Troubleshooting
Problem
Error while running the GitInit command (through REST API) to initialize Git Integration:
Error code 289:
TM1 Git failed to connect to remote. Reason: TM1 Git network connection failed.
Cause
During the GitInit operation, TM1 Server is trying to reach the Git provider, by using the provided parameters sent through the "POST /api/v1/GitInit {...}" command. This process is described in the official documentation:
The "TM1 Git network connection failed" error occurs when TM1 is unable to connect to the Git provider: the most probable cause is that the certificate chain of trust was not correctly imported into the TM1 Data Tier keystore (ibmtm1.kdb by default).
If the Git integration was previously working, and if the certificate chain of trust in the keystore is valid (from TM1 point of view), that means there was probably a recent change in the certificate chain on the Git provider side. In that case, the old certificate chain of trust must be removed from keystore, and the new one must be imported instead.
Resolving The Problem
1) On the TM1 Admin Server and TM1 Server side, confirm the path and name of KDB keystore.
On TM1 Admin Server side: in Cognos Configuration, in /Environment /TM1 Admin Server, verify the path and name of the keystore file, in "Key database location" property.
On TM1 Server side: open "tm1s.cfg" and search for a "keyfile" parameter. If it exists, then take note of that path. If it does not exist, then the default value is used.
The default keystore path and name is:
C:\Program Files\ibm\cognos\tm1_64\bin64\ssl\ibmtm1.kdb
2) Download all certificates from the Git provider.
The method varies depending on the web browser that is used.
In all cases, it starts with connecting to the Git provider website, and click the lock icon next to the address bar.
For Chrome and Edge:
-Click the lock icon
-Click "Connection is secured"
-(Chrome) click "Certificate is valid" ==> the certificate is displayed
-(Edge) click "Show certificate" icon on the right side ==> the certificate is displayed
-Click "Details" tab and click "Copy to file" button ==> save the file in Base-64 format.
-Click "Certification path" tab
-Double-click each CA certificate in the chain of trust, and export each of them in Base-64 format, by using the same method.
For Firefox:
-Click the lock icon
-Click "Connection secure"
-Click "More information"
-Click "View certificate" button ==> certificate is displayed in a new tab
-Scroll down to the "Miscellaneous" section: from the "Download" line, right-click "PEM (cert)" and "PEM (chain)" and use "Save link as" in order to save the certificate and the certificate chain of trust. The chain of trust file contains, in that order: the Git provider certificate, the intermediate certificate authority (CA) certificate, the root certificate authority (CA) certificate. From that file, create distinct files for the intermediate and the root certificates, just by copying and pasting them into distinct text files.
3) Delete old Git provider certificates from TM1 keystore: Git provider certificate, intermediate(s) CA certificate(s), root CA certificate.
cd <tm1_64>\bin64
List certificates in order to get their names (replace the -db parameter by your own if needed):
.\gsk8capicmd_64.exe -cert -list -db ".\ssl\ibmtm1.kdb" -stashed
Delete certificates:
.\gsk8capicmd_64.exe -cert -delete -db ".\ssl\ibmtm1.kdb" -stashed -label GIT_NAME
.\gsk8capicmd_64.exe -cert -delete -db ".\ssl\ibmtm1.kdb" -stashed -label INTERM_CA_NAME
.\gsk8capicmd_64.exe -cert -delete -db ".\ssl\ibmtm1.kdb" -stashed -label ROOT_CA_NAME
4) Import the certificate chain of trust: root CA certificate, intermediate(s) CA certificate(s), Git provider certificate.
.\gsk8capicmd_64.exe -cert -add -db ".\ssl\ibmtm1.kdb" -stashed -file ROOT_CA_CERT_FILE -label ROOT_CA_NAME -format ascii -trust enable
.\gsk8capicmd_64.exe -cert -add -db ".\ssl\ibmtm1.kdb" -stashed -file INTERM_CA_CERT_FILE -label INTERM_CA_NAME -format ascii -trust enable
.\gsk8capicmd_64.exe -cert -add -db ".\ssl\ibmtm1.kdb" -stashed -file GIT_CERT_FILE -label GIT_NAME -format ascii -trust enable
5) Verify the certificate chain of trust is OK.
.\gsk8capicmd_64.exe -cert -validate -db ".\ssl\ibmtm1.kdb" -stashed -label GIT_NAME
6) Finally, run the GitInit command again.
Use the official documentation previously provided.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD29G","label":"IBM Planning Analytics"},"ARM Category":[{"code":"a8m3p000000LQtUAAW","label":"Planning Analytics"},{"code":"a8m50000000KzK7AAK","label":"Planning Analytics-\u003ESecurity-\u003ESSL"},{"code":"a8m3p000000PC9RAAW","label":"Planning Analytics-\u003EServer Data Tier-\u003EInstall Configure Upgrade Backup"},{"code":"a8m3p000000PCEBAA4","label":"Planning Analytics-\u003EServer Data Tier-\u003ETM1 Rest Api"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 May 2022
UID
ibm16584327