You may have to allow using admin name and password and actually supply id and password in the login tab for the QVWS if you are going across domains. Basically in the QMC, you want to do the following:
Go to QlikView Server Settings Security tab. Check Allow admin using name and password.
Now go to the QlikView web server and click on the login tab. Enter the user name and password for the service account on the server running the web services.
This should do the trick. Basically whats happening is like Bill said. Since the servers are on different domains, they can't really talk to each other without authenticating service credentials. This will enable it to take place.
This is a common scenario when the web server components are placed in a DMZ and they need to talk to the QMC and QVS which is behind the firewall.
I tried the same way as you guided, but unfortunately it doesn’t work. I have also attached the log files (server information deleted) .
may be it will helpful to find some trace..
. Checked allow admin name & password
. In the login tab given the <Domain2>\service account and password
. Restarted all services.
Hello Bill & All,
I am adding the latest log of management services(in server-1). its encountered with System.TimeoutException .
Should I need to increase the timeout somewhere or other issues can be overseen ?
However QvsTimeout in config.xml of webserver is default.
Also attached the log of web server (in server-2) its showing successful connection towards server1.
Log of management services
Non-critical exception when trying to add new certificate service at https://server2:4750/QVWS/Service:
System.TimeoutException: The request channel timed out while waiting for a reply after 00:00:29.9969997. Increase the timeout value passed to the call to Request or
increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The HTTP
request to 'http://server2:4750/INIT/Service' has exceeded the allotted timeout of 00:00:30. The time allotted to this operation may have been a portion of a longer
timeout. ---> System.Net.WebException: The operation has timed out
Ok, so I see two things.
1. in the log you directed to me you received a 403 forbidden attempting an anonymous login. How is the QlikView Server security configured?
2. I notice the use of https. I assume you are using certificates to trust the communication between servers. Are all of the certificates installed properly using netsh (if using qvws) or IIS (if using IIS for qlik web services?) Have you enabled port 443 in the QlikView web server configuration?
1. I am not quite sure about the how is security configured in the servers. Would you mind to guide me how should I approach to check the security things in both the servers, Like if there is some list of checkpoints which to verify?
2.Yes, port 443 is opened in both the servers.
Hi Jeffry & All,
While I checked in the event viewer - Windows logs , of server-2 where my QVWS is installed.
There I found a warning message of source "QvWebServer" "config error - invalid default qvs: QVS@server-1"
At the time installing I changed the default Qvs to the server-1 from localhost in the config file because as per my scenario QVS is installed in server-1, So the default QVS should ref. to server-1.
Can you please suggest me if you have any experience how to handle this issue?
Is it be considered as the root cause ?
I think you are experiencing a problem because you manually fiddled with the config.xml.
1. If you are manually editing the config.xml file, it may become corrupted. You want to make changes through the QMC if possible. If the QMC can't see the web server, manually editing the config.xml won't help. To recreate the config.xml, stop the QlikView Web Server (or QlikView Settings) service, delete the config.xml, and restart the service. The config.xml will regenerate.
QVS@server-1 may not be the name of your QVS server entry in QMC. The reference in the QMC will come from the QVS. This is especially the case if you are using QlikView Web Server and not IIS to run Qlik Web Services.
What you may want to try is contacting the web service from server-1 in a browser. Open a browser and navigate to http://server-2:4750/qvws/service. If you go here and an xml response appears on the screen, then server-1 can connect to server-2 web services and your issue with being "seen" is something else.
Please refrain from fiddling directly with the config.xml unless you are trying to set up web ticketing (in which case you should be using IIS and not QlikView Web Server for web services) and need to add whitelisted IPs. The config.xml from the web server is controlled by the QVWS entry in the settings of QMC. This is where you should make changes. They will be applied to the file if access is set up properly.
Hope you are doing well there..!!
1. If the config.xml of QVWS will be regenerated automatically by restarting the QVWS then the default value of QVS and DSC in the config.xml file is referring to "Local" which is server-2, but our QVS and DSC is running from Server-1
So Please correct me If I am wrong, its need to manually change the default value of <DefaultQvs>Local</ConfigUrl> to actual QVS server name ; For my scenario 'Qvs@server1' & so with other services like DSC ??
Also Just to inform you , as I mention on my previous post about "a warning message of source "QvWebServer" "config error - invalid default qvs: QVS@server-1" . today I found there is no such error message found in the event viewer.
2. While trying from server-1 web browser "//Server-2:4750/QVWS/Service" is returned with a XML response. So as you mentioned in second point it seems to be server-1 can connect to server-2.
But still frustrating with the same error 'QVWS@server-2 is down'. Then what could be the other reason that QMS can't up QVWS.
Ok, so the good news is you see the xml response. The reason you see local and not qvs@server1 is because of this setting here:
System|QVWS Settings|AccessPoint|Server Connections. Change Local to server-1. Do this instead of changing the config.xml manually.
Now, even though you make this change, things may still not work. Can you send me screenshots of accesspoint web page before and after you make this change?
Problem is that I am able to see not more than only 'Summary' | 'General' | 'Login' tabs in the QVWS setting in QMC.
Attaching here with the screenshot of QVWS setting and QVS setting( servername(masked)!!
Also adding the latest log file of management service.
Ok, we have to go back to my original reply. Either you don't have a certificate trust between the two system (therefore https won't work) or you need to supply the user id and password for the service account on server-2 that is running the QlikView Web Server in the Login tab of the QMC entry for the web server. It's one of those two things, likely the latter as I explained earlier.
Sorry for keep you waiting for my reply. Actually I was out station those days..
Hope you are having a great time.
As you asked the root points to check;
1. I am quite sure that I verified certificate password in 'server 2' which I got in the QMC pop up window.
and that time it was showing successful. Its very strange that if certificate was verified then why "The HTTP request was forbidden with client authentication scheme 'Anonymous'. --->" is coming ?
2. Also I checked the options also in place as how you said in your previous reply.
Really its very weird