To create a CICD environment without an internet connection:

1. On a machine with internet access, download the builder-maven-plugin files from this repository

   The version must patch your Studio version.

2. Fetch the remaining JAR files required using CI/CD in your Studio patch file.
3. Copy all files to the environment without an internet connection and configure a Nexus to upload the files needed.

Environment

• Qlik Talend Studio

Ever wanted to brand or customize the default Qlik Sense Login page?

The functionality exists, and it's really as simple as just designing your HTML page and 'POSTing' it into your environment.

We've all seen the standard Qlik Sense Login page, this article is all about customizing this page.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

To customize the page:

1. We highly recommend setting up a new virtual proxy with Forms so you don't impact any users that are using auto-login Windows auth.
   
   Example setup:
   
   Description: Custom Forms Page
   Prefix: customlogin
   Session cookie header-name: X-Qlik-Session-CustomLogin
   Windows authentication pattern: Forms
   
   
   
   
2. Once this is done, a good starting point is to download the default login page.
   
   You can open up your web developer tool of choice, go to the login page, and download the HTML response from the GET http://<server>/customlogin/internal_forms_authentication request. It should be roughly a 273 line .html file.
   
   
3. Once you have this file, you can more or less customize it as much as you'd like.
   
   Image files can be inlined as you'll see in the qlik default file, or can be referenced as long as they are publicly accessible. The only thing that needs to exist are the input boxes with appropriate classes and attributes, and the 'Log In' button.
   
   
4. After building out your custom HTML page and it looks great, it needs to be converted to Base64. There are online tools to do this, openssl also has this functionality.
   
   Once you have your Base64 encoded HTML file, then you will want to PUT it into your sense environment.
   
   
5. First, do a GET request on /qrs/proxyservice and find the ID of the proxy service you want this login page to be shown for.
   
   
6. You will then do a GET request on /qrs/proxyservice/<id> and copy the body of that response. Below is an example of that response.
   
   

   {
       "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
       "createdDate": "2020-03-23T15:39:33.540Z",
       "modifiedDate": "2020-05-20T18:46:13.995Z",
       "modifiedByUserName": "INTERNAL\\sa_api",
       "customProperties": [],
       "settings": {
           "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
           "createdDate": "2020-03-23T15:39:33.540Z",
           "modifiedDate": "2020-05-20T18:46:13.995Z",
           "modifiedByUserName": "INTERNAL\\sa_api",
           "listenPort": 443,
           "allowHttp": true,
           "unencryptedListenPort": 80,
           "authenticationListenPort": 4244,
           "kerberosAuthentication": false,
           "unencryptedAuthenticationListenPort": 4248,
           "sslBrowserCertificateThumbprint": "e6ee6df78f9afb22db8252cbeb8ad1646fa14142",
           "keepAliveTimeoutSeconds": 10,
           "maxHeaderSizeBytes": 16384,
           "maxHeaderLines": 100,
           "logVerbosity": {
               "id": "8817d7ab-e9b2-4816-8332-f8cb869b27c2",
               "createdDate": "2020-03-23T15:39:33.540Z",
               "modifiedDate": "2020-05-20T18:46:13.995Z",
               "modifiedByUserName": "INTERNAL\\sa_api",
               "logVerbosityAuditActivity": 4,
               "logVerbosityAuditSecurity": 4,
               "logVerbosityService": 4,
               "logVerbosityAudit": 4,
               "logVerbosityPerformance": 4,
               "logVerbositySecurity": 4,
               "logVerbositySystem": 4,
               "schemaPath": "ProxyService.Settings.LogVerbosity"
           },
           "useWsTrace": false,
           "performanceLoggingInterval": 5,
           "restListenPort": 4243,
           "virtualProxies": [
               {
                   "id": "58d03102-656f-4075-a436-056d81144c1f",
                   "prefix": "",
                   "description": "Central Proxy (Default)",
                   "authenticationModuleRedirectUri": "",
                   "sessionModuleBaseUri": "",
                   "loadBalancingModuleBaseUri": "",
                   "useStickyLoadBalancing": false,
                   "loadBalancingServerNodes": [
                       {
                           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
                           "name": "Central",
                           "hostName": "qlikdemo",
                           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
                           "roles": [
                               {
                                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                                   "definition": 0,
                                   "privileges": null
                               },
                               {
                                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                                   "definition": 1,
                                   "privileges": null
                               },
                               {
                                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                                   "definition": 2,
                                   "privileges": null
                               },
                               {
                                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                                   "definition": 3,
                                   "privileges": null
                               },
                               {
                                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                                   "definition": 4,
                                   "privileges": null
                               },
                               {
                                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                                   "definition": 5,
                                   "privileges": null
                               }
                           ],
                           "serviceCluster": {
                               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
                               "name": "ServiceCluster",
                               "privileges": null
                           },
                           "privileges": null
                       }
                   ],
                   "authenticationMethod": 0,
                   "headerAuthenticationMode": 0,
                   "headerAuthenticationHeaderName": "",
                   "headerAuthenticationStaticUserDirectory": "",
                   "headerAuthenticationDynamicUserDirectory": "",
                   "anonymousAccessMode": 0,
                   "windowsAuthenticationEnabledDevicePattern": "Windows",
                   "sessionCookieHeaderName": "X-Qlik-Session",
                   "sessionCookieDomain": "",
                   "additionalResponseHeaders": "",
                   "sessionInactivityTimeout": 30,
                   "extendedSecurityEnvironment": false,
                   "websocketCrossOriginWhiteList": [
                       "qlikdemo",
                       "qlikdemo.local",
                       "qlikdemo.paris.lan"
                   ],
                   "defaultVirtualProxy": true,
                   "tags": [],
                   "samlMetadataIdP": "",
                   "samlHostUri": "",
                   "samlEntityId": "",
                   "samlAttributeUserId": "",
                   "samlAttributeUserDirectory": "",
                   "samlAttributeSigningAlgorithm": 0,
                   "samlAttributeMap": [],
                   "jwtAttributeUserId": "",
                   "jwtAttributeUserDirectory": "",
                   "jwtAudience": "",
                   "jwtPublicKeyCertificate": "",
                   "jwtAttributeMap": [],
                   "magicLinkHostUri": "",
                   "magicLinkFriendlyName": "",
                   "samlSlo": false,
                   "privileges": null
               },
               {
                   "id": "a8b561ec-f4dc-48a1-8bf1-94772d9aa6cc",
                   "prefix": "header",
                   "description": "header",
                   "authenticationModuleRedirectUri": "",
                   "sessionModuleBaseUri": "",
                   "loadBalancingModuleBaseUri": "",
                   "useStickyLoadBalancing": false,
                   "loadBalancingServerNodes": [
                       {
                           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
                           "name": "Central",
                           "hostName": "qlikdemo",
                           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
                           "roles": [
                               {
                                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                                   "definition": 0,
                                   "privileges": null
                               },
                               {
                                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                                   "definition": 1,
                                   "privileges": null
                               },
                               {
                                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                                   "definition": 2,
                                   "privileges": null
                               },
                               {
                                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                                   "definition": 3,
                                   "privileges": null
                               },
                               {
                                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                                   "definition": 4,
                                   "privileges": null
                               },
                               {
                                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                                   "definition": 5,
                                   "privileges": null
                               }
                           ],
                           "serviceCluster": {
                               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
                               "name": "ServiceCluster",
                               "privileges": null
                           },
                           "privileges": null
                       }
                   ],
                   "authenticationMethod": 1,
                   "headerAuthenticationMode": 1,
                   "headerAuthenticationHeaderName": "userid",
                   "headerAuthenticationStaticUserDirectory": "QLIKDEMO",
                   "headerAuthenticationDynamicUserDirectory": "",
                   "anonymousAccessMode": 0,
                   "windowsAuthenticationEnabledDevicePattern": "Windows",
                   "sessionCookieHeaderName": "X-Qlik-Session-Header",
                   "sessionCookieDomain": "",
                   "additionalResponseHeaders": "",
                   "sessionInactivityTimeout": 30,
                   "extendedSecurityEnvironment": false,
                   "websocketCrossOriginWhiteList": [
                       "qlikdemo",
                       "qlikdemo.local"
                   ],
                   "defaultVirtualProxy": false,
                   "tags": [],
                   "samlMetadataIdP": "",
                   "samlHostUri": "",
                   "samlEntityId": "",
                   "samlAttributeUserId": "",
                   "samlAttributeUserDirectory": "",
                   "samlAttributeSigningAlgorithm": 0,
                   "samlAttributeMap": [],
                   "jwtAttributeUserId": "",
                   "jwtAttributeUserDirectory": "",
                   "jwtAudience": "",
                   "jwtPublicKeyCertificate": "",
                   "jwtAttributeMap": [],
                   "magicLinkHostUri": "",
                   "magicLinkFriendlyName": "",
                   "samlSlo": false,
                   "privileges": null
               }
           ],
           "formAuthenticationPageTemplate": "",
           "loggedOutPageTemplate": "",
           "errorPageTemplate": "",
           "schemaPath": "ProxyService.Settings"
       },
       "serverNodeConfiguration": {
           "id": "f1d26a45-b0dd-4be1-91d0-34c698e18047",
           "name": "Central",
           "hostName": "qlikdemo",
           "temporaryfilepath": "C:\\Users\\qservice\\AppData\\Local\\Temp\\",
           "roles": [
               {
                   "id": "2a6a0d52-9bb4-4e74-b2b2-b597fa4e4470",
                   "definition": 0,
                   "privileges": null
               },
               {
                   "id": "d2c56b7b-43fd-44ad-a12f-59e778ce575a",
                   "definition": 1,
                   "privileges": null
               },
               {
                   "id": "37244424-96ae-4fe5-9522-088a0e9679e3",
                   "definition": 2,
                   "privileges": null
               },
               {
                   "id": "b770516e-fe8a-43a8-a7a4-318984ee4bd6",
                   "definition": 3,
                   "privileges": null
               },
               {
                   "id": "998b7df8-195f-4382-af18-4e0c023e7f1c",
                   "definition": 4,
                   "privileges": null
               },
               {
                   "id": "2a5325f4-649b-4147-b0b1-f568be1988aa",
                   "definition": 5,
                   "privileges": null
               }
           ],
           "serviceCluster": {
               "id": "b07fc5f2-f09e-4676-9de6-7d73f637b962",
               "name": "ServiceCluster",
               "privileges": null
           },
           "privileges": null
       },
       "tags": [],
       "privileges": null,
       "schemaPath": "ProxyService"
   }

    

7. In the response, locate the formAuthenticationPageTemplate field
   
   
8. You can then take your base64 encoded HTML file, paste the value into the formAuthenticationPageTemplate field. 
   
   Example:
   
   "formAuthenticationPageTemplate": "BASE 64 ENCODED HTML HERE",
   
   Once you have an updated body, you can use the PUT verb (with an updated modifiedDate) to PUT this body back into the repository. Once this is done, you should be able to goto your virtual proxy and you should see your new login page (very Qlik branded in this example):
   
   
   
   

If your login page does not work and you need to revert back to the default, simply do a GET call on your proxy service, and set formAuthenticationPageTemplate back to an empty string:

formAuthenticationPageTemplate": ""

Environment:

Qlik Sense Enterprise on Windows 

The distribution of QlikView apps from QlikView Distribution Service to Qlik Cloud fails with the error "TestCloudLicense: Failed - Unauthorized. Failed to retrieve qv_nodes tag."

Environment

• QlikView 
• Qlik Cloud 

Resolution

• The license used in Qlik Cloud is missing the QV_NODES tag, which allows the access to QlikView apps from Sense Deployments. For QlikView to distribute to a Qlik Cloud tenant,  the tag must be present in the tenant license.

Please, reach out to your account manager to have that fixed.

• This issue could also occur if there are missing configuration entries in he QVDistributionService.exe.config  file, refer to the following article QlikView Distribute to cloud fails: The type initializer for System.IdentityModel.Tokens.Jwt.JsonExtensions threw an exception.

This article gives an overview of how to analyse failed app reloads with OpenAI using Qlik Automate, which is now available as a template.

This template is triggered when a Qlik Cloud app reload fails. It then analyzes the reload error with OpenAI and sends a Slack message with the app, space, reload details, and AI diagnosis. Session app and data preparation reloads are filtered out to focus on user-created script issues, keeping your alerts relevant and actionable.

This template is a good starting point if you want to:

• Automatically detect when an analytics app reload fails
• Get an instant AI-powered analysis of the likely root cause
• Notify your team in Slack with all the context they need
• Keep noise low by filtering out session app and data preparation reloads
• Maintain a clear automation run history through readable run titles

The template is available on the template picker. You can find it by navigating to Add new -> New automation -> Search templates, searching for Diagnose failed app reloads with AI and notify your team on Slack in the search bar, and clicking the Use template option.

You will find a version of this automation attached to this article: "Diagnose-failed-app-reloads-with -AI-and-notify-your-team-on-Slack.json".

Content

• What this template does
• Before you start
• Step-by-step walkthrough
• Step 1: App Reload Finished (Webhook event)
• Step 2: Condition: skip session apps
• Step 3: Get Current Tenant Info
• Step 4: Condition: check if a space exists
• Step 5: Get User
• Step 6: OpenAI: Chat Completion Message (prompt builder)
• Step 7: Variable: chatList (message formatter)
• Step 8: OpenAI Chat Completion (AI call)
• Step 9: Condition 3, check if the AI response is too long
• Step 10: Send the Slack Message
• Step 11: Output 3 (run output display)
• Step 12: Update Run Title and Update Run Title 2
• Customization ideas
• Tips for new users
• Troubleshooting
• Summary

What this template does

When an analytics app reload fails, the automation:

1. Triggers on the App Reload Finished webhook event, filtered to analytics app reload errors only
2. Ignores session app reloads
3. Looks up tenant, user, and space details
4. Sends the reload error details to OpenAI for analysis
5. Posts the result to Slack
6. Updates the run title so the automation run history is easier to scan

The Slack message includes:

• The app name with a direct link to the app
• The app reload ID for reference
• Space name and space type
• The time the reload failed
• Reload duration
• An Error code or codes
• The AI-generated diagnosis and suggested next steps
  
  

Before you start

Before using this template, make sure you have access to:

• Qlik Cloud Tenant with permission to create and run automations
• The OpenAI connection configured in your tenant
• The Slack connection configured in your tenant

Step-by-step walkthrough

Step 1: App Reload Finished (Webhook event)

This is the first block in the automation. It acts as the listener that starts the entire workflow.

How it works:

The block runs in webhook mode and listens for the App Reload Finished webhook event from the Qlik Cloud Services connector. The template uses an App ID guard in the event filter to prevent unnecessary webhook triggers: (App Ids eq "Specify_Your_App_Id_Here")

What you need to configure:

Event Filter: Pre-set to Reload status (A) as Failed (error) and Usage (B) as Analytics. Replace Specify_Your_App_Id_Here in the App Ids (C) parameter with your actual app Id during development.

When moving to production, either:

• Keep the App Ids filter to monitor only selected critical app(s)
• Keep the Space Ids filter to monitor apps that reside in specific space(s)
• Remove the App Ids and Space Ids clause to monitor all analytics apps in scope

Step 2: Condition: skip session apps

This block provides a second layer of filtering, specifically for session apps.

How it works:

Even though the App Reload Finished webhook event filter only includes analytics app reloads, session apps can still slip through because they share the Analytics usage type. This condition checks the app ID for the SessionApp_ prefix. 

Session apps are temporary apps, primarily used by background system processes rather than front-end user consumption, so including them usually adds noise and low-value alerts.

Only include session app events if you intentionally create session apps through Qlik Cloud APIs. In that case, you should filter on the actor so that only your own generated events are processed.

Yes branch:

If the app is a session app, the automation stops early. The run title is updated to Analysis skipped (SessionApp) so the automation history clearly shows why no alert was sent.

No branch:

If the app is not a session app, the automation continues to the next blocks, where it gathers tenant, space, and user details before sending the failure analysis to OpenAI and posting the result to Slack.

What you need to configure:

• Nothing. This condition is pre-configured and requires no changes.
• Optional: If your use case depends on API-generated session apps, remove this exclusion and add an actor-based filter to avoid unrelated system events.

Step 3: Get Current Tenant Info

This block retrieves the hostname and other details about your Qlik Cloud tenant.

How it works:

The tenant hostname is later used to build a direct link to the failed app in the Slack message. Without this step, the link would be incomplete.

Step 4: Condition: check if a space exists

This block checks whether the failed analytics app reload came from an app that belongs to a space.

How it works:

It checks whether the space ID in the event payload is empty.

Yes branch:

If a space exists, the automation continues to the Get Space block. This block retrieves the name and type of the space where the analytics app lives. It uses the space ID from the App Reload Finished webhook event to look up the full space details, and it's stored in an object variable. The space name and type are included in the Slack message so your team immediately knows where the failed app is located.

No branch:

If no space exists, which means the app resides in the user's personal space, the automation creates a default object with the name Personal and type personal. This ensures the Slack message still has a space value to display, even when the app is in the user’s personal space.

What you need to configure:

Nothing. This condition is pre-configured and requires no changes.

Step 5: Get User

This block retrieves details about the user whose app reload failed.

How it works:

It uses the user ID from the App Reload Finished webhook event to look up user details. This information can be referenced in the Slack message and is useful if you want to escalate directly to the app owner or expand the notification with owner's contact information later.

Step 6: OpenAI: Chat Completion Message (prompt builder)

This block constructs the prompt that is sent to OpenAI.

How it works:

It formats the app reload error details from the App Reload Finished webhook event payload into a structured message and passes it to the OpenAI Chat Completion block.

The pre-written prompt instructs OpenAI to act as a senior Qlik Cloud Analytics engineer, identify the root cause of the app load script error, explain why it happened, and suggest the exact changes needed to fix it. Responses are capped at 800 characters and formatted as plain numbered paragraphs so they fit cleanly into a Slack message.

What you need to configure:

1. Connection: Connect this block to your OpenAI connection.
2. Content: The prompt is pre-written and ready to use. You can edit it if you want a different tone, more or less detail, or a different response format.
3. Role (required parameter): Set the role value (for example, assistant). This is required for a valid chat message payload.

   The role field is empty by default. The automation will fail at this step if you do not provide a role before running.

4. Other optional parameters: Leave the optional fields (Name, Functional Call Arguments, Function Call Name) empty unless you have a specific advanced use case.
   
   

Step 7: Variable: chatList (message formatter)

This block bridges the prompt builder and the OpenAI Chat Completion block.

How it works: 

The OpenAI Chat Completion block expects messages to be passed as a list, not a single object. This block first empties the chatList variable to make sure there is no leftover data from a previous run, then adds the response from the Chat Completion Message block as a new item in the list. The result is a properly formatted list that can be sent directly to the Chat Completion block.

What you need to configure:

Nothing. This block is pre-configured and works automatically based on the output of the previous step.

Step 8: OpenAI Chat Completion (AI call)

This block sends the prompt to OpenAI and receives the analysis response.

How it works: 

It calls the OpenAI Chat Completion API using the message built in the previous step.

The token limit is pre-set to 300 to keep responses concise. It prevents the model from rambling, helps cap output length to reduce cost, and remains bounded by the selected model's own architectural limits. The model field is intentionally left blank so you can choose the model that suits your subscription.

We tested this template with the gpt-5.4-mini model, and it performed very well for reload-failure diagnosis. In most cases, lower-cost models are generally very effective at diagnosing.

What you need to configure:

1. Connection: Make sure this block is connected to your OpenAI connection.
2. Model (required parameter): Use the do lookup functionality to select the model from the options available for you, or enter the name of the model you want to use.

   The model field is empty by default. The automation will fail at this step if you do not provide a model name before running.

3. Other optional parameters: Keep defaults unless you need specific tuning.
   
   

Step 9: Condition 3, check if the AI response is too long

This block checks whether the AI response fits within the Slack message size limit before sending.

How it works:

It measures the character length of the OpenAI response. If the response is 2800 characters or more, the message is too long to be posted cleanly in Slack, so the automation takes a fallback path.

Yes branch, response is too long (≥ 2800 characters):

The output variable is set to a fallback message: "Generated message was too long. Refer to [link] for full response."

The link points directly to this automation run in the history page so the team can still access the full AI diagnosis.

No branch, response fits (< 2800 characters):

The output variable is set to the full AI response from OpenAI. This value is then used in the Slack message in the next step.

What you need to configure:

Nothing. This condition is pre-configured. You can adjust the 2800-character threshold if needed.

Step 10: Send the Slack Message

This block posts the App Reload failure notification along with AI diagnosis to your Slack channel.

How it works:

It formats all collected details into a single Slack message. The message contains:

• A red circle emoji as a visual alert indicator
• The app name as a clickable link to the app in Qlik Cloud
• The app reload ID
• The space name, space type, and space ID
• The time the reload failed
• The reload duration in seconds
• The error code or codes
• The AI diagnosis from the output variable — either the full response or the fallback link, depending on which branch was taken in Step 9

What you need to configure:

1. Connection: Connect this block to your Slack connection.
2. Channel (required parameter): Use the do lookup functionality to find the ID of the Slack channel or directly enter the ID of the Slack channel where alerts should be posted.

   The channel field is empty by default. The automation will fail at this step if you do not provide a channel before running.

Step 11: Output 3 (run output display)

This block writes the full Slack message content to the automation run output so it is visible directly in the Output section of the automation run history.

How it works:

It captures and displays the exact same formatted message that was sent to Slack — including the app link, reload ID, space details, error code, and AI diagnosis. This means you can review what was sent without opening Slack, which is useful when debugging or auditing past runs. 

Step 12: Update Run Title and Update Run Title 2

These two blocks make automation run history easy to scan without opening every run.

How it works:

• Update Run Title is used on the main processing path (non-session apps). It sets a clear run title like:
  
  Assessed {app name} ({app id})
  
  This tells you the reload failure was analyzed and an alert flow was executed.
  
  
• Update Run Title 2 is used on the session-app skip path. It sets:
  
  Analysis skipped (SessionApp)
  
  This tells you the run intentionally exited early and did not send the full analysis flow.

Why this matters:

• Improves observability in run history
• Makes triage faster for support teams
• Distinguishes successful analysis runs from intentionally skipped runs

What you need to configure:

• Nothing. Both blocks are pre-configured.
• Optional: You can customize the title text to include the app owner or severity labels.

Customization ideas

You can modify this automation to match your specific requirement:

• Change the destination channel: send alerts to a different communication channel, like Microsoft Teams
• Add escalation steps: end email or Microsoft Teams alerts for critical apps or production spaces
• Adjust the AI prompt: make the response shorter, more technical, or tailored to your load script conventions
• Filter by app or space: extend the App Reload Finished webhook event filter to only alert for specific production apps or managed spaces
• Connect to a ticketing system: automatically create incidents in ServiceNow or Jira for severe app reload failures

Tips for new users

• Test the automation on a non-production analytics app first.
• Keep the AI prompt concise and specific so responses stay focused.
• Make sure all connectors are authenticated before running the template.
• Check the automation run history if the Slack message is missing or incomplete.
• Review the AI response for accuracy. It is designed to start the investigation, not replace your own validation.

Troubleshooting

The automation does not send a Slack message:

• Confirm the reload event had Reload status eq "Failed (error)" and Usage eq "Analytics".
• Verify the Slack and OpenAI connections are authenticated and valid.
• Check that the user running the automation has access to the app and space.

The AI response is too long:

• The template falls back to a run history link, which is expected behavior and avoids message truncation.

A reload you expected to see was not processed:

• Check whether the app is a session app. It will be skipped.
• Verify the reload was an analytics app reload and not a data preparation reload. Data preparation reloads are excluded at the webhook level.
• Confirm the event filter on the webhook block is correct.

Summary

This template gives you a focused, low-noise starting point for AI-assisted analytics app reload failure handling in Qlik Cloud. By filtering to analytics app errors only and excluding both session apps and data preparation reloads, it keeps alerts relevant and actionable. Teams can respond faster to app load script issues by receiving a clear Slack notification with context and an AI diagnosis the moment something goes wrong. You can modify the automation by adjusting the AI prompt, changing the destination channel, or adding escalation steps such as email or Microsoft Teams alerts.

This article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

The Qlik Sense Repository Database (QSR) can be moved to a dedicated standalone PostgreSQL instance not hosted on the same machine as other Qlik Sense Services. It is also possible to move an already existing QSR from a local Sense install, to a dedicated PostgresSQL database.

Content:

• Set up a postgresSQL database
• Simplified checklist of steps:
• Moving the Qlik Sense Share Folders as well?
• Backup
• Restore
• Changing the Connection String to QSR and QSMQ Database
• Changing the Connection Stringto SenseServices Databases.
• Changing the Connection String to Licenses Database ( April 2019 and up )
• Remove Database Service dependency and Postgres Server
• Finalize

Set up a postgresSQL database

Instructions for this might vary slightly. Please refer to the Qlik Online Help for details.  We recommend watching this video.

Qlik Sense Enterprise server has a set of five databases. For more details visit Installing and configuring PostgreSQL on help.qlik.com.

1. The Qlik Sense repository database (QSR):

The QSR is the primary database in your Qlik Sense deployment.

2. The Qlik Sense services database (SenseServices):

The SenseServices database contains schemas for each of the Qlik Sense services and allows growth independently of the Qlik Sense Repository Database, while still sharing the same PostgreSQL instance and login role.

3. The Qlik Sense message queue database (QSMQ):

The QSMQ database provides a light-weight method of passing messages internally between services in Qlik Sense Enterprise. The NOTIFY and LISTEN functionality in PostgreSQL allows services to be notified about new messages that have been written to the messaging table.

4. The Qlik Sense logging database (QLogs): No longer supported after May 2021

The QLogs database centralizes logging by collecting log messages from all Qlik Sense nodes in your deployment and stores them in a PostgreSQL database.

5. The Qlik Sense license service database (Licenses):

The Licenses database is used to sync the assignments between the Qlik license backend and the local installation.

Simplified checklist of steps:

1. Download a valid version of postgresSQL.  For Sense June 2017 and up, 9.6.x is required, from November 2019 version 11.5.x as well. From May 2021 version 12.5 can be used. Review the system requirements of your version before proceeding.
2. Install based on instructions found on the Qlik Online Help for Qlik Sense; select the version you are running on then select from Menu , Deploy - Qlik Sense installation - Installing and configuring PostgreSQL.

Moving the Qlik Sense Share Folders as well?

Follow How to change the shared path in Qlik Sense 

Backup 

Depending on the version, you need to backup different databases, on the current Qlik Sense central node hosting the Qlik Sense Repository Database service, follow the backup instructions to obtain a database copy of each Qlik Sense Database Present . 
   Example for February 2021  you need to backup the databases reported in section "Installing and configuring PostgreSQL"; referring to the Help site these are : 
    QSR , QSMQ , SenseServices , Licenses , if configured QLogs    

Restore

On the dedicated remote postgresSQL host, perform a restore   of the backed up Databases of previous point. 

Changing the Connection String to QSR and QSMQ Database 

1. On the Qlik Sense central node, all services but the Qlik Sense Repository Service are shut down.
2. Open QlikSenseUtil. By default, this will be installed in: C:\Program Files\Qlik\Sense\Repository\Util\QlikSenseUtil\QlikSenseUtil.exe
3. Open the Connection String Editor and Read the current configuration, decrypting the current data.
   
   
4. Replace all mentions of the current database hostname.  In our example, the new database resides on 172.16.16.103. Instead of an IP you can also use the FQDN of the db server.
5. You need to repeat this step for the   sections <add name="QSMQ" and <add name="postgres"
6. Hit Save Value in config file encrypted, committing any changes. 

Changing the Connection String to SenseServices Databases. 

       Execute steps in Moved Postgress database to new host, but some qliksense is still accessing the SenseServices old database; check if different version of article are present for different Qlik Sense version .

Changing the Connection String to Licenses Database ( April 2019 and up ) 

Starting from April 2019 new License Service implementation is using this database.

1.   Open an elevated Powershell and change directory to C:\Program Files\Qlik\Sense\Licenses
2.    Run the script .\Configure-Service.ps1 and provide:
   • new Hostname or IP  
   • database port default is 4432
   • database user qliksenserepository
   • databasepassword is the qliksenserepository password  used during configuration of  the new database.
3. example: 
4. cd  'C:\Program Files\Qlik\Sense\Licenses'
5. .\Configure-Service.ps1 172.16.16.102 4432 qliksenserepository Password123!

It will look like this:

repeat this for:

Remove Database Service dependency and Postgres Server

After successfully verifying your new setup, remove the Qlik Sense Repository service dependencies and the old Postgres database. This is done to avoid issues with future Upgrade of Environment. 

1. In an elevated command prompt, execute the following on prompt:
   
   c:\sc config "QlikSenseRepositoryService" depend= ""
   c:\sc config "QlikLoggingService" depend= ""
   
   This will return: 
   
   [SC] ChangeServiceConfig SUCCESS
   
   
2. Restart the Qlik Sense Repository Service.
   
   Check that Qlik Sense Repository Database doesn't start (confirms [SC] ChangeServiceConfig SUCCESS ).
   
   
3. Remove the (local) Qlik Sense Repository Database
   
   Find the most recent PostgreSQL.msi in C:\ProgramData\Package Cache\  and remove it. This removes the service but no old local database data. This is needed to prevent issues on future upgrades of Environment.
   
   You can find the precise folder with this command depending on the Postgresql Version you used installing the inital release.
   
   9.6:
   
   c:\cd ProgramData\Package Cache
   c:\ProgramData\Package Cache\dir /s PostgreSQL.msi
   
   The folder containing PostgreSQL.msi will be revealed. Right click on the PostgreSQL.msi file and select uninstall from the menu.
   
   12.5:
   
   c:\cd ProgramData\Package Cache
   c:\ProgramData\Package Cache\dir /s PostgreSQL125.msi
   
   The folder containing PostgreSQL.msi will be revealed. Right click on the PostgreSQL.msi file and select uninstall from the menu.
   

Finalize

1. Restart the Qlik Sense Repository Service and verify that Qlik Sense Repository Database Service doesn't exist when followed the previous steps.
2. Start all remaining Sense Services 
3. Progress on the startup sequence (including the connection to the new database) can be tracked in the _System_Repository log files located in C:\ProgramData\Qlik\Sense\Log\Repository\Trace
4. Verify functionality.

5. In Multi-node scenario you need to repeat steps "Changing the Connection Strings to Databases" on all Rim nodes (QlikSenseUtil for Repository.exe.config and Configure-Service.ps1 for the micro services), and if required configure "Update the Qlik Logging Service Connection String" (note that is EOL with Qlik Sense Enterprise on Windows February 2022) .   

Environment

Qlik Sense Enterprise on Windows 

After the Talend Remote Engine goes down, the Remote Engine logs repeatedly show the same message in TalendRemoteEngine/data/log/karaf.log:

org.apache.karaf.main.lock.SimpleFileLock lock INFO: Lock failed

Resolution

To resolve this, verify ownership and permissions of the application files, remove stale lock files, and restart the Talend Remote Engine:

1. Ensure that the dedicated Talend user and group have full recursive ownership over the application files to prevent any permission-related runtime errors:
   

   sudo chown talenduser:talendgroup /opt/talend/TalendRemoteEngine -R

   Adjust the absolute path `/opt/talend/` if your installation directory differs.
   
   
2. Stop the Talend Remote Engine Service: 

   sudo systemctl stop talend-remote-engine.service

3. Manually purge the stale or unsynced lock file that is blocking the engine startup:

   rm /opt/talend/TalendRemoteEngine/lock

4. Restart the Talend Remote Engine Service. The engine will automatically generate a fresh, synced lock file upon a successful boot.

   sudo systemctl start talend-remote-engine.service

Cause

An unexpected downtime or sudden disconnection of the Talend Remote Engine (RE) left the application's file lock (TalendRemoteEngine/lock) in an unsynced or stale state. Because the container detected this pre-existing lock file upon recovery, it assumed another process was already running, subsequently blocking all other dependent modules and services from initializing.

Environment

• Talend Remote Engine

Executive Summary 

A security issue has been identified in Qlik NPrinting, and patches have been made available. If the vulnerability is successfully exploited, the issue could lead to a compromise of the server running the Qlik NPrinting software, including unauthenticated remote code execution (RCE).

Affected Software 

All versions of Qlik NPrinting prior to and including these releases are impacted: 

• Qlik NPrinting February 2025 SR5

Severity Rating 

Using the CVSS V3.1 scoring system (https://nvd.nist.gov/vuln-metrics/cvss), these issues are rated HIGH.

Vulnerability Details

(CVE-pending) OP-1018, Remote Code Execution (RCE) via Insecure Deserialization (TypeNameHandling.Auto)

Severity: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N 7.7(High)

Authenticated developers and administrators with network access may be able to execute arbitrary OS commands in Qlik NPrinting.

(CVE-2024-55580) QB-29586, QB-29864, QB-30007, QB-29802 - Broken Access Control (BAC)

Resolution 

Recommendation 

Customers should upgrade Qlik NPrintings to a version containing the necessary fix. The fix is available for the following versions:

• Qlik NPrinting May 2026 IR
• Qlik NPrinting February 2025 SR 6

All Qlik software can be downloaded from our official Qlik Download page (customer login required).

Qlik Talend Studio was successfully set up on a virtual machine (VM). After cloning the VM, opening Qlik Talend Studio fails to open projects, instead erroring out with:

An error occured:

'void org.talend.repository.gitprovider.core.GitBaseRepositoryFactory.updateLockStatus()'

Resolution

To fix the error, shut down Qlik Talend Studio first, then delete all .lock files found inside the .git directories.

The git lock files are found in the workspace for Qlik Talend Studio:

• <talend_workspace>/.git/index.lock
• <talend_workspace>/.git/refs/heads/<branch>.lock
• <talend_workspace>/.git/HEAD.lock
• <talend_workspace>/.git/config.lock
• Check nested project repositories for additional files

Cause

The GitBaseRepositoryFactory.updateLockStatus() error commonly occurs due to stale Git lock files that were copied along with the VM snapshot.

When the VM was snapshotted or copied, Qlik Talend (or its embedded Git) was likely mid-operation or simply had lock files present. These .lock Files are now orphaned on the cloned VM, and Git thinks a process is holding a lock, but no such process exists.

Related Content [can be removed if not necessary]

[Paragraph format. Link to related content, such as articles, community posts, Help articles, etc...]

Internal Investigation ID(s) [can be removed if not necessary]

[Paragraph format with internal investigation IDs (e.g Jira case ID(s)) ]

Environment

• Qlik Talend Studio

The Qlik Replicate Endpoint Server fails to start. The error may occur after an upgrade or initial installation and presents with the following error:

Failed to curl_easy_perform: curl status = 3, URL using bad/illegal format or missing URL ()

Resolution

To resolve this issue, redirect the Java temporary directory to an alternative location that allows execution:

1. Create a new temporary directory and ensure the Qlik Replicate user has full read/write/execute permissions:

   • mkdir -p /att_tmp

   • chmod 755 /att_tmp

   • chown attunity:attunity /att_tmp

2. Navigate to the Qlik Replicate bin directory:

   cd /opt/attunity/replicate/endpoint_srv/bin

3. Back up the original script before editing:

   cp rependctl.sh rependctl.sh.bak

4. Open the script with a text editor:

   vi rependctl.sh

5. Locate the Java execution line at the end of the file (starts with "${AT_JAVA}"). 
6. Add the -Djava.io.tmpdir=/<your_new_tmp_directory> parameter into the statement.
   
   Example after modification:
   

   "${AT_JAVA}" -XX:+UseG1GC -Djava.io.tmpdir=/att_tmp -Dfile.encoding=UTF-8 ${AT_JVM_OPT} -cp "${AT_CP}" "${AT_MAIN}" -d "${AT_DATA}" -plugins "${AT_PLUGIN_LIST}" "${@:1}"

7. Save the changes, exit the editor, and restart the Qlik Replicate services.

Cause

The Qlik Replicate Endpoint Server utilizes the default system /tmp directory to unpack and execute temporary binary files or scripts during startup. If the /tmp filesystem is mounted with the noexec parameter (typically for security hardening in /etc/fstab), or if there are restrictive permissions on the /tmp folder, the application will be blocked from executing these files, causing the initialization to fail.

Internal Investigation ID(s)

00397473

Environment

• Qlik Replicate

Qlik Replicate tasks fail to capture primary keys with a numeric value in a string datatype.

The problem occurs if the following criteria are met:

• Log based SAP Hana replication
• The column is part of the Primary Key with a CHAR datatype
• The column contains both alphanumeric and numeric records

This leads to numeric records missing inserts during CDC replication. An upgrade to a later patch is required to resolve this issue.

Environment

• Qlik Replicate 2024.11.0.641
• SAP Hana Source endpoint

Resolution

Patch Qlik Replicate to (at least) 2025.11 SP04. Download the patch from the Qlik download page.

Qlik Replicate patches can be made available before their official release. Contact Qlik Support for details.

Environment

• Qlik Replicate 2024.11.0.641
• SAP Hana Source endpoint

This article documents how to update the Qlik Talend Data Catalog repository password, which can be achieved either through the Talend Data Catalog user interface or the configuration files.

Changing the password in the user interface

1. Log in to Qlik Talend Data Catalog with a user assigned the global role Application Administration.
2. Navigate to Manage 
3. Go to System
4. Click Configure 
   
   
   
   
5. Set the new database credentials, then click SAVE 
   
   
   
   
6. Restart the Qlik Talend Data Catalog service

Changing the password in the configuration files

1. Stop the Talend Data Catalog Application Server

   The application must be stopped completely before making changes to configuration files.

   • Linux: Navigate to the software home directory and run the RestartServerApplication.sh script as follows:

     cd /opt/<TDC_HOME>/TalendDataCatalog sudo ./RestartServerApplication.sh exit

   • Windows: Go to the software home directory and run the RestartServerApplication.bat file to start the Talend Data Catalog Application Server. Alternatively, use the Windows Services applet. 
2. Navigate to the Talend Data Catalog configuration directory: <TDC_INSTALLATION_DIR>/conf
3. Locate the mm.conf.properties file
4. Open mm.conf.properties using a text editor and identify the database connection password parameter: 
   

   db.connection.password=  

5. Update this value with the new password

   Avoid extra spaces when updating the value.

   
    
6. Save the changes
7. Restart the Talend Data Catalog application to apply the updated configuration

Validation Steps 

• Verify the Database Connection
  After the application is up and running, validate that Talend Data Catalog successfully connects to the repository database. You can do this by checking the application logs or accessing the Talend Data Catalog interface.
• Password Encryption Confirmation
  After a successful restart, the password in the mm.conf.properties file should automatically be encrypted by the application. This confirms that the configuration has been applied correctly.

Environment

• Qlik Talend Data Catalog

Qlik Talend Data Catalog login fails with the following error written to the logs:

General error during service initialization: The Scheduler has been shut down.

A complete error stack trace:

(System) MIRWEB_F0004 General error during service initialization: The Scheduler has been shutdown.
(System) MIRWEB_E0115 Application Exception for request: MITI.web.mm.actions.auth.InitLicense.
Browser URL: 
Parameters:
   username: Administrator
   password: ********
MITI.web.common.exceptions.CommandFaultException: The Scheduler has been shutdown.
    at MITI.web.mm.actions.auth.InitLicense.runJsonCommand(InitLicense.java:81) ~[1-MM.war:?]
    at MITI.web.mm.actions.AbstractJsonAction.doExecute(AbstractJsonAction.java:27) ~[1-MM.war:?]

Resolution

Restart the Qlik Talend Data Catalog application server using the RestartServerApplication script. 

Linux:

Navigate to the software home directory and run the RestartServerApplication.sh script:

cd /opt/<TDC_HOME>/TalendDataCatalog sudo ./RestartServerApplication.sh exit

Windows:

Go to the software home directory and run the RestartServerApplication.bat file to start the Talend Data Catalog Application Server.

Alternatively, restart the service using the Windows Services applet.

Cause

The error indicates that the internal scheduler service (Quartz scheduler) is not running or has already been terminated when the web service tries to initialize. Because the application attempted to use the scheduler service, which had already been stopped when the server shut down due to license expiration. When the InitLicense request was executed, it attempted to access scheduled events, but the scheduler was not running or properly initialized.

Common root causes are:

• An expired license, leading to the scheduler service failing to start due to license expiration 
• The Talend Data Catalog Tomcat server did not shut down correctly

Environment

• Qlik Talend Data Catalog

If you want to submit a new idea or improvement request for Qlik's products, our Ideas section in the Qlik Community is open to all registered customers. The Ideation portal covers ideas and suggestions for all Qlik Products, such as Qlik Cloud Analytics, Qlik Sense Enterprise on Windows, Qlik Talend, Qlik Stitch, and more.

Content:

• Where to find Qlik Ideation
• How to submit an Idea on the Ideation

Ideas are qualified and prioritized based on their value to improving and enhancing the Qlik product. For a successful request, please consider including a strong business case on why you think the change would be beneficial, including:

• Functionality: How does the product work now? How would you like it to work in the future? 
• Motivation: Why is the change important for your business?
• Importance: What is the impact if the feature request is not approved?
• Benefits: What is the impact if the feature request is implemented?

Where to find Qlik Ideation

1. Go to the Qlik Community
2. Log in!
3. After logging in, navigate to Ideation

   A valid Qlik ID (log in to the Community) is required.

   1. You can navigate there manually from (a) Ideation
   2. And (b) Browse and Suggest
      
      
      
      
4. Scroll down to locate the Ideation Landing Page / App
   
   
   
   For more information on the Ideation Dashboard and its functionalities, see About Ideation.
   
   
   

How to submit an Idea on the Ideation

Before you get started, review Ideation Guidelines: How to Submit an Idea for submission guidelines and eligibility information.

1. Go to the Ideas Site  

   A valid Qlik ID (log in to the Community) is required.

2. Click the Suggest Features card
    
   
   
   
3. Provide us with as much detail as possible, including a descriptive subject and description.
4. Choose the appropriate Product Area.
5. And click Submit request.
   
   

Ideas and Improvement requests are reviewed by our product teams. While we strive to provide answers, we cannot guarantee a specific response time.  

Related Content:

Ideation on Community  
Ideation Platform Updates
Ideation Guidelines: How to Submit an Idea

This article documents an example of how to configure MAM control of the Qlik Analytics Mobile app. 

The example is provided as is. Qlik does not offer guidance on configuring Entra Conditional Access policies or broader Intune deployments. For those details, see Learn about Conditional Access and Intune in the Microsoft documentation.

As per Securing and configuring the Qlik Analytics mobile app with Microsoft Intune and the section titled Conditional Access scope considerations, the authentication flow for the mobile app follows the Qlik Cloud IDP OIDC progression.

The pattern and steps outlined in this article are the working example Qlik used in verification testing of the Conditional Access control for the Qlik Analytics mobile app policy deployment. Your own policy and configuration definitions may vary, and Microsoft documentation or support should be contacted for further help that is specific to your Entra and Intune environments.

1. Identify the IDP App Registration:
   
   
   1. Navigate to Entra ID → App registrations
   2. Locate the OIDC IDP app registration and note the Application (client) ID
   3. Confirm this is the client ID presenting itself during the OIDC browser redirect
      
      
2. Modify Existing All Cloud Apps Policy
   
   
   1. Navigate to Protection → Conditional Access → Policies
   2. Open the existing All Cloud Apps policy
   3. Go to Cloud apps or actions → Exclude and add the IDP app registration client ID
   4. In Conditions → Device platforms: Any device
   5. In Conditions → Client apps: Browser + Mobile apps and desktop clients
   6. Grant access: Require device to be marked as compliant
   7. Save and set to Report-only at first
      
      
3. Create a new Targeted Policy for IDP Registration
   
   
   1. Create a new CA policy
   2. Set Users to the same scope as the existing policy
   3. Set Cloud apps to include IDP app registration only
   4. In Conditions → Device platforms: iOS, Android, macOS, Linux
   5. In Conditions → Client apps: Browser + Mobile apps and desktop clients
   6. Grant access: Require multifactor authentication (MFA)
   7. Set to Report-only at first
      
      
4. Validate in Report-Only before enabling
   
   
   1. Navigate to Sign-in logs
   2. Attempt the auth flow on a test device
   3. Check the sign-in log entry for the OIDC redirect leg
   4. Confirm report-only shows that the existing policy (Step 2) would have passed for a compliant device excluded
   5. Confirm report-only shows that the new policy (Step 3) would have passed for MFA on Authentication via Authenticator
   6. Once both are confirmed, switch both policies to enabled

On the test device:

1. Clear app session state and OIDC tokens
2. Re-attempt the full auth flow end-to-end
3. Confirm OIDC leg completes → local token issued -> on Authentication via Authenticator
4. Confirm MSAL leg completes → MAM policy on device confirmed
5. Confirm Qlik Analytics loads successfully

Environment

• Qlik Cloud
• Qlik Analytics mobile with Intune

High target latency is observed when replicating to an Azure Data Lake Storage (ADLS) target.

Because ADLS is a file-based storage system rather than a traditional relational database, such high latency is unexpected.

Additionally, even though the File size reaches (KB) and Elapsed time reaches (Sec) thresholds are properly configured under the ADLS endpoint's Change Processing settings, Qlik Replicate fails to upload or transfer any CSV files to the target.

This behavior makes the replication task appear completely stuck or frozen.

Resolution

To resolve this issue, enable the internal parameter splitTransactionOverFiles on the endpoint. This forces Qlik Replicate to split large single transactions across multiple smaller files, allowing your file size and elapsed time thresholds to trigger properly and restoring normal file delivery.

1. Open the ADLS endpoint settings and switch to the Advanced tab
2. Click Internal Parameters
3. Enter the parameter splitTransactionOverFiles 

   The field is case-sensitive.

4. Enable the parameter
5. Save

Cause

By default, Qlik Replicate writes an entire source transaction into a single target file.

If the source system executes a massive transaction (for example, updating 1 million records in a single commit), Qlik Replicate must process and write all 1 million records into the same CSV file and upload it.

This causes the file transfer to hold indefinitely until the entire transaction is written, resulting in high latency.

Environment

• Qlik Replicate

The HostInfo.xml file in Talend Data Catalog is used for license management. It contains your server's hardware and host identity information and is required whenever you need a new license generated by Qlik.

1. To download the HostInfo.xml file from your Talend Data Catalog, sign in as a user with the Application Administrator capability global role assignment.
2. Go to MANAGE > License.
3. Click DOWNLOAD LICENSE INFORMATION

4. Submit the HostInfo.xml file to the Qlik Customer Portal as part of your license request.
   
   Qlik will use the host information to generate a license file tied to your server.
   
   For active-passive cluster setups, you can get a license that works for both servers by providing two HostInfo.xml files, one for each server in your license request.

5. Once you have obtained your new .lic file, sign in as a user with the Application Administrator capability global role assignment.
6. Go to MANAGE > License.
7. Click UPDATE LICENSE
8. Confirm with Yes that you wish to continue.
9. Browse to the new license file and click Import.
10. Refresh your browser and log back in to see your new license.

Related Content

• Download License Information
• Update the License 
• Manage Users and Authentication 
• Manage Global Roles 

Environment

• Qlik Talend Data Catalog

Beginning on April 14, 2026, QlikView customers experienced outages and intermittent disruptions within their QlikView environments. These incidents coincided with the deployment of Microsoft’s April 2026 security patches to Domain Controllers, which affected QlikView Server Service (QVS) communications over port 4747.

The Microsoft patches introduced changes targeting Kerberos authentication and RC4 encryption. As a result, QlikView environments where RC4 remained enabled (such as at the domain account or Windows server level) became unstable or non-functional.

The impact on QlikView may include, but is not limited to:

• Failed QlikView Distribution Server distribution tasks with an error code indicating an Authentication Failure.
• "No Server" message on the QlikView AccessPoint with an error message in the Web server log indicating that the Web server cannot connect to the QlikView Server.
• Failed Qlik NPrinting distributions to QlikView using a QVP Connection.
• Problems accessing the QlikView Server settings from the QlikView Management Console, or failures for the QlikView Server to come online after a restart.

This article documents the steps to reconfigure the environment to comply with the RC4 cipher suite deprecation. 

Resolution

Information in this article is based on Microsoft's remediation steps and has been adjusted and expanded to include QlikView-specific instructions. For the original, see Detect and remediate RC4 usage in Kerberos | learn.microfot.com. 

There are three stages; not all may be required. Always start at the first one.

Reset the Computer Account

These steps require you to remove the computer from the domain and then re-add it. Before proceeding, ensure you have a Local Administrator account and its password for each of the QlikView servers.

1. Confirm the Domain Controllers and the QlikView server(s) have the Microsoft patch applied.
2. Reset the Active Directory Computer Account (not the Service Account) on the Domain Controller’s Active Directory Users and Computers interface.
3. Place the QlikView server(s) into a Workgroup:
   1. Log onto the local computer of the QlikView server
   2. Open the Server Manager
   3. Go to Local Server
   4. Go to Computer Name
   5. Place the server in a local group
   6. Reboot the QlikView server
   7. Repeat the step for all QlikView servers if you have additional nodes
4. Return the QlikView server(s) to the Domain:
   1. After the reboot, return to the Server Manager
   2. Go to Local Server
   3. Go to Computer Name
   4. Re-join the Domain and reboot the server
   5. Repeat the step for all QlikView servers if you have additional nodes
5. Test the QlikView environment to confirm this has resolved the interruptions.

Kerberos ticket reset

It may be necessary to clear the Kerberos ticket on the affected QlikView server(s).

1. Open PowerShell or a Command Prompt with elevated permissions
2. Run the command: Klist purge

Reset the Service Account

It may be necessary to reset the Domain password for the QlikView service account.

1. Verify that all server Domain Controllers and Windows Servers on which the QlikView Application is installed are patched.
2. Verify that RC4 encryption is disabled.
3. Reset the QlikView service account password.
4. Open the Services panel, then reapply the QlikView service account using the new password
5. Restart the QlikView services.

   If the QlikView service account was used for any data connection(s), they will need to be updated with the new password.

Related Content

• What Changed in RC4 with the January 2026 Windows Update and Why it is Important | techcommunity.microsoft.com 

Microsoft Patches:

• Windows Server 2022 (DC): KB5082142
• Windows Server 2019 (DC): KB5082123
• Windows Server 2016 (DC): KB508208

Environment

• QlikView

This article explains how to connect the Qlik MCP (Model Context Protocol) server to Snowflake Intelligence, enabling Snowflake Cortex Agents to query and interact with Qlik Cloud resources, such as apps, data assets, and analytics, directly from the Snowflake AI interface.

Content

• Prerequisites
• Setup Steps
• Create an OAuth2 Client in Qlik Cloud
• Register the Qlik MCP Server in Snowflake
• Connect to Qlik MCP in Snowflake Intelligence
• Test with a Cortex Agent
• Troubleshooting
• Related Content

Prerequisites

• Qlik Cloud: Tenant Administrator access to create OAuth clients in the Administration activity center
• Snowflake: ACCOUNTADMIN role (or a role with CREATE INTEGRATION and CREATE MCP SERVER privileges)
• Snowflake Intelligence access (Cortex Agents) enabled on your Snowflake account
• Your Qlik Cloud tenant hostname (example: your-tenant.us.qlikcloud.com)

Setup Steps

Create an OAuth2 Client in Qlik Cloud

The OAuth2 client provides Snowflake with the credentials it needs to authenticate against the Qlik MCP server on behalf of users. For details on creating OAuth clients, see Creating and managing OAuth clients.

Copy the Client ID and Client Secret immediately after creation. The secret cannot be retrieved later — if lost, you must generate a new one.

1. Log in to your Qlik Cloud tenant and navigate to the Administration activity center, or go directly to https://<your-tenant>/console.
2. Go to OAuth 
3. Click Create New
4. Fill in the following fields:
   
   
   • Name: A descriptive name
   • Client type: Web
   • Authentication method: Client secret
   • Redirect URL: https://identity.snowflake.com/oauth2/callback
   • Allowed origins (optional): https://identity.snowflake.com
   • Scopes: user_default, mcp:execute

     The mcp:execute scope is required to allow Snowflake to invoke tools on the Qlik MCP server. The user_default scope grants access to resources the authenticated user can already access in Qlik Cloud.

5. Click Create.
6. A dialog will display the Client ID and Client Secret. 
   
   Copy both values immediately and store them securely. The Client Secret will not be shown again.
   
   

Register the Qlik MCP Server in Snowflake

For details on the Qlik MCP server endpoint and supported tools, see Connecting to the Qlik MCP server.

Using the OAuth client credentials previously retrieved, run the following Snowflake SQL script to:

• Create an API Integration with OAuth2, pointing to your Qlik tenant
• Register an External MCP Server using that integration
• Grant usage to the appropriate role
  

  -- ============================================================
  -- Parameters — update these values before running
  -- ============================================================
  SET TENANT        = '<your-tenant>.us.qlikcloud.com'; -- Do not include https://
  SET CLIENT_ID     = '<your-oauth-client-id>';
  SET CLIENT_SECRET = '<your-oauth-client-secret>';
  SET ALLOWED_ROLE  = 'PUBLIC'; -- The Snowflake role that should have access.
                                -- ⚠️ PUBLIC grants access to all users in the account.
                                -- For production, replace with a more restrictive role.
  
  -- ============================================================
  -- Derived values — no changes needed below this point
  -- ============================================================
  SET MCP_URL = 'https://' || $TENANT || '/api/ai/mcp';
  
  -- Create the API Integration with OAuth2 configuration
  DROP API INTEGRATION IF EXISTS qlik_mcp_integration;
  
  EXECUTE IMMEDIATE
  $$
  DECLARE
      v_tenant        VARCHAR;
      v_client_id     VARCHAR;
      v_client_secret VARCHAR;
      v_mcp_url       VARCHAR;
      sql_stmt        VARCHAR;
  BEGIN
      SELECT GETVARIABLE('TENANT')        INTO v_tenant;
      SELECT GETVARIABLE('CLIENT_ID')     INTO v_client_id;
      SELECT GETVARIABLE('CLIENT_SECRET') INTO v_client_secret;
      v_mcp_url := 'https://' || v_tenant || '/api/ai/mcp';
  
      sql_stmt :=
          'CREATE API INTEGRATION qlik_mcp_integration'
          || ' API_PROVIDER = external_mcp'
          || ' API_ALLOWED_PREFIXES = (''' || v_mcp_url || ''')'
          || ' API_USER_AUTHENTICATION = ('
          || '   TYPE = OAUTH2'
          || '   OAUTH_CLIENT_ID = ''' || v_client_id || ''''
          || '   OAUTH_CLIENT_SECRET = ''' || v_client_secret || ''''
          || '   OAUTH_TOKEN_ENDPOINT = ''https://' || v_tenant || '/oauth/token'''
          || '   OAUTH_CLIENT_AUTH_METHOD = CLIENT_SECRET_POST'
          || '   OAUTH_AUTHORIZATION_ENDPOINT = ''https://' || v_tenant || '/oauth/authorize'''
          || '   OAUTH_REFRESH_TOKEN_VALIDITY = 86400'
          || '   OAUTH_ALLOWED_SCOPES = (''user_default'', ''mcp:execute'')'
          || ' )'
          || ' ENABLED = TRUE';
  
      EXECUTE IMMEDIATE sql_stmt;
  END;
  $$;
  
  SHOW API INTEGRATIONS LIKE '%qlik%';
  
  SET DISPLAY = 'Qlik MCP server ' || $TENANT;
  DROP EXTERNAL MCP SERVER IF EXISTS qlik_mcp_server;
  
  CREATE EXTERNAL MCP SERVER qlik_mcp_server
      WITH DISPLAY_NAME = $DISPLAY
      API_INTEGRATION  = qlik_mcp_integration;
  
  ALTER EXTERNAL MCP SERVER qlik_mcp_server
      SET URL = $MCP_URL;
  
  -- Grant access to the specified role
  GRANT USAGE ON INTEGRATION  qlik_mcp_integration TO ROLE IDENTIFIER($ALLOWED_ROLE);
  GRANT USAGE ON MCP SERVER   qlik_mcp_server       TO ROLE IDENTIFIER($ALLOWED_ROLE);
  
  -- ============================================================
  -- Verification queries
  -- ============================================================
  SHOW EXTERNAL MCP SERVERS;
  DESCRIBE EXTERNAL MCP SERVER qlik_mcp_server;
  SHOW API INTEGRATIONS LIKE '%qlik%';
  
  -- Initiate the user OAuth flow
  SELECT SYSTEM$START_USER_OAUTH_FLOW('qlik_mcp_integration');
  ​

  The SYSTEM$START_USER_OAUTH_FLOW call at the end generates a URL you can open in a browser to validate the OAuth handshake with Qlik Cloud before proceeding to Snowflake Intelligence.

Connect to Qlik MCP in Snowflake Intelligence

Once the MCP server is registered in Snowflake, you can authorize and use it directly from the Snowflake Intelligence UI.

1. Open Snowflake Intelligence. The URL follows the pattern https://ai.snowflake.com/<orgname>/<accountname>.
   
   For example, https://ai.snowflake.com/myorg/myaccount. If you are unsure of your URL, contact your Snowflake account administrator.
   
   
2. Click your profile icon (bottom left corner) to open your personal settings.
3. Navigate to the Connectors section. You will see Qlik MCP Server listed, pointing to your configured Qlik Cloud tenant.
4. Click the Connect button next to the Qlik MCP entry.
5. You will be redirected to Qlik Cloud to complete the OAuth2 authorization flow. Log in with your Qlik Cloud credentials if prompted, then approve the requested permissions (user_default, mcp:execute).
6. After authorization, you are returned to Snowflake Intelligence. The Qlik MCP connector will show a Connected status.
7. You can now ask Snowflake Intelligence questions that involve Qlik Cloud resources. The Cortex Agent will automatically invoke the appropriate Qlik MCP tools to retrieve data, apps, or analytics content.
   
   

Test with a Cortex Agent

To validate the full integration, create a test Cortex Agent that uses the Qlik MCP server.

Before running: Replace CORTEX_APP.PUBLIC with the database and schema where you want to create the agent in your Snowflake environment. The database must already exist.

-- Replace <YOUR_DATABASE> and <YOUR_SCHEMA> with your target database and schema
CREATE OR REPLACE AGENT <YOUR_DATABASE>.<YOUR_SCHEMA>.qlik_mcp_test_agent
  FROM SPECIFICATION $$
models:
  orchestration: auto
instructions:
  response: >
    You are a test agent that verifies connectivity to the Qlik MCP server.
    Use the available Qlik tools to answer the user's question.
  orchestration: "Use the Qlik MCP tools to answer questions about Qlik Cloud."
mcp_servers:
  - server_spec:
      name: "<YOUR_DATABASE>.<YOUR_SCHEMA>.QLIK_MCP_SERVER"
$$;

Once created, invoke the agent with a test prompt such as: What Qlik apps are available in my tenant?

A successful response confirms end-to-end connectivity between Snowflake Cortex and the Qlik MCP server.

Troubleshooting

OAuth redirect fails

Typically caused by a Redirect URL mismatch. Verify https://identity.snowflake.com/oauth2/callback is set in the Qlik OAuth client

mcp:execute scope error

The scope not enabled on OAuth client. Edit the OAuth client in Qlik Cloud Administration activity center and add the mcp:execute scope

Client Secret rejected

Secret was rotated or lost. Generate a new client secret and update $CLIENT_SECRET in the script

MCP Server not visible in Snowflake Intelligence

The correct role was not granted. Confirm GRANT USAGE ON MCP SERVER was executed for the user's active role.

Agent returns no results

The OAuth flow was not completed. Complete the steps in Connect to Qlik MCP in Snowflake Intelligence.

Related Content

• Connecting to the Qlik MCP server | Qlik Cloud Help
• Creating and managing OAuth clients | Qlik Cloud Help
• Snowflake External MCP Server documentation

Environment

• Qlik MCP
• Qlik Cloud

The information in this article is provided as-is and to be used at your own discretion. Depending on the tools used, customizations, and/or other factors, ongoing support on the solution described may not be provided by Qlik Support.