Troubleshooting
Problem
After changing the Cognos Configuration URIs for dispatcher and content manager to use SSL (https://), no logon screen is displayed or a CFG-ERR-0103 error occurs on starting the services.
Symptom
After changing the cogstartup.xml file to use https:// URIs, a blank screen is being seen with no errors in the HTML responses. Possibly a CFG-ERR-0103 error on starting the services can be an indication of incorrect IP addresses or hostname.
Cause
- The server's hosts file is being referenced before DNS resolution and FQDN values are not being returned.
- The Subject Alternative Name is not set properly in the Certificate
- The DNS has more than one Alias record and the one used in the Certificate is not the first response. This type of issue is common in Virtual Environments.
Environment
This issue can happen in any operating system.
Diagnosing The Problem
After starting the Cognos Analytics instance, review the cognosserver.log file for clues to the issue.
- If you are seeing references to another hostname, it could be a DNS issue.
- If you are seeing errors in Chrome or Firefox mentioning Subject Alternative Name, the cert does not have the correct SAN values.
- If you are seeing different than expected IP addresses being used or the hostname could not be resolved, check the hosts file of the server.
Resolving The Problem
In the Installation Documentation, it states that the Fully Qualified Domain Names (FQDN) be used provisioning names in the ../bin64/cogconfig.sh or ..\bin64\cogconfigW.exe tool. Normally your DNS is able to resolve the server name to the correct IP address. However, it is possible to use the local host's file /etc/hosts or C:\Windows\System32\drivers\etc for this purpose, this technique can be the source of later problems.
The format is:
IP address server.domain.tld server
127.0.0.1 myserver.work.com myserver
192.168.0.2 myserver.work.com myserver
192.168.0.2 myserver.work.com myserver
If the file is not formatted correctly or has an old IP address, an incorrect IP address can be used and interfere with the proper operation of the software. It could also cause a rejected connection with the SSL / TLS negotiation process, by returning just the server name not FQDN.
For the correct SAN to be added to your certificate, you need to consult with your certificate authority, at minimum it include the server's DNS Alias and its IP address. Adding other Alias names and CNAMES can also help in some scenarios.
If you are using a VM, check to see which Alias is returned by the command doing a reverse lookup of the IP address. Use the command 'nslookup' to find the Alias for your VM.
- nslookup 127.0.0.1
or
- nslookup 10.0.0.1
Use the Alias that is returned along with the IP address in the certificate CN and SAN.
Related Information
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"ARM Category":[{"code":"a8m50000000Cl6sAAC","label":"Installation and Configuration->Cognos Configuration"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
03 September 2021
UID
ibm16447151