I am trying to use the example as found in the SDK Docs and attempting to connect to the QMS API but keep getting the error:
> The HTTP request was forbidden with client authentication scheme 'Anonymous'.
I am trying to connect to the QMS API on a developer machine which is on a different network. I installed the certificates on the developer machine by exporting on the Qlikview server and importing on the dev box. Any ideas how I can connect to the QMS API remotely?
This morning I signed in as the user which runs the Qlikview Services. I noticed that the user didn't have the certificates stored in the personal section. I imported them and it works perfectly. Unfortunately no other users (even though they have the certificates are working).
Remotely (so a computer on a different network) still receives the same error. Do you know if the Qlikview Services are designed to work across multiple works?
The other users needs to be in the suggested security groups mentioned above. Yes, the QlikView Services should work with API tools across networks, especially within the same domain. Across domains you might encounter some permissions issue outside of QlikView, but if it works in general then it works for QlikView too. Ensure that the ports are open and connectable. See QlikView Ports for more information.
The Service Account and Administrator user are in identical groups and settings. Its on the local server box so surely that should affect it? All ports are open and still the same result. Is there a recommended method to export the certificates from one user and import to another?
If it works for those account and they are in those groups locally, then that would explain why it works for them. Add other service/user accounts in those groups in order to get this to work, and export/import the private certificates on the other machine where you want it to work. You need a certificate to get inside of the "trusted zone" of the QMC and the other service. Without it, you have no possibility to communicate. The certificates are used to build trust.
I deleted all certificates.. Rebooted a number of times and allowed Qlikview to recreate all the certificates. It appeared when I did the original export of certificates under the *administrator* account I should of exported it under the user that runs the Qlikview services. To resolve the problem:
Signed in to the server desktop as the user who runs the services (in > this case "QlikviewUser")
Load up MMC.exe :: Certificates :: Local Computer (not personal or service)
Exported all 3 Certificates with Private Key (Private key isn't available under any other user). If you export them as another user it'll export them successful but its not including the private key.. So it has to be signed in as the user who runs the Qlikview Services and under Local Computer. I did try giving the Administrator user access to the private key under Local Computer but this didn't resolve the problem.
Sign in as the Administrator User or whatever user you want to use the API under to the Desktop
Go to MMC :: Certificates :: Personal
Import all 3 certificates.
This is how I got it to work under other users on the local server box. Previously, all the certificates were marked as valid and were installed following the Qlikview manual line by line. It seems as if this "functionality" hasn't been documented very well.
To get it working remotely, I added the Qlikview Server's name in my hostfile and added the certificates to the Local Computer and Personal times. After this it resolved itsself.
Only challenge yet is how to configure the API in Qlikview to use a FQDN instead of a computer hostname.