Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
marcusnhbg
Partner - Contributor II
Partner - Contributor II
‎2014-02-06 08:21 AM

How to get connection between QVWS and QMC/QVS (management console)?

I have a problem setting up Qlikview Web Server on DMZ server (Windows 2012 / IIS) and connecting it to an existing Qlikview Server installation. The connection between QVS and Web Server fails for some reason.

I choose the option "Digital Certificates" while installing the Web Server Components on the DMZ-server since this machine is outside the domain.

DMZ/Web Server:

The Qlikview Settings Service is running on the DMZ with a local admin account.

The logfile "C:\ProgramData\QlikTech\WebServer\Log":

2014-02-06 13:19:43.1216118     Information     Initializing service

2014-02-06 13:19:43.1726192     Information     Attempting to start QVWS certificate setup soap server at port 4750...

2014-02-06 13:19:43.2426278     Information     Attempting to start QVWS certificate setup HTTP server at port 4750...

2014-02-06 13:19:43.3016357     Information     Initializing done

I have edited the "C:\ProgramData\QlikTech\WebServer\config.xml" and pointed "DefaultQVS" to my QVS.

Also I have updated the settings under "AddCluster" and "AddDSCCluster" pointing the to the right servers. Initially, after running the installation program, these settings pointed to "localhost".

From the web server I am able to browse to http://localhost/qlikview/index.htm and the Access Point loads in the web browser asking for credentials. I am also able to browse to the Acces Point from my own PC.

IT has verified that ports 4750 is open for traffic from QVS to DMZ. They can monitor traffic from QVS to DMZ-server but there seems to be no response. Port 80 is open to Internet.

QMC/QVS:

The status message when looking under System > Setup > Qlikview Web Servers > QVWS@myserver:

The Web server is currently not responding

I have updated the settings under QVWS@... > General > Location > Name and URL:

QVWS@mywebserver.dhdmz.local

http://mywebserver.dhdmz.local:4750/QVWS/Service


Other settings is set to default and not changed since the installation of the QVS.

Ports open for traffic from DMZ to QVS are 4747 and 4774.

I would appreciate any information or help to solving this, thanks!

Other questions:

When using "Digital Certificate" mode, am I supposed to config something for this to work?

I have seen in other threads and discussions, suggestions to use a local admin with the same user name/password on both servers running ALL the services. Can someone verify this and if this may be the cause for my problem?

Kind Regards

Marcus

Labels (1)
Labels
4,505 Views
1 Solution

Accepted Solutions
marcusnhbg
Partner - Contributor II
Partner - Contributor II
‎2014-02-21 08:22 AM
Author

Hi again,

We have now been able to install the components on both servers and getting them to connect with each other.

All services are now green in the QMC.

The solution to this was to enable WindowsAuthentication for ALL services. A certificate was downloaded in this process to the DMZ server. We have also opened up the required ports. Port 4749 needed to be open when communicating through certificates... The web server is connected through the setting "https://<web server>:4750/...".

Now the challenge is to get the authentication to function properly. The web server is now set to web form login.

Now, also installed on the DMZ web server is an additional DSC service which is connected to the AD/LDAP. This connector is able to connect to the AD and this is verified by the connector service logs.

When entering username and password (domain administrator) in the web form trying to login I get back to the login form. I dont know why I'm not getting through this login process? All I can see in the web server log is "Login: <user> failed".

The problem is that the logs aren't telling me what or where the problem is. I have set every log setting to high or debug. I now need to know what is wrong and how to fix this.

Next problem is the authorization of the user. Which files are the user supposed to see in the Access Point. Since this is a Small Business Edition Server the only setting available is "NTFS". I hope this is solved by itself when the authentication works properly...

Every piece of information is appreciated!

Kind regards,

Marcus

View solution in original post

1,551 Views
0 Likes
6 Replies
Not applicable
‎2014-02-11 09:01 AM

Hi Marcus,

Have you tried opening up 4780 which is the management port? Is 4730 also open used  DSC authentication?

Thanks Steve

1,551 Views
0 Likes
Bill_Britt
Former Employee
Former Employee
‎2014-02-11 02:31 PM

Hi,

Did you open port 4747? Plus you need to make sure the QlikView Setting service is running on the machine in the DMZ

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
1,551 Views
0 Likes
marcusnhbg
Partner - Contributor II
Partner - Contributor II
‎2014-02-21 08:22 AM
Author

Hi again,

We have now been able to install the components on both servers and getting them to connect with each other.

All services are now green in the QMC.

The solution to this was to enable WindowsAuthentication for ALL services. A certificate was downloaded in this process to the DMZ server. We have also opened up the required ports. Port 4749 needed to be open when communicating through certificates... The web server is connected through the setting "https://<web server>:4750/...".

Now the challenge is to get the authentication to function properly. The web server is now set to web form login.

Now, also installed on the DMZ web server is an additional DSC service which is connected to the AD/LDAP. This connector is able to connect to the AD and this is verified by the connector service logs.

When entering username and password (domain administrator) in the web form trying to login I get back to the login form. I dont know why I'm not getting through this login process? All I can see in the web server log is "Login: <user> failed".

The problem is that the logs aren't telling me what or where the problem is. I have set every log setting to high or debug. I now need to know what is wrong and how to fix this.

Next problem is the authorization of the user. Which files are the user supposed to see in the Access Point. Since this is a Small Business Edition Server the only setting available is "NTFS". I hope this is solved by itself when the authentication works properly...

Every piece of information is appreciated!

Kind regards,

Marcus

1,552 Views
0 Likes
Not applicable
‎2014-06-04 04:32 AM

In response to marcusnhbg

Marcus

I am trying to get this configuration to work, so am interested in what you mean by "Windows Authentication" for ALL services.

We have installed Qlikview on different servers using the Digital Certificates approach, and this has so far failed (despite reviewing all the documents, this community and our own Qliktech resources) so am very interested in how you got this to work.

regards

1,551 Views
0 Likes
marcusnhbg
Partner - Contributor II
Partner - Contributor II
‎2014-06-04 08:25 AM
Author

In response to

Hi

Well I didn't manage to get the authorization part to work as originally planned. The solution was to put both servers inside the domain. This was due to a restriction in the Small Business Edition Server license. We tried to avoid this for security reasons.

Once the web server was inside the domain. The logon through Access Point worked fine.

Regarding the Digital Certificates:

If you install a fresh Qlikview Server and choose the Digital Certificates then you don't have to do anything. All of the services running on the server will get the "DC mode".

BUT if you have an existing installation of Qlikview and want to switch to Digital Certificates then you must alter the config files for ALL of the services and then restart the services.

     QVDirectoryServiceConnector.exe.config

     QVDistributionService.exe.config

     QVManagementService.exe.config

     QVWebServer.exe.config

The key you are looking for is this:

     <add key="UseWinAuthentication" value="false"/>

Change it to:

     <add key="UseWinAuthentication" value="true"/>

Also you need to check the ports which must be open if you have the services split on more than one server.

In my case, I installed the web server component on an additional server. Check the documentation which ports need to be open or ask your network specialist to help you monitor the requests from the server if you cant find it.

Last thing is to export/import the certificate to the web server.

When you add the web server in the QMC under System > Setup > Qlikview Web Server you get a dialog asking for the encryption key. Follow the instruction and use the web browser on the web server to synchronize the certificates on both servers.

This step is neccesary to get the green status in the QMC and to enable the communication.

Regards

Marcus

1,551 Views
0 Likes
Bill_Britt
Former Employee
Former Employee
‎2014-06-04 09:10 AM

Hi Marcus,

Please note that with SBE external users are not allowed.

Check the server reference manual for Features and Limitation.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.
1,551 Views
0 Likes