modified settings.
Exporting the copy of the invocation parameters.
AppDistributionService configuration successful.

Related Content:

• Configure Qlik Sense to use a dedicated PostgreSQL server

This article documents how to configure a Qlik tenant to send emails using MS365.

Prerequisite

An account with an active Office365 license is required for this setup.

MS365 Setup

First, we configure the MS365 tenant to support the configuration.

Once you have an account set up on the MS365 side, let's go to the Microsoft Tenant settings:

1. Open the Microsoft Entra admin center (Home - Microsoft Entra admin center)
   1. Go to Overview
   2. In the overview screen, you will see your Tenant ID. Copy this value, you will need it to configure your Qlik Cloud Tenant.
   3. Click Application to register an application
   4. Click + New registration
      
      
      
      
   5. Name your application
   6. Select the Supported account type that matches your needs
   7. Click Register to register your application
2. Create a Client Credential 
1. Click Certificates & Secrets
2. Click + New client secret
3. Describe (name) the client secret and select its expiration value
4. Click Add to finish this step
   
   
   
   
5. After creating your client secret, the following is displayed:
   
   
   
   
6. Copy the value and save it in a safe place. You will need it to complete your Qlik Cloud Tenant setup.
   
   
3. Enabling the right APIs:
   1. Go to API Permissions
   2. Click + Add Permission
   3. Select Microsoft Graph
   4. Select Application permissions
   5. In the Select permissions field look for Mail.Send
   6. Select the Mail.Send permission

      Setting Application permissions to Mail.Send grants the application to use any email address from your organization.

   7. Click Add permission
   8. Click Grant admin consent for <MS Tenant Name> to finish this step
      
      
      
      
4. Select an Owner for the application
   1. Click + Add Owner
   2. Type the name of the User who will be the Owner
   3. Mark the user and click Select 

Qlik Cloud Tenant Setup

1. Open your Administration activity center (see Accessing the Administration activity center)
2. Go to the Email Provider section
3. Select Microsoft 365
   
   
   
   
4. Insert all previously set information:
   1. Sender email address: Insert an email registered on Microsoft. This can be your email address or another dedicated account created specifically for this purpose. 
   2. Tenant ID: Obtained from the Microsoft Entra Overview section.
   3. Client ID: The Application (client) ID you previously created.
   4. Client secret: The Client secret value which you saved in the previous setup steps.
      
      
      
      
5. Save the changes
6. Send a test email

Environment

• Qlik Cloud Analytics
• Microsoft Office 365

The information in this article is provided as-is and will be used at your discretion. Depending on the tool(s) used, customization(s), and/or other factors, ongoing support on the solution below may not be provided by Qlik Support.

Question: Does Qlik Sense Enterprise on Windows support being deployed on a KVM (Kernel-based Virtual Machine)?

Answer: Currently, Qlik Sense Enterprise on Windows does not support the use of a KVM. Refer to the System Requirements and Virtualization Best Practices In QlikView And Qlik Sense for details. 

Environment

• Qlik Sense Enterprise on Windows

Question: If I have previously unbundled PostgreSQL from Qlik Sense Enterprise on Windows, can I host other databases on the same server?

Answer: While technically possible, Qlik does not advise running additional databases on the same host or from the same PostgreSQL instance. Qlik Sense Enterprise on Windows can create demanding read/write traffic against the database, meaning the PostgreSQL instance should remain dedicated.

For information on how to unbundle PostgreSQL from Qlik Sense Enterprise on Windows, see Upgrading and unbundling the Qlik Sense Repository Database using the Qlik PostgreSQL Installer.

Environment

• Qlik Sense Enterprise on Windows

When attempting to run a task containing a SQLite component on Remote Engine, it receives the following error relating to SQLite connections: 

tDBConnection_2 Error opening connection java.sql.SQLException: Error opening connection at org.sqlite.SQLiteConnection.open(SQLiteConnection.java:283) at org.sqlite.SQLiteConnection.

Caused by: org.sqlite.NativeLibraryNotFoundException: No native library found for os.name=Linux, os.arch=x86_64, paths=[/org/sqlite/native/Linux/x86_64:/usr/java/packages/lib:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib]

Resolution

To resolve this, please ensure that the system’s temp directory has both write and execute permissions for the user running the process. Configuring the JVM to use a custom temp directory with appropriate permissions by setting up the run profile.

For example:

-Djava.io.tmpdir=/media/local/temp    Where "media/local/temp" has executable permissions

Cause

This issue arises because the SQLite JDBC driver (such as sqlite-jdbc) includes native libraries (like libsqlitejdbc.so) within the .jar file. At runtime, these native libraries are extracted to a temporary directory (usually /tmp or the path defined by the java.io.tmpdir system property) and loaded by the JVM to enable the connection to the SQLite database. If the temporary directory does not have the appropriate executable permissions, the driver fails to load the native libraries, leading to a connection error.
 

Environment

• Talend Cloud 
• Talend Data Integration 

This article describes how to resolve the NPrinting connection verification error:

x Qlik NPrinting webrenderer can reach Qlik Sense hub error

Environment

• NPrinting: all versions
• Qlik Sense: all versions
  • multi-node QS proxy environment
  • NLB (Network Load Balancer or Alias URL) server address used in front of cluster of Qlik Sense proxy nodes (which are linked to a Virtual Proxy. Proxy nodes will not work with NPrinting unless they are linked to a QS virtual proxy)

Resolution

• Although it is possible to use an NLB address in front of your QS proxy nodes that are used by NPrinting, the error generated in the NP connection verification process will appear as described in the article title
• This error can safely be ignored as this does not affect generation of NPrinting connections
• To eliminate the 'error' message, you would need to update your NPrinting connection to use a virtual proxy node address/computer name behind the NLB address . It must be the computer name and not an alias url).
• The proxy node used must be linked to a virtual proxy with the following required attribute
  
  • Microsoft Windows NTML authentication on the Qlik Sense proxy. (SAML and JWT are not supported. If your virtual proxy uses SAML or JWT authentication, you need to add a new virtual proxy with NTLM enabled for Qlik NPrinting connections).
  • A link between the proxy node and virtual proxy.
  • For all NPrinting to Qlik Sense requirements visit https://help.qlik.com/en-US/nprinting/Content/NPrinting/DeployingQVNprinting/NPrinting-with-Sense.htm#anchor-1
• If a DNS name is involved and the Qlik Sense certificates are generated using that DNS name, try disabling the "Apply Qlik Sense server certificate validation" checkbox.

Related Content

• https://help.qlik.com/en-US/nprinting/Content/NPrinting/Troubleshooting/Verify-connection-to-Sense-errors.htm
• https://help.qlik.com/en-US/nprinting/Content/NPrinting/DeployingQVNprinting/NPrinting-with-Sense.htm#Requirem

Internal Investigation ID

• QB-2871
• QB-25870

The following release notes cover the Qlik PostgreSQL installer (QPI) version 1.2.0 to 2.0.0.

Content

• What's New
• 2.0.0 May 2025 Release Notes
• Known Limitations (2.0.0)
• 1.4.0 December 2023 Release Notes
• Known Limitations (1.4.0)
• 1.3.0 May 2023Release Notes
• Known Limitations (1.3.0)
• 1.2.0 Release Notes

What's New

• The PostgreSQL version used by QPI has been updated to 14.17
• An upgrade of an already upgraded external instance is now possible
• Support for an upgrade of the embedded 14.8 database was added
• Silent installs and upgrades are supported beginning with Qlik PostgreSQL Installer 1.4.0 and later. QPI can now be used with silent commands to install or upgrade the PostgreSQL database. (SHEND-973)

2.0.0 May 2025 Release Notes

Known Limitations (2.0.0)

• Rollback is not supported.
• The database size is not checked against free disk space before a backup is taken.
• Windows Server 2012 R2 does not support PostgreSQL 14.8. QPI cannot be used on Windows Server 2012 R2.
• QPI will only upgrade a PostgreSQL instance that only contains Qlik Sense Databases (QSR, SenseServices, QSMQ, Licenses, QLogs, etc.)

1.4.0 December 2023 Release Notes

Known Limitations (1.4.0)

• QB-24990: Cannot upgrade PostgreSQL if Qlik Sense was installed in a custom directory such as D:\Sense. See Qlik PostgreSQL Installer (QPI): No supported existing Qlik Sense PostgreSQL database found.
• Rollback is not supported.
• Database size is not checked against free disk space before a backup is taken.
• QPI can only upgrade bundled PostgreSQL database listening on the default port 4432. Using QPI to upgrade a standalone database or a database previously unbundled with QPI is not supported.
• Cannot migrate a 14.8 embedded DB to standalone
• Windows Server 2012R2 does not support PostgreSQL 14.8. QPI cannot be used on Windows Server 2012R2.

1.3.0 May 2023 Release Notes

A Talend Spark Stream Job configured with Yarn cluster mode and Kerberos enabled is encountering issues and failing to execute, presenting the following errors: 

YarnClusterScheduler- Lost executor 3 on me-worker1.xxx.co.id: Unable to create executor due to Unable to register with external shuffle server due to : java.lang.IllegalStateException: Expected SaslMessage, received something else (maybe your client does not have SASL enabled?)

jaas.conf content =
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/tmp/adm.keytab"
principal="cld_adm@XXX.CO.ID"
doNotPrompt=true;
};

KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/tmp/adm.keytab"
principal="cld_adm@XXX.CO.ID"
doNotPrompt=true;
};

Cause

The external shuffle service within YARN is configured to mandate SASL authentication; however, the Spark executor is either improperly configured to use SASL or is transmitting an incompatible message.

Common causes includes:

1. The absence or inaccuracy of SASL configuration in either spark-defaults.conf or YARN's configuration file (yarn-site.xml).
2. A version discrepancy between Spark and YARN, where the shuffle service necessitates a particular SASL protocol unsupported by the Spark client.
3. Improper security configurations, including the omission of Kerberos credentials or incorrect settings for spark.authenticate and associated properties.

This error results in the executor's failure to register with the shuffle service, prompting the YarnClusterScheduler to mark it as lost.

Resolution

Ensure that the external shuffle service is enabled, and that the SASL settings are in accordance with YARN's configurations:

spark.authenticate true
( #not necessary 
spark.network.crypto.enabled true
spark.network.crypto.saslFallback true
)

Environment

• Talend Data Integration 

Question I

Which Apache Tomcat Versions are affected  by Apache Tomcat Vulnerability CVE-2025-24813 and the impact?

Apache Tomcat Vulnerability CVE-2025-24813 is Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet

Affected Apache Tomcat version

• From 11.0.0-M1 through 11.0.2
• From 10.1.0-M1 through 10.1.34
• From 9.0.0.M1 through 9.0.98

How Impact

The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator replaced by ".".

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:

• Writes enabled for the default servlet (disabled by default)
• Support for partial PUT (enabled by default)
• A target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads>
• Attacker knowledge of the names of security sensitive files being uploaded>
• The security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:

• Writes enabled for the default servlet (disabled by default)
• Support for partial PUT (enabled by default)
• Application was using Tomcat's file based session persistence with the default storage location
• Application included a library that may be leveraged in a deserialization attack

Question II
On which Apache Tomcat versions this Vulnerability is fixed and currently Talend Supported Apache Tomcat versions?

Vulnerability is fixed with the following Apache Tomcat versions

• 9.0.99 or later
• 10.1.35 or later
• 11.0.3 or later (not used by the Talend Product )

Talend Supported Apache Tomcat Versions 

Regarding of Talend Help Documentation: compatible-web-application-servers

• Tomcat 10.1.40 requires Talend R2025-05 monthly patch or later.
• Tomcat 10.1.42 and 10.1.43 require Talend R2025-06 monthly patch or later.

Related Content

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

Apache Tomcat Vulnerabilities

• https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.99 
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.35
• https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.3 

Environment

Talend Administration Center 

When attempting to build a set of items (jobs, routes, services, etc) from a parent project with a reference project, Maven and the P2 may only see the items in the parent. Additionally, there may be errors of certain items (child jobs, routines, etc) missing during different stages of the build; such as (but not limited to the following):

org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal on project <project_name>: Could not resolve dependencies for project org.example.<project_name>.job:<job_name>:jar:0.1.0: The following artifacts could not be resolved: org.example.<reference_project>.joblet:<joblet_name>:pom:0.1.0 (absent)

Resolution

When the YAML or Pipeline scripts being used with the orchestrator, Talend CICD may need to be modified, so that the parent and reference projects are checked out and copied into one folder. This process may depend on the orchestrator used (such as Jenkins/Cloudbees, Azure DevOps, Gitlab Actions, etc); for specific information, please check with your DevOps team for specific commands and process.

In short, the process should look similar to the following:

1. Check out repository/branch where the reference project is located.
2. Check out repository/branch where the parent project is located.
3. Copy the reference project folder into a new folder, usually within the same working directory.
4. Copy the parent project folder into the same folder as the reference project.
5. Delete/Clean the original checked out folders from the working directory.

Cause

Most YAML or Pipeline scripts are setup to pull and checkout from one repository/branch; however, if a Reference Project is being used, it does require that repository/branch also be pulled down. If the reference project is not copied into the same folder as the parent project, Maven/Talend may only see the parent project checked out without reference project.

Environment

• Talend Data Integration 
• Talend Studio