This article provides a guide on how to configure a Qlik Sense Enterprise on Windows Virtual Proxy with OIDC authentication.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

On Google Workspace

1. Follow the instructions in How To: Setting up OAuth 2.0 Google Cloud Platform
2. Create an OAuth client ID
   
   
   
   
3. Note your Client ID and Client Secret
4. Configure the Authorized redirect URIs
   
   
   
   Change the URIs per your environment's requirements.
   
   In this case I’m using the same app to authenticate Qlik Sense Client-Managed and Qlik Cloud as well.
   
   URIs must be a fully qualified domain name (FQDN) such as, https://qliksenseserver.domain.local.
   
   
5. Once finished, download the config json file

Setting up Qlik Sense for OIDC with Azure ID

1. Create a new virtual proxy in the Qlik Sense Management Console and configure it based on your requirements (such as choosing an Engine to load balance to, your host allow list, and associating a Proxy service).
2. Choose OIDC as the authentication method and configure it as follows:
   
   
   
   The fields to pay attention to are:
   
   
   • OpenID Connect metadata URI: https://accounts.google.com/.well-known/openid-configuration
   • Client ID: Can be found in the Google Console > Additional information
   • Client secret: Can be found in the Google Console > Client Secret, and is available when downloading the config json file
   • scope: openid email profile

Environment

• Qlik Sense Enterprise on Windows
• Google Workspace

QlikView QVD files contain lineage information of the stored data. 

Environment:

QlikView any version

The lineage information can be found in the QVD file XML header and might look like below, with connection details and the SQL statements used during reload. 

Resolution:

1. Open Qlikview Desktop client 
2. Go to Help > About Qlikview...
3. Right click the QlikView logo in the bottom right corner
4. Highlight the AllowDataLineage value
5. Set the value to -1 to disable the Lineage information
6. Click Set to store the value change
7. Close the settings and about dialog boxes
8. Reload the QVD generator application
   
   

1. Open the QlikView Server’s batch settings.ini file in a text editor. Default file path; C:\Windows\System32\config\systemprofile\AppData\Roaming\QlikTech\QlikViewBatch\Settings.ini
2. Add AllowDataLineage=-1 in the [Settings 7] section of the settings file. 
3. Save the settings file and close text editor
4. Restart QlikView Server, to trigger loading of the altered settings 
5. Reload the QVW file from QlikView management console to see that the setting has been changed
6. To enable the lineage information follow the steps above, but set the Value to 0 instead of -1 in step 5.

How to decrypt a heavily encoded SAML message. 

If you have set up the Identity Provider to encrypt the SAML assertion, then in order to see what it contains for troubleshooting, you will need to decrypt it.

Environment:

Qlik Sense Enterprise on Windows , all versions

It is important to understand the 3 below concepts when using SAML.

• Inflation and base-64 encoding
• Signing
• Encryption

A SAML AuthnRequest is:

• Inflated and base-64 encoded (If you use a SAML browser extension, it will deflate it and decode it automatically for you. In order to do that manually, https://www.samltool.com/decode.php can be used.)
  No private key is needed to deflate/decode.
• Signed, so that it cannot be altered. The signature does not hold any useful information for troubleshooting, it is just to make sure that the SAML request hasn't been altered. However if the certificate it has been signed with does not correspond, you won't be able to authenticate.
  The Qlik Sense certificate is needed to validate the signature on the SAML assertion. (Note: Qlik Sense always signs SAML AuthnRequest, this cannot be disabled, however SAML AuthnRequest signature validation can be disabled in the Identity Provider)

A SAML assertion (The assertion is a section in the SAML response) is:

• Inflated and base-64 encoded (If you use a SAML browser extension, it will deflate it and decode it automatically for you. In order to do that manually, https://www.samltool.com/decode.php can be used.)
  No private key is needed to deflate/decode.
• Signed, so that it cannot be altered. The signature does not hold any useful information for troubleshooting, it is just to make sure that the SAML request hasn't been altered. However if the certificate it has been signed with does not correspond, you won't be able to authenticate.
  The Identity Provider certificate is needed to validate the signature on the SAML assertion.
• Encrypted (Optionally). In this case, in order to see if information in the SAML assertion are correct, decrypting the SAML assertion is needed.
  It can be decrypted with https://www.samltool.com/decrypt.php, just paste the deflated/decoded SAML request.
  The Qlik Sense certificate private key is needed to see what the signature holds.
  The SAML response is generated by the Identity Provider and the public certificate of the Service Provider (Qlik Sense) is used to encrypt. You will need the private key of Qlik Sense to decrypt it.
   

Resolution:

1. Go to https://www.samltool.com/decrypt.php
2. In Encrypted XML, paste the deflated/decoded SAML response.
3. In Private Key*, paste the private key of Qlik Sense.

Related Content:

How To Use SAML Authentication With Qlik Sense 

Scheduled tasks will fail in Qlik Sense, if the App contains Section Access while could be working fine from the script editor.

Investigating the log file <Servername>_System_Engine.txt shows a warning message similar to:

WARN    domain    System.Engine.Engine    89    6ac41964-2910-4a17-9162-c40119b2d3d6    domain\qliksense     System: DetermineAccess: Failed to access the following document af18ffcb-6b60-4546-9fa5-f385172eebec  with the user:      0         sa_scheduler    20181126T181325.903+0100    6864    7120    eaa1c5c2-1850-40cb-a490-0e6158df82b0    af18ffcb-6b60-4546-9fa5-f385172eebec     20181126T181055.000+0100    6ac41964-2910-4a17-9162-c40119b2d3d6  

On the script log you will see:

Execution Failed
Execution finished.

Qlik Sense Enterprise on Windows governs access to resources (such as Apps) through the Repository Service. An account for each service is created in the PostgreSQL database during setup, such as the sa_scheduler account above. For the Scheduler to be able to access the App during reload, this account must be added into Section Access, not the account running the actual service.

See also the help documentation:
"The INTERNAL\SA_SCHEDULER account user is required to enable reload of the script in a Qlik Management Console task." Managing security with section access

Resolution:

The following requirements must be met:

• Make sure the relevant account is added to Section Access with access ADMIN. This may be the Qlik Sense internal (non-Windows) account INTERNAL\SA_SCHEDULER or the account chosen to impersonate it during reload. See also Managing security with section access 
• The app owner must have access to all data connections or at least all data connections used in the app

Example

Section Access;
LOAD * INLINE [
ACCESS, USERID
ADMIN, INTERNAL\SA_SCHEDULER
];

Qlik Talend Cloud establishing a connection to SAP using the Extractor Endpoint fails with:

Status(StatusCode="Internal", Detail="SYS-E-HTTPFAIL, Failed to load dynamic endpoint properties. SYS,GENERAL_EXCEPTION,Failed to load dynamic endpoint properties,Failed to find endpoint type 'SAPExtractor' from endpoint server 'Local' Failed to find endpoint type 'SAPExtractor' from endpoint server 'Local' XXXX, HTTP request failed, Failed to connect using Data Movement gateway local_repsrv. Verify the status in Management Console > Data gateways is "Connected" and then retry the operation."). 

Resolution

1. Stop the Gateway server:
   

   systemctl stop repagent

2. Download the SAP Java Connector 3.x (64-bit) for Linux from https://support.sap.com/en/product/connectors/jco.html
3. Unzip the file. It includes the required sapjco3.jar and libsapjco3.so files.
4. Install the Java connector into the Gateway Server by manually copying the Sapjco3.jar and libsapjco3.so files to the /opt/qlik/gateway/movement/endpoint_srv/endpoints/SAP directory
5. Once the files have been copied, start the Gateway server:
   1. Verify you are root using:

      sudo su 

   2. Run the command:
      

      systemctl start repagent

6. Confirm the Gateway Server is up using the below command and example output:
   

   systemctl status repagent
   

   repagent.service - Qlik Data Gateway - Data Movement
   Loaded: loaded (/etc/systemd/system/repagent.service; enabled; vendor preset: disabled)  Active: active (running) since Tue 2025-03-25 14:18:57 GMT; 11min ago
   Process: 176787 ExecStop=/opt/qlik/gateway/movement/bin/repagent stop (code=exited, status=0/SUCCESS)
   Process: 176944 ExecStart=/opt/qlik/gateway/movement/bin/repagent start (code=exited, status=0/SUCCESS)
   Main PID: 177014 (agentctl)
   Tasks: 0 (limit: 49025)
   Memory: 28.0K
   CGroup: /system.slice/repagent.service
         ‣ 177014 /opt/qlik/gateway/movement/bin/agentctl -d /opt/qlik/gateway/movement/data service host -b
   Mar 25 14:18:53 RHEL8.domain.local systemd[1]: Starting Qlik Data Gateway - Data Movement...
   Mar 25 14:18:53 RHEL8.domain.local su[176967]: (to qlik) root on none
   Mar 25 14:18:53 RHEL8.domain.local su[176967]: pam_unix(su-l:session): session opened for user qlik by (uid=0)
   Mar 25 14:18:57 RHEL8.domain.local su[176967]: pam_unix(su-l:session): session closed for user qlik
   Mar 25 14:18:57 RHEL8.domain.local systemd[1]: Started Qlik Data Gateway - Data Movement.

Cause

Missing Sapjco3.jar and libsapjco3.so files in the /opt/qlik/gateway/movement/endpoint_srv/endpoints/SAP directory. 

Internal Investigation ID(s)

CC-16456

Environment

• Qlik Replicate

Creating ODBC or OLE DB connections in the Data Manager fails while using Qlik Sense Enterprise on Windows November 2024.

The ODBC connection

The DSN list is not shown:

The OLE DB connection

The connection screen loops with a spinning progression wheel:

Affected versions

• Qlik Sense Enterprise on Windows November 2024 IR to Patch 8
• Qlik Sense Desktop November 2024 IR to Patch 8

Resolution

This is caused by SUPPORT-1177 and SUPPORT-1180, which have been fixed in Patch 9 (release expectation: May 2025). Review the Release Notes for details at patch publication.

Workaround:

Use the Data Load Editor to create a new ODBC or OLE DB connections.

Fix Version:

• Qlik Sense Enterprise on Windows November 2024 Patch 9, May 2025
• Qlik Sense Desktop November 2024 Patch 9, May 2025

Cause

Product Defect ID(s): SUPPORT-1177, SUPPORT-1180

Do Qlik Products support the use of Standalone Managed Service Accounts (GMSA)?

At this time, QlikView, Qlik Sense Enterprise on Windows, and Qlik NPrinting do not support the use of managed service accounts.

For general service account requirements, see:

QlikView Service Account Requirements 
Qlik Sense Sevice Account Requirements 
Qlik NPrinting user account requirements 

Environment

Qlik Sense Enterprise on Windows 
Qlik NPrinting 
QlikView 

Executive Summary

A security issue in a version of Qlik Alerting Windows has been identified. This issue was resolved in a later patch, which is already available. If the vulnerability is successfully exploited, it could lead to unauthorized access to the Qlik Alerting application.

Affected Software

Qlik Alerting Windows July 2023 Service Release 1

Severity Rating

Using the CVSS V3.1 scoring system (https://nvd.nist.gov/vuln-metrics/cvss), this issue is rated CRITICAL.

Vulnerability Details

CVE-Pending (QB-24808) Authentication bypass

Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)

An unprivileged user with network access to the Qlik Alerting Server is able to bypass basic authentication.

Resolution

Recommendation

Customers should upgrade to Qlik Alerting July 2023 Service Release 2 or higher.

All Qlik software can be downloaded from our official Qlik Download page (customer login required).

Account Types 

• Personal Account:

Once the connector has authorization to access the Microsoft account there will be a corresponding entry in "My apps"
https://myapps.microsoft.com/

• Enterprise Account:

Granting Access for Enterprise Accounts:

Once the enterprise application is selected an application list will appear that the user can filter searching for Qlik Web Connector:

Enabled for users to sign-in? (Yes)

User assignment required? (Yes) This field is only mandatory if the administrator wants to restrict access to the users.

Visible to users? (Yes)
 
 

Testing (With administrator rights)

Open Qlik Office 365 SharePoint connector and select "Can Authenticate" and the press the green button "Authenticate"


You will be redirected to a Microsoft login page that should look similar to the following picture:
 

If azure grants access, the Qlik Webconnector application will generate a code as the following one:



Testing (With NON administrator rights)

If a basic (Non admin) user tries to auth the following message would appear in azure:

In order to fix this the administrator needs to grant access to the users.


Once the administrator granted access to the user the message that should appear is the following one:

When attempting to create a datasource that enables routes/services to access an Azure-based SQL Server with AD Authentication, the datasource may fail to connect. Despite providing the necessary ms__auth.dll to Runtime (either through the service or etc folder) and windows, the tesb log may still display the following error message:

"Failed": "com.microsoft.sqlserver.jdbc.SQLServerException:Failed to load MSAL4J Java library for performing ActiveDirectoryPassword authentication.

Cause

In many cases, the reason for this error is due to Runtime not having the specific library installed within it. Although they are very similar, Azure-based SQL Instances do require specific dependencies that may not be found with the regular Microsoft SQL JDBC drivers. This may affect those users who have a Runtime instance at or newer than the R2024-06 Patch.

Resolution

To address this issue, please follow these steps:

1. Remove any SQL JDBC jars that may have been copied to the <Runtime>/lib folder.
2. Use the karaf client (<Runtime>/bin/client.sh) to run "feature:install azure-msal4j" to install the bundle and library into Runtime.
3. Redeploy any affected routes/services, and verify that both the datasource and the task run as expected.

If the datasource or task is still encountering connection issues, kindly contact Qlik Support.

Environment

• Talend Cloud 8.0.1

The QlikSenseUtil comes bundled with Qlik Sense Enterprise on Windows. It's executable is by default stored in:

%Program Files%\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe

Qlik Sense Util is no longer supported as a backup and restore tool. For the officially supported backup and Restore Process, see Backup and Restore.

It serves as a: 

• Qlik Sense Port Checker: Pings every active port Qlik sense is using for every node. Note that some ports can be for internal use and might not be exposed to the node you are pinging from.
• Data structure checker: Mostly applicable for a synchronized persistence deployment. Checks that the data references are not broken.
• Duplicate server nodes: Mostly applicable for a synchronized persistence deployment. Checks there are no duplicate server nodes in the database.
• Remove old app binaries: Remove deleted app binaries from the selected folder.
• Get system configuration: Returns the system configuration from the database.
• Connection string editor: A tool for editing the connection string.
• Service Cluster: Functionality for updating the service cluster in the database.
• Log Fetcher: A tool for fetching logs from the system. If the time span is shorter than 24h all logs will be summarized in one single file. This will make trouble shooting easier if you are looking for events what occurred within a short time frame.
  • Fetching logs with a time span larger than 24h will copy the logs and paste them in their logical structure. The filter functionality selects every row with the specified keyword and creates log files based on rows selected.
    Note : Qlik Support prefers using the Log Collector included in How To Collect Qlik Sense Log Files
• Service type checker: Mostly applicable for a synchronized persistence deployment. Checking for duplicated service types in the database.

With a Unified license (formerly called Dual Use License) the legacy QlikView license is complemented with a Qlik Sense license that can be applied to the QlikView server as it includes QlikView entitlement license attributes. Such license needs to be activated with the Signed License Key (SLK). When a customer enters an Analytics Modernization Program (AMP, formerly known as Dual Use program), QlikView CALs (e.g. Named User CALs, Document CALS, Session CALs and Usage CALs) are converted into Professional User, Analyzer User,  and Analyzer Capacity User allocations based on the Analytics Modernization Program conversion ratios.

Here are two scenarios:

I. If a customer transitions to AMP with on-premise (client-managed) Qlik software (e.g. converts to the perpetual estate or convert to subscription Qlik Sense Enterprise on Windows), a Unified License containing the converted quantity of Professional Users, Analyzer Users and Analyzer Capacity would be delivered. This license contains a customized Qlik Sense Enterprise Signed License Key (SLK) which can also be deployed on QlikView Server and/or QlikView Publisher. If a user is assigned a Professional or Analyzer user license, this assignment information is synchronized to all Qlik Sense and QlikView deployments activated using this Unified License key. As such one user just needs one license to access the entire Qlik software platform (regardless if it is Qlik Sense or QlikView).

In this scenario, as long as the QlikView Server and Qlik Sense edition use the same Identity Provider (IdP) the user can access apps on both environments consuming only one user license allocation.

If the user license is reallocated in any of the systems to a different user, the same will occur across both QlikView and Qlik Sense environments.

II. If a customer transitions to AMP with Qlik Sense Enterprise SaaS add-on, a Qlik Sense Enterprise SaaS tenant may use a Unified License  for the on-premise deployment. The customer is able to upload QlikView document prepared by the on-premise QlikView software directly into Qlik Sense Enterprise SaaS for distribution.

A QlikView Server or a Qlik Publisher software can be activated in two ways:

1) Using a legacy method with 16-digit QlikView license key and the corresponding control number

2) Using a modern Unified License with Signed License Key containing needed QlikView Server and Publisher Service attribute(s). In this latter scenario, user license assignment (Professional/Analyzer) and analyzer capacity would be synchronized with other deployments using the same Signed License Key as it is done in the Unified License model

If the customer opts to remain in Perpetual licensing, the existing QlikView license model can be retained. Otherwise, if the customer opts for conversion into Subscription licensing model, a set of QlikView subscription license attributes mirroring the existing QlikView perpetual license key setup would be delivered such that the customer switch to the subscription QlikView keys without the need for an immediate migration project towards using Unified licensing.

Note: Please note that Qlik is no longer starting clients on the Perpetual license model. See End of Perpetual License Sales 

Environment:

• QlikView 
• Qlik Cloud 
• Qlik Sense Enterprise on Windows 
   

Related Content:

• How to Apply an unified Signed License Key for QlikView and Qlik Sense
• Qlik Multi-Cloud Frequently Asked Questions (FAQ)

How are sessions counted in Qlik Sense? 

The following are examples of how sessions are counted within Qlik Sense.  

• One user opens Qlik Sense Hub with One browser on One machine = 1 session
• One user opens Qllik Sense Hub with One browser but Multiple tabs on One machine= 1 session
• One user opens Qlik Sense Hub with Two different browsers on One machine= 2 sessions
• One user opens Qlik Sense Hub with One browser, then closes the browser and reopens it = 2 sessions
• One user opens Qlik Sense Hub with One browser on Two different machines = 2 sessions
• One user opens Qlik Sense Hub and two Apps in one browser, two different tabs and on a mobile device = 2 sessions
• One user opens Qlik Sense Hub from Two virtual proxy with One browser on One machine= 2 sessions
• One user opens Qlik Sense Management Console (QMC) with One browser on One machine = 1 session
• One user opens a Qlik Sense Mashup using Two Apps hosted from the same proxy = 1 session

Sessions will be terminated after the currently configured Session timeout in the Qlik Sense Proxy.
If the Qlik Sense engine or Proxy are terminated or crash, Sessions are ended right away.

Once the maximum number of parallel user connections (5) is reached, this will be documented in the AuditSecurity_Repository log. To identify if this is the issue, review the relevant log and review how the user is interacting with the system. 

The log is stored in:
C:\Programdata\Qlik\Sense\Log\Repository\Audit\AuditSecurity_Repository.txt

The related message reads: 
Access was denied for User: 'Domain\USER', with AccessID '264ff070-6306-4f1b-85db-21a8468939b5', SessionID: 'e3cd957b-a501-4bec-a3f8-d35170a73efa', SessionCount: '5', Hostname: '::1', OperationType: 'UsageDenied'

Related content:

Troubleshoot too many sessions active in parallel
Qlik Sense April 2018 and later- Service account getting "You cannot access Qlik Sense because you have no access pass"
 

The QlikView Services can be set up to either use the local QlikView Administrators Group, or Digital Certificates. The Service Account has specific requirements. 

The two options during installation are Use digital certificates and Use QlikView Administrators Group.

Use digital certificates: 

Authenticate communication between QlikView servers using digital certificates and SSL. This alternative is recommended in environments where not all servers have access to a common Windows Active Directory or when the security provided by certificate authentication is required. Note that digital certificates are only supported by Windows Server 2008 R2 and later.

Use QlikView Administrators Group: 

Authenticate communication between QlikView services based on membership in the local Windows group QlikViewAdministrators. This alternative can be used in environments where all servers that are part of the QlikView installation can authenticate using a common Windows Active Directory.

Regardless of the option chosen, the service account used to run the services has to be:

• A local administrator on the host operating system
• Be able to run as a network service
• Have access to all the QlikView related folder structure, such as ProgramData, Program Files, and configured application data (.qvw storage, .qvd storage, log files) locations. 

Note:  GMSA (Standalone Managed Service Accounts) are not supported for Qlik products

Environment: 

Related Content:

• How to Change QlikView Service Account
• Is GMSA supported for use with Qlik Products 
   

If your Qlik Sense Enterprise on Windows version is not compatible with the QSR database. 

This may occur if:

• You have upgraded Qlik Sense (for example: from May 2023 to November 2023) and have started the services. This will have migrated your QSR database from the May 2023 schema to the November 2023 schema.
  
  You have then decided to roll back to May 2023 and are attempting to restore the November 2023 QSR. They are not compatible and the migration will fail.
  
  the DbMigrationsConfiguration.AutomaticMigrationsEnabled to true to enable automatic migration.
  
  
• If an incorrect version was installed during an upgrade of a Qlik Sense Enterprise on Windows multi node environment, such as installing different versions on RIM nodes, the Qlik Sense Repository service will not start on any node (including the central node). 
  

An incorrect version of Qlik Sense Enterprise on Windows in a multi node environment will trigger a database migration to this version. The result is that the Qlik Sense Repository service fails to start with the error: 

Fatal exception during startup Unable to update database to match the current model because there are pending changes and automatic migration is disabled. Either write the pending model changes to a code-based migration or enable automatic migration. Set DbMigrationsConfiguration.AutomaticMigrationsEnabled to true to enable automatic migration.↵↓An exception was thrown while invoking the constructor 'Void .ctor()' on type 'DatabaseContext

Resolution

As database migration started which had caused database corruption, you need to revert back to the old database backup to resolve this issue or contact Qlik Support for assistance.

Internal Investigation ID(s)

QB-8813

Environment

Qlik Sense Enterprise on Windows all versions

Qlik Talend Data Integration Data Movement Gateway supports connecting to a DB2i Source Endpoint using SSL. This article documents the step-by-step requirements to set up an ODBC connection to an iSeries with SSL enabled.

For general information about Qlik Data Movement Gateway, see Qlik Data Gateway - Data Movement.

1. Install the DB2i driver using the Qlik Talend Data Integration installation procedure.
   
   See Driver setup.
   
   

   $ cd /opt/qlik/gateway/movement/drivers/bin
   $ ./install db2iseries

2. Download the attached ibmi.conf (ibmi.zip) file and save it to /etc/stunnel before changing its permissions as follows:

   chmod 755 ibmi.conf

3. Place your certificate (AS400-7CA.txt) in /etc/stunnel before changing its permissions as follows:

   chmod 755 AS400-7CA.txt

4. Update the /etc/odbc.ini file, adding this section:

   [DB400]
   Description = SSL-enabled IBM i DSN
   Driver = IBM i Access ODBC Driver
   #System = as400-7.iSeries.com
   System = 127.0.0.1

5. Start the stunnel service using the following command:

   [root@RHEL8 ~]#sudo stunnel /etc/stunnel/ibmi.conf

6. Test the connection using isql:

   [root@RHEL8 ~]# isql -v DB400 IVAN IVAN

   +---------------------------------------+
   | Connected! |
   | |
   | sql-statement |
   | help [tablename] |
   | quit |
   | |
   +---------------------------------------+

   
   SQL> SELECT REMOTE_ADDRESS, REMOTE_PORT, LOCAL_PORT_NAME, LOCAL_PORT, JOB_NAME FROM QSYS2.NETSTAT_INFO Where LOCAL_PORT = 9471

Related Content

• IBM SSL requirements for SSL ODBC connectivity
• Qlik Replicate: LINUX SSL setup for DB2i connection 
• stunnel 

Environment

• Qlik Talend Data Integration

The conclusions in this article were reached in collaboration with cjgorrin from the European Commission's Joint Research Centre Qlik Sense team.

Custom QVX connectors stopped working after upgrading to Qlik Sense Enterprise on Windows November 2024.

After selecting Select Data in the Data Load Editor, the Select Data dialog window will display the following message and not proceed:

Please wait – analyzing the selected data

This worked as expected in previous versions of Qlik Sense Enterprise on Windows.

Resolution

This issue is related to a defect (SUPPORT-998, QCB-30758) reported in Qlik GeoAnalytics Plus November 2024, which was resolved in Qlik Sense November 2024 Patch 6.

See the relevant release notes for details.

Internal Investigation ID(s):

SUPPORT-998, QCB-30758

Environment

• Qlik Sense Enterprise on Windows November 2024
• Qlik GeoAnalytics

Before you can start using Qlik Sense Desktop, you need to authenticate yourself against a Qlik Sense Enterprise server. You need to have a working network connection to enable authentication.

The following requirements need to be met:

• A functioning network connection to the Qlik Sense Enterprise Client-Managed Server or Enterprise SaaS/Business tenant.
• Use of a Professional license. Analyzer licenses do not support Desktop Authentication
  For legacy token license: User and Login Passes allow Desktop Authentication
• No TEST license. Test licenses disallow the use of authentication links 
• Compatibility must be met. See Qlik Sense Desktop patch process and compatibility with on-premise installs and Qlik Cloud .

After you have been authenticated once, internet access is not required to continue using Qlik Sense Desktop. However, you have to re-authenticate yourself if thirty days have passed since you last authenticated.

Environment

Qlik Sense Desktop 
Qlik Cloud 
Qlik Sense Enterprise on Windows 
Qlik Sense Business 

Related Content 

Starting Qlik Sense Desktop | Qlik Sense on Windows Help 
Starting Qlik Sense Desktop | Qlik Cloud Help
Configuring Qlik Sense Desktop authentication link 
How to authenticate Qlik Sense Desktop against SaaS editions 
How to authenticate Qlik Sense Desktop against a Qlik Sense Enterprise on Windows server  

Talend Remote Engine Heart Beat is failing hourly with 'GOAWAY received' error and the karaf.log shows below:

2024-08-01T10:16:58,638 | ERROR | pool-28-thread-1 | JAXRSUtils | 469 - org.apache.cxf.cxf-rt-frontend-jaxrs - 3.6.2 | | Problem with writing the data, class org.talend.ipaas.rt.engine.model.HeartbeatInfo, ContentType: application/json
2024-08-01T10:16:58,638 | WARN | pool-28-thread-1 | PhaseInterceptorChain | 467 - org.apache.cxf.cxf-core - 3.6.2 | | Interceptor for {http://pairing.rt.ipaas.talend.org/}PairingService has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Problem with writing the data, class org.talend.ipaas.rt.engine.model.HeartbeatInfo, ContentType: application/json
Caused by: java.io.IOException: /<IP>:<port>: GOAWAY received

This could also be a possible solution when the following error is also showing in the log:

Caused by: java.io.IOException: HTTP/1.1 header parser received no bytes

Resolution

1. Stop Remote Engine.
2. Edit the <RemoteEngineInstallation>/etc/org.talend.ipaas.rt.pairing.agent.cfg file and replace the line 

   heartbeat.interval=60 (by default) 

   with 

   heartbeat.interval=65

3. In the file <RemoteEngineInstallation>/etc/system.properties, remove or comment out the line below (if it exists):
   

   org.apache.cxf.transport.http.forceVersion=1.1​

4. Restart Remote Engine.

Do not set heart interval to more than 180 seconds(3 mins). If Talend Cloud does not receive a heartbeat from the Remote Engine for more than 3 mins, it will show the Remote Engine's status as unavailable.

Cause

The connection to the server pair.xx.cloud.talend.com is kept during 60 seconds and Heartbeat.interval > 60 seconds allows to close this connection and prevent "GOAWAY received" error message.

Related Content

For more information about heartbeat concept and heartbeat interval, please refer to documentation:

Monitoring-remote-engine-health

Internal Investigation ID(s)

 Internal Jira Case ID: TMC-4122

Environment

Talend Cloud