TM1 Forum

Hello everybody,

i do have a problem with TM1 Architect.

I have three different Servers. A DEV, INT and PRD Machine.
The DEV is a 10.2.2. FP 7, the other are 10.2.2 FP6 IF 1.
They all run on Windows Server 2013 R2

I can reach the Model with TM1 Architect from any of these Server to any Server.

From my Client with a 10.2.2 FP 7 Architect, and before with the 10.2.2. FP6 I can reach INT and PRD but I do not reach DEV.

As far as I can say, I am no network guy, port 5498 and 5495 are open in the internal LAN. Client and Server are in the same LAN. All Servers are installed with default ports. So I suppose it should not be a port Problem, especially everthing is reachable if it is not Client -> DEV.

I tried another client with the same result.

I am a bit puzzled how to further approach this topic. Do you have some suggestions on further testing to identify the cause of this behaviour? If there is some information missing please do ask.

Kind regards,
Sebastian

I had a problem recently, when I could not connect to all servers from Client machine with Architect. The issue was with SSL certificates. We used an automated option to update certificates on client machine, but it did not work for some reason. After we did it again manually, the problem was gone.

I am not sure that this is your case though.

The DEV version is on Fix Pack 7? Was this working before Fix Pack 7 was applied?

Have you updated the SSL certificates by adjusting applixca.pem or by switching to Tm1_cav2?

Being able to access the environment between each server confuses things but it would be good to clarify the above.

Can you access TM1Web for each instance from the client machine?

Can you ping the DEV server from the client machine?

Thank you for your answers, I was away due to Easter.

Maybe i understood something wrong, but the FP should fix that ssl Problem, so no need for manually changing the ssl?

Besides the client is working with the servers which are FP6 IF 1 where we did change the ssl certificates on the servers.

As far as I have seen via mmc all certificates are the same version.

• Yes, the DEV System is FP7 as the Client.
  No, I couldn’t reach it on Version FP6 IF 1 from the client
  All TM1 Web are reachable, the INT and PROD have a dedicated WEBHead, the DEV is a single machine Installation.
  Dev Server is pingable.
  DEV and INT Ports are the same.
  Perspective does show the same behavoiur as Architect. Here i do get an Error message that the DEV Server is "Unable to connect to TM! Admin Server".
  Path to Certificate is (FullPath)\cognos\tm1_64\bin\ssl\applixca.pem

Fix Pack 7 does resolve the SSL issue for clean installs.

Prior to Fix Pack 7 you had three choices:

- Amend admin host certificate number and update the certificate from applixca.pem to tm1_ca2.pem

- Run an update script from IBM to rebadge the existing applixca.pem script to work with existing client certificates

- Generate your own SSL certificates

The client and server had to have the same method applied or they would not connect.

My guess is that the Fix Pack 7 fix does not replicate exactly the scripted change as TM1Web works plus you can ping the server.

What method did you use to update the scripts?

architect before fix pack 5
do not show instance of service fp6 and higher...

Finally I stumbled over the issue.

I forget to use one of the #1 Rule: always double check your information.

The Windows firewall, which we usually do not use, was on. On INT and PRD somebody opened the correct ports but not on DEV. I still have no clue why it was possible to see the ports as open and why I could connect from INT and PRD to DEV.

After deactivating the Windows firewall all clients can connect to DEV.

thanks a lot four your help, it helped me to solve the issue.