TM1.Security Security upgrade performed on all processes

[Armand Mizan]

Hi All

Strange things have been happening on our service, which I have never seen before. The sequence of events is as follows

1)6:58 our service terminates unexpectedly and re-starts
2)7:08 the following appears in our server log
16268 INFO 2009-11-17 20:08:46.123 TM1.Security Security Upgrade performed on all processes
16268 INFO 2009-11-17 20:08:48.092 TM1.Server Processing private files to UTF-8

Two things happen once the service restarts, and I do not know if they are related to each other
The first is that I get several calls from irate users saying they can not log in. It appears as if the security cubes have changed, and the only user that now exists is the "Admin " user, with the default security groups. Every other user and security group has vanished into the ether.
The other thing I noticed is that every single TI Process we have has been modified at exactly 7:08. This is the time the message appears in the log file advising that a security upgrade has been performed on all services .

I restored the necessary files from backup and all appears in order now.

We have Version 9.1 SP4 on the Client but have 9.4 FP2 on the server.We did try the client rollout of 9.4 FP2 with disastorous consequences, and were forced to roll back. Not sure if this is an issue or not.

Any help or suggestions would be appreciated.

Thanks as always

Armand

[damientaylorcreata]

Hi Armand,

I had exactly the same situation occur to me on Friday! TM1 crashed and afterwards my security was missing and was seeing this message in the logs "TM1.Security Security Upgrade performed on all processes" . Have you worked out what this message means?

Regards,
Damien

[Steve Vincent]

Are you serious? using a 9.1 client with a 9.4 server?

You do realise that 9.4 was the first release in Unicode, don't you? I would stake a serious sum of money on the entire problem being related to having clients connect to a unicode server without unicode capable client software. That is certainly an unsupported configuration and the first thing i'd deal with. From the IBM documentation on 9.4;

Opening Previous TM1 Databases in TM1 9.4
Older TM1 databases are automatically converted to Unicode the first time you run them with the new TM1 9.4 server. After a database is converted, it is not backward-compatible and cannot be opened with non-9.4 TM1 servers.

Be sure to backup your existing TM1 databases before using them with the IBM Cognos TM1 9.4 release.

That warning alone would make me ensure i used the same client version as the server. What went so wrong that the 9.4 client had to be ditched?

[PWorner]

I have had a client getting the same message after upgrading from TM1 9.0 to Tm1 10.1.1, yet there is very little documentation I can find on this error message. All their TI processes are resaved updating making it look like their model has changed.

[declanr]

As Steve mentioned above (3.5 years ago) this is related to unicode conversion. By any chance did a client connect using their old 9.1 client?

[PWorner]

No they do not have any 9.0 clients (You can't connect pre 10.1 clients to 10.1 and above servers anyway)

[declanr]

You can't connect pre 10.1 clients to 10.1 and above servers anyway

I'm connected to 10.2 server right now with 9.5.2 client.

[Alan Kirk]

I have had a client getting the same message after upgrading from TM1 9.0 to Tm1 10.1.1, yet there is very little documentation I can find on this error message. All their TI processes are resaved updating making it look like their model has changed.

Which error message? The ones cited by Armand Mizan / Damian in the server log aren't error messages, they're info messages.

The one cited by Steve Vincent also isn't an error message, and doesn't need any documentation because the meaning is pretty straightforward; 9.4 onwards uses Unicode. If you load a database directory that had been used on a pre-9.4 version of the server into a 9.4 or later server, the data files will be converted to Unicode. Thereafter you can no longer load those files in a 9.1, 9.0 or earlier server. The conversion of the processes mentioned for info in the logs would be part of that conversion. (Or, alternatively, conversion to the newer security models that apply to processes which mean that they don't necessarily run with full Admin rights any more. Either way, it's a notification, not an error.)

No they do not have any 9.0 clients (You can't connect pre 10.1 clients to 10.1 and above servers anyway)

As Declan noted this is indeed possible, but it will depend on what your ClientVersionMaximum and ClientVersionMinimum server config parameters are. Not that I would encourage this (though we did run 8.2.12 clients on a 9.0 server for some time) and I would definitely not try it across the Unicode barrier as Steve said, but in practical terms it can be hard to upgrade all of the clients simultaneously with the server which is why those two parameters exist.

[Gabor]

I had a couple of instances working across the unicode barrier over months without any issue for Architect & Perspectives, including the parallel distribution of 9.0 & 9.5.x server by a 9.5.x admin server. The only exception, there is a little bug in new transaction log visualization using the old client.

However, mixing 9.0 and 9.5.x and point to a single 9.5.x admin server have avoided the usage of TM1 Web 9.5.x against that admin server.

Post 9.0 versions support SSL, so UseSSL=F needs to be added in .cfg to make those newer instances visible for older clients.

[PWorner]

Hi Alan

Which error message? The ones cited by Armand Mizan / Damian in the server log aren't error messages, they're info messages.

Yes sorry it is an info message and I mean this one:
2744 [] INFO 2014-06-23 22:37:18.877 TM1.Security Security Upgrade performed on all processes

It seems to happen every week or so that while the tm1server restarts overnight it performs the security upgrade and re-encodes the password in all .pro files and resaves them. Since they maintain TI processes under version control (Subversion/TortoiseSVN in their case), all the process files become red (modified).

Surely this should have only needed to happen once when the model was first started in 10.1.