Forum Stats

  • 3,827,893 Users
  • 2,260,838 Discussions
  • 7,897,402 Comments

Discussions

Eas Console connect to EssbaseCluster-1:secure

rpc1
rpc1 Member Posts: 1,503
edited May 31, 2019 7:03AM in EPM System Infrastructure

Hi!

I have Essbase 11.1.2.4 which build as Active/Passive cluster (Based on Microsoft Cluster)

Both ports are open (ssl and not secure), but why connection to EssbaseCluste-1:secure  uses port 1423 ?

pastedImage_0.png

Error: 103: Unexpected Essbase error 1030818

Error: 1040142: NZERROR: nzos_Handshake failed(28862)

Error: 1042006: Network error [0]: Failed to connect to

Connection to server_name:secure works fine ?

Regards,

Dmitry

Tagged:

Answers

  • JohnGoodwin
    JohnGoodwin Member Posts: 30,471 Blue Diamond
    edited May 29, 2019 11:55AM

    It shouldn't. this is what I see

    pastedImage_0.png

    When using the cluster name the information is usually retrieved from the EPM registry, maybe there is an issue there?

    Cheers

    John

    rpc1
  • rpc1
    rpc1 Member Posts: 1,503
    edited May 30, 2019 7:27AM

    Ok, I  try to debug with sql profiler.

  • rpc1
    rpc1 Member Posts: 1,503
    edited May 31, 2019 3:55AM

    Investigation shows that problem in Active/Passive cluster  it gets port from ESS_FAILOVER_ACTIVE_NODE_VIEW.

    For standalone servers EAS connects to the right port 6423

  • JohnGoodwin
    JohnGoodwin Member Posts: 30,471 Blue Diamond
    edited May 31, 2019 4:32AM

    So the ESS_FAILOVER_LEASE_OWNER table is incorrectly populated, I thought this was driven by either the EPM registry or Essbase config, has the config been setup to only use SSL?

  • rpc1
    rpc1 Member Posts: 1,503
    edited May 31, 2019 6:02AM
    has the config been setup to only use SSL

    Not, both ports availible, when I configured only ssl I faced problem with SharedServices  application group EssbaseCluter-1  tries to connect to 1423 port, therefore I enabled both mode (secure and not secure)

    I think problem not in ESS_FAILOVER_LEASE_OWNER it shows  to port, secure and plain - problem in eas it takes only plain port

    pastedImage_0.png

  • iArchSolutions-Joe
    iArchSolutions-Joe Member Posts: 133 Red Ribbon
    edited May 31, 2019 6:48AM

    Hi rpc1 - your comment "when I configured only ssl I faced problem with SharedServices  application group EssbaseCluter-1" - You might be able to fix that by adding those TLS statements to the FoundationServices0 (or whatever you WebLogic Managed Services name is for Shared Services).  This should correct the Shared Services connection issues and you will be able to access EssbaseCluster-1:secure. You defiantly do not need to have both secure and non secure ports enabled. Sort of defeats the purpose of SSL enabling things.

    The fix was to add the line:

    -Dolap.server.ssl.supportedProtocols=TLSv1,TLSv1.1,TLSv1.2

    To the Utility.bat JAVA_OPTIONS section if running LCM from a command line.

    You should also modify the APS WebLogic Managed Server and FoundationServices Managed Server registry windows registry settings and add a new JVMOption and update the corresponding JVMOptionCount to increase the number to the new required value:

    -Dolap.server.ssl.supportedProtocols=TLSv1,TLSv1.1,TLSv1.2

    This allows FoundationServices (LCM) and Provider Services (APS)_ connections to downgrade their cipher level to support deprecated protocols.

  • rpc1
    rpc1 Member Posts: 1,503
    edited May 31, 2019 7:03AM

    @iArchSolutions-Joe  thanks for comment, but I make some tests, problem not  in TLS,

    When I have only ssl  and  click on the EssbaseCluster-1 application group in HSS,  watch how FoundationService tried to connnect EssbaseServer:1423 instead of 6423.

    I enabled SQL profiler and found that it takes port from [ESS_FAILOVER_ACTIVE_NODE_VIEW] column PORT_NUMBER. It didn't takes  SECURE_PORT_NUMBER,

    For the mentioned problem I changed view and set PORT_NUMBER = SECURE_PORT_NUMBER - it solved problem with EAS, but not in Shared Services.