3 Replies Latest reply: Jun 30, 2014 8:53 AM by Giuseppe Novello RSS

    Remote Management Services and certificate trust



      We have an installed QV server that uses certificate trust for its services. Recently, we have added another server (new environment). However, I am not able to set up the Remote Management Services.

      After adding the URL, this is what I get in the logs:


      6/25/2014 11:00:13.0475564InformationNon-critical exception when trying to add new certificate service at https://acte-qa01:4799/QMS/Service:

      System.TimeoutException: The request channel timed out while waiting for a reply after 00:00:30. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The HTTP request to 'http://acte-qa01:4799/INIT/Service' has exceeded the allotted timeout of 00:00:30. The time allotted to this operation may have been a portion of a longer timeout. ---> System.Net.WebException: The operation has timed out

         at System.Net.HttpWebRequest.GetResponse()

         at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

         --- End of inner exception stack trace ---

         at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)

         at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)

         at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

         --- End of inner exception stack trace ---



      Server stack trace:

         at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

         at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

         at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

         at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)



      Exception rethrown at [0]:

         at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

         at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

         at PIX.Services.IStartService.GetMachineName()

         at QMSBackendInterface.QMSBackendService.TryAddNewCertService(Uri serviceSoapAddress, String pwd)




        • Re: Remote Management Services and certificate trust
          Giuseppe Novello

          Dear Krzysztof,


          When you mean trust certificate, I would guess that you mean "digital certificate". In that case according to

          bug# 65685- this is working as design. The reason why remote management service does not work in certificate trust mode “out of the box” is that, for every QMS installation a unique root CA certificate (QlikViewCA) and two server certificates are created (signed with the created QlikViewCA root certificate). This results in that the certificate chain verification will fail, when 2 separate QMS setups on different servers are configured to communicate with each other in trusted certificate mode (SSL).


          It is possible to work around this problem by manually assigning the same root CA certificate on both servers running the QMSs, and manually (using the shared root certificate) signing and assigning server certificates for the configured servers. The consequence of this setup is that the “QlikView Management API” group settings will not be applied, instead all QMSs with server certificates signed by the same root certificate will be able to establish remote management service setup.