Hi,
I am getting below error when I try to create datasource in FM or 'Data Source Connections' section in Cognos portal.
QuoteIBM Cognos 8
An error has occurred.
DPR-ERR-2079 Firewall Security Rejection. Your request was rejected by the security firewall.
CAF rejection details are available in the log. Please contact your administrator.
I have referred this https://www-304.ibm.com/support/docview.wss?uid=swg21339461 (https://www-304.ibm.com/support/docview.wss?uid=swg21339461) for the resolution of this issue but I have installed Cognos server on single machine.
There is only single Web & App Server and I have added the hostname:port entries for the same.
Any suggestion?
Hi there
What I'd suggest (if possible) is turn off caf just for testing so that you can see what the real error is.
Once you have the true error then work with this
If you cant and its a production environment, try testing via the dispatcher URI rather than the Gateway in your browser.
What database are you trying to connect to and what data source connection are you selecting?
Cheers
Peter B
Hi Peter,
I have already turned off CAF in Cognos Configuration and it started working temporarily however this is not a cognos standard to work with.
I am trying to connect to Oracle server which is installed on different server which is our Oracle database server. Actually this is SAN drive which we have map which acts as a local drive to Cognos server. TNS entries are also properly mentined in .ora file. I can connect with required database using Oracle SQL Plus from Cognos server.
I am selecting 'Oracle' as a datasource connection.
Please suggest.
Hi Shirish,
Thanks for the update. I only suggested turning off CAF as a test and then only to see the underlying error, however, if turning off CAF allows this to work then the issue is likely to be a lookup issue as CAF encrypts the requests
See CAF
http://publib.boulder.ibm.com/infocenter/c8bi/v8r4m0/topic/com.ibm.swg.im.cognos.ug_cra.8.4.0.doc/ug_cra_id10940TheCognosApplicationFirewall.html#TheCognosApplicationFirewall
You could enable tracing of the CAF error
1. Locate the ../<c8install>/configuration/ipfCAFclientconfig.xml.sample file
2. Make a copy of this file
3. Rename the copy to ipfclientconfig.xml
4. Wait about a minute then test the data source connection with CAF on.
5. Locate the ../<c8install>/logs folder and there shoulod now be a cogclient.log which should provide more details about the CAF error.
Make sure that
1. All URI settings are using an Resolvable IP address or Server name
2. The c8 services are started by a valid domain account.
Are you using Oracle as the Content store? Is this able to connect successfully as this uses JDBC rather than SQLNet
I should also ask what version of Oracle are you attempting to connect to and on which version of Cognos...
Anyway there could be other issues with this but give the above some thought and provide fedback
Cheers
Peter B
Hi Peter,
My Cognos server is in Workgroup not in domain. I have made servername entries in Cognos configuration which works as expected. I am using Cognos 8.4 with SQL Server 2005 as a content store but Oracle 10g as data source for reports.
With CAF off, I am trying to connect to Oracle for creation of new datasource it shows me below error when I test the connection.
Name:
Quotehttp://servername:9300/p2pd
Status:
QuoteFailed
Message:
QuoteHandler trace back: [the_dispatcher] com.cognos.pogo.handlers.performance.PerformanceIndicationHandler [the_dispatcher] com.cognos.pogo.handlers.logic.ChainHandler [service_lookup] com.cognos.pogo.handlers.engine.ServiceLookupHandler [load_balancer] com.cognos.pogo.handlers.logic.ChainHandler [lb_forwarder] com.cognos.p2plb.clerver.LoadBalanceHandler [mdaChainHandler] com.cognos.pogo.handlers.logic.ChainHandler [asyncMetadataServiceHandler] com.cognos.pogo.async.impl.AsyncHandler [metadataServiceHandler] com.cognos.metadataService.bibusHandler.MDSRVHandler
I get following error in cogserver.log file
Quote
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure check signature failed: passport => null
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure check signature failed: salted => true
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure invalid context id: context id => CAFW00000070Q0FGQTNjMDAwMDAwMDlGQUFBQUtacG00djVaQ3VmWUFzVFRXbWZ6cW80ZE9vclhtWFM1ZGRBWlFkMDFXVXJ2WDZXUnJGalBQQV8zNjA5ODZ8cHM_
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure check context id failed
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure check signature failed: string => 360986|ps
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure check signature failed: hmac => FAAAAKZpm4v5ZCufYAsTTWmfzqo4dOorXmXS5ddAZQd01WUrvX6WRrFjPPA_
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure unwrap and check signature failed: web64 decoded value => CAFA3c00000009FAAAAKZpm4v5ZCufYAsTTWmfzqo4dOorXmXS5ddAZQd01WUrvX6WRrFjPPA_360986|ps
IPaddress:9300 6120 2011-03-08 13:52:25.109 +10 Thread-80 caf 6008 1 Audit.dispatcher.caf Request Failure context id signature check failed: unwrap context id =>
Thanks for the details.
This logs tells me there is a permission issue with the access to the location where you are read the database from using the Cognos credentials.
When CAF is on the account creating the data source is failing to pass the session information
This is a good link to understand Authentication across the network with CAF
http://www.ibm.com/developerworks/data/library/cognos/security/cognos8_platform/page511.html?ca=drs-
Out of curiousity, are you able to make an ODBC connection to the Oracle database?
Cheers
Peter B
No, I have not tried to connect ODBC connection with Oracle. Could you please guide me how can I create and test the same?
I have uninstalled Cognos and reinstalled to the same SAN drive where Oracle is installed and it allowed me to create new Oracle data source connection keeping CAF off in Cognos Configuration. :o
Hi Shirish,
Sorry about the delay... you know.. work got in the way ;-)
Anyway thats interesting in that you installed Cognos to the SAN and it allows a connection to succeed although this was also the case with having Cognos installed else where with the CAF off. With Cognos now installed on the SAN, can you successfully test a connection to Oracle with CAF on?
Cheers
Peter B
No, it does not work with CAF 'ON' with Cognos installed on SAN drive and shows same error as mentioned at start of the post. :(
Hello SGD
Are you able to get rid of this issue? I am on 10.2.1 and getting the exact same issue, disabled the siteminder, ssl still no good. I get the error on Cognos Connection wherever I click "More", "Set Properties", "Test Connection" etc. I am also getting the same errors in the CAF logs. Please advise.
Vaibhav
Hi , I too got same firewall security rejection error while opening the Report studio. To have this issue fixed, I have uninstalled CISCO anyconnect. Now, i am good to go with.
Thank you,
GVSP