7 Replies Latest reply on May 31, 2019 11:03 AM by rpc1

    Eas Console connect to EssbaseCluster-1:secure

    rpc1

      Hi!

      I have Essbase 11.1.2.4 which build as Active/Passive cluster (Based on Microsoft Cluster)

      Both ports are open (ssl and not secure), but why connection to EssbaseCluste-1:secure  uses port 1423 ?

       

      Error: 103: Unexpected Essbase error 1030818

      Error: 1040142: NZERROR: nzos_Handshake failed(28862)

      Error: 1042006: Network error [0]: Failed to connect to

       

      Connection to server_name:secure works fine ?

       

      Regards,

      Dmitry

        • 1. Re: Eas Console connect to EssbaseCluster-1:secure
          JohnGoodwin

          It shouldn't. this is what I see

          When using the cluster name the information is usually retrieved from the EPM registry, maybe there is an issue there?

           

          Cheers

           

          John

          1 person found this helpful
          • 2. Re: Eas Console connect to EssbaseCluster-1:secure
            rpc1

            Ok, I  try to debug with sql profiler.

            • 3. Re: Eas Console connect to EssbaseCluster-1:secure
              rpc1

              Investigation shows that problem in Active/Passive cluster  it gets port from ESS_FAILOVER_ACTIVE_NODE_VIEW.

              For standalone servers EAS connects to the right port 6423

              • 4. Re: Eas Console connect to EssbaseCluster-1:secure
                JohnGoodwin

                So the ESS_FAILOVER_LEASE_OWNER table is incorrectly populated, I thought this was driven by either the EPM registry or Essbase config, has the config been setup to only use SSL?

                • 5. Re: Eas Console connect to EssbaseCluster-1:secure
                  rpc1

                  has the config been setup to only use SSL

                  Not, both ports availible, when I configured only ssl I faced problem with SharedServices  application group EssbaseCluter-1  tries to connect to 1423 port, therefore I enabled both mode (secure and not secure)

                   

                  I think problem not in ESS_FAILOVER_LEASE_OWNER it shows  to port, secure and plain - problem in eas it takes only plain port

                   

                  • 6. Re: Eas Console connect to EssbaseCluster-1:secure
                    iArchSolutions-Joe

                    Hi rpc1 - your comment "when I configured only ssl I faced problem with SharedServices  application group EssbaseCluter-1" - You might be able to fix that by adding those TLS statements to the FoundationServices0 (or whatever you WebLogic Managed Services name is for Shared Services).  This should correct the Shared Services connection issues and you will be able to access EssbaseCluster-1:secure. You defiantly do not need to have both secure and non secure ports enabled. Sort of defeats the purpose of SSL enabling things.

                     

                    The fix was to add the line:

                     

                    -Dolap.server.ssl.supportedProtocols=TLSv1,TLSv1.1,TLSv1.2

                     

                    To the Utility.bat JAVA_OPTIONS section if running LCM from a command line.

                     

                    You should also modify the APS WebLogic Managed Server and FoundationServices Managed Server registry windows registry settings and add a new JVMOption and update the corresponding JVMOptionCount to increase the number to the new required value:

                     

                    -Dolap.server.ssl.supportedProtocols=TLSv1,TLSv1.1,TLSv1.2

                     

                    This allows FoundationServices (LCM) and Provider Services (APS)_ connections to downgrade their cipher level to support deprecated protocols.

                    • 7. Re: Eas Console connect to EssbaseCluster-1:secure
                      rpc1

                      iArchSolutions-Joe  thanks for comment, but I make some tests, problem not  in TLS,

                      When I have only ssl  and  click on the EssbaseCluster-1 application group in HSS,  watch how FoundationService tried to connnect EssbaseServer:1423 instead of 6423.

                      I enabled SQL profiler and found that it takes port from [ESS_FAILOVER_ACTIVE_NODE_VIEW] column PORT_NUMBER. It didn't takes  SECURE_PORT_NUMBER,

                      For the mentioned problem I changed view and set PORT_NUMBER = SECURE_PORT_NUMBER - it solved problem with EAS, but not in Shared Services.